Maintained by: NLnet Labs

[Unbound-users] DNSSEC problems

David Benfell
Sun Jun 10 20:59:38 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jan-Piet,

On 06/10/12 03:58, Jan-Piet Mens wrote:
> local-zone: 127.in-addr.arpa. nodefault

So I added this, restarted unbound, then did:

atlanta# su unbound "/usr/sbin/unbound-anchor -a /etc/unbound/root.key -v"
atlanta# rc.d restart unbound ; tail -f /var/log/everything.log
:: Stopping unbound daemon

                                                  [DONE]
:: Starting unbound daemon

                                                  [DONE]
Jun 10 11:55:47 atlanta unbound: [30792:0] info: histogram of
recursion processing times
Jun 10 11:55:47 atlanta unbound: [30792:0] info: [25%]=0.01536
median[50%]=0.028672 [75%]=0.0503223
Jun 10 11:55:47 atlanta unbound: [30792:0] info: lower(secs)
upper(secs) recursions
Jun 10 11:55:47 atlanta unbound: [30792:0] info:    0.008192    0.016384 6
Jun 10 11:55:47 atlanta unbound: [30792:0] info:    0.016384    0.032768 6
Jun 10 11:55:47 atlanta unbound: [30792:0] info:    0.032768    0.065536 7
Jun 10 11:55:47 atlanta unbound: [30792:0] info:    0.131072    0.262144 1
Jun 10 11:55:47 atlanta unbound: [30792:0] info:    0.262144    0.524288 1
Jun 10 11:55:49 atlanta unbound: [30928:0] notice: init module 0:
validator
Jun 10 11:55:49 atlanta unbound: [30928:0] notice: init module 1: iterator
Jun 10 11:55:49 atlanta unbound: [30928:0] info: start of service
(unbound 1.4.17).
Jun 10 11:55:49 atlanta unbound: [30928:0] info: failed to prime trust
anchor -- DNSKEY rrset is not secure . DNSKEY IN
Jun 10 11:55:49 atlanta unbound: [30928:0] info: failed to prime trust
anchor -- DNSKEY rrset is not secure . DNSKEY IN
Jun 10 11:55:49 atlanta unbound: [30928:0] info: failed to prime trust
anchor -- DNSKEY rrset is not secure . DNSKEY IN
Jun 10 11:55:49 atlanta unbound: [30928:0] info: failed to prime trust
anchor -- DNSKEY rrset is not secure . DNSKEY IN
Jun 10 11:55:49 atlanta unbound: [30928:0] info: failed to prime trust
anchor -- DNSKEY rrset is not secure . DNSKEY IN
Jun 10 11:55:49 atlanta unbound: [30928:0] info: failed to prime trust
anchor -- DNSKEY rrset is not secure . DNSKEY IN
Jun 10 11:55:49 atlanta unbound: [30928:0] info: validation failure <.
DNSKEY IN>: no signatures from 127.0.0.1 for trust anchor . while
building chain of trust

And it is as before.

Thanks!
- -- 
David Benfell
benfell at parts-unknown.org


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP1O6aAAoJELT202JKF+xpZCAQAIRSnIH3oZWkJN/4H7q8izz8
9HD3NAzFrU9SgJBun8J8yG7OVhE6beYIKDDK3FOvL9fVPWJTJlvmLHo7IV6h7Oro
s0A11bZSc5SQqv8vBEJZROvtBG8+RH4lGvlXuknBizWe58rDPqfMGy6ItQRBh9Mm
2WeMk6z4VtjHtd5W6GHn4lXL6mfMCwf19rAdj2Tmwq0k16gBcXdufSP0E0acmLLk
2mqBft3Zn9N3QMyUuxJjguUGxNOBK8/VKjxpulrbxpVOdIugrnaa/mLuTFDoRyLx
nej+lIvmfp/gJ3+cwk1Ncx/MiW9qiP91QgnFhIJLDXdIhRhaWdQEhgVqS1pMhrwh
emUBxfjiDBKE0kj5T+3ilFOtaBmfE/dXXPdolSWGcJKVH0UzIAN7GQoGWSHVSt0N
ZOYSvPUgVezbKqVVwJLSa+c/Q7P1eILSMz4TY5LtGtMe38Tanz1Mm1lDksFLCjd/
5ssjXMON5ZqreNw/UlhPvTSVYMVAjL7IbtqFs6TS0Z9++Wd0gQJFIHjjS4Mmtakz
AzNw+w6Kiv8YObCsDi2jwyQcwNgFjP/y1ouFqy+uX9inq2xG5fZ+hSJpR4czZy4q
FwMgE2c33rXNeG2bBrbdqNrGPEnwchqO5b7uBnbK+RdRZdQ+Jvub8Y3bJiNTT1o/
hD6L9CQuJXHdHK7Yoy1k
=jZvK
-----END PGP SIGNATURE-----