Maintained by: NLnet Labs

[Unbound-users] DNSSec validation

Nikos Mavrogiannopoulos
Wed Oct 3 09:58:04 CEST 2012


Hello,
 I'm trying to work with the DNSSec validation example in the unbound
tutorial [0]. My issue is that at some point it calls:
ub_ctx_add_ta_file() with a file called "keys" and that according to
the comment this is the "public keys for DNSSEC verification". However
what does that exactly mean? How do you obtain this list? I have a
high level  understanding of dnssec, and I'd expect that if I set
there the file /etc/unbound/root.key it should be able to verify any
domain, is that correct? (it doesn't seem to work)

regards,
Nikos

[0]. http://www.unbound.net/documentation/libunbound-tutorial-6.html