Maintained by: NLnet Labs

[Unbound-users] DNSSec validation

Robert Edmonds
Thu Oct 4 19:43:23 CEST 2012

Ondrej Mikle wrote:
> - Some distros like Fedora, RHEL and clones distribute unbound with root
> anchors, some like Debian/Ubuntu don't. But I generally wouldn't count on the
> key being present on a typical user's machine.

it's true that we (debian) don't distribute a root anchor _file_
embedded in the unbound package, but we invoke unbound-anchor in the
postinst script, so a typical/successful install will have the root TA
present in /var/lib/unbound/root.key.

Robert Edmonds
edmonds at