Maintained by: NLnet Labs

[Unbound-users] DNSSec validation

W.C.A. Wijngaards
Wed Oct 3 14:35:46 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Nikos,

On 10/03/2012 02:03 PM, Nikos Mavrogiannopoulos wrote:
> On Wed, Oct 3, 2012 at 10:58 AM, W.C.A. Wijngaards
> <wouter at nlnetlabs.nl> wrote:
> 
>> The trust anchor was working all along, just fine.
> 
> Is there some portable way to obtain a DNSSEC trust anchor in a 
> system? It seems that unlike the other functions which set a
> default

portable?  I cannot help you with this, perhaps authors of those
systems can provide you with their answers.

> when NULL, the NULL value in the _ta_file() causes a crash.
> Otherwise is checking for /etc/unbound/root.key a sensible
> default?

The unbound-anchor tool has a default and can be used to also keep
this key up to date.  It is meant to be used by the operating system
(e.g. run at startup time), but you could also run it to get a key for
your program.

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQbDEiAAoJEJ9vHC1+BF+NDo4P+wYxOwLz1Wp6vOATgPCUCEIZ
V2uv9YfqOQ6Ev+El7L8K472I9V66Hx6dKHvBwKpvzYSbAz2PDpX6KoAQlZ0JBSp6
Y1H+vr9ZVbOhm7d+u41PIIEd4PFBjdoGbsrRBJagMzxE1qqv7dmmZ7WtyGTL3l4H
Bp7TDdxVoan/C9VaJ3U/snhQGJuPSJf/3xXTx8/AwKFfI450A9j/paRMDmakjz7a
/AIvuCnzXsb7EHCWccpPqNZkkrMJd+4FzKTrc9fJfrWfZNAlQ55YFZ3cweFpS1Ne
aRfUcihF0a/AHz2x97LNsdl7uychBKApY/PxAoqMpouD9J6HOc3w/ccAeYUgEQPF
i73CjXf61yDUfRPZB91F5sebSJGvIVxnPCM2ApfXuj/lD9BpKtrnjyHxtpuNZSS5
mwLXGzNB0Vk+fV4iPYqoSKD789XD9W3gGXeUwmgDmvY6WZA8ZLs8djmzodOaXW2m
3q2XaPKyYadIrKwbwPEaufDs0j/hk7TaVOXlw01EWYmAQvkwbIsu9EN/3ez6blpL
OTsFnUFWFKc/HTF/uDLYfJNvw3+FVc4UsP+B8A6UVmGttFLMbiMwIdWjOooRnP9M
6qQ5KPRL066/y2OG5ZajEfLuVqcVXfcEpNQvFLUVYrKyk9PuSfZJTUgb2e+95m4v
h5ZnTjPIPJoNzsAwX3ex
=urNj
-----END PGP SIGNATURE-----