Maintained by: NLnet Labs

[Unbound-users] old unbound, DNSSEC verification broke today

Phil Pennock
Thu Mar 7 08:36:04 CET 2013


Replying on-list, because you solved it.

On 2013-03-06 at 23:19 -0500, Olafur Gudmundsson wrote:
> check the date on the router
> I need to reboot my router regularly due to cock skew. 

Good call.  "Tue Nov 27" -- impressive it lasted as long as it did.

ntpd is supposed to be running and my installation notes log my setting
it up.  "opkg install ntpdate", an ntpdate run later, re-enable
"auto-trust-anchor-file" in unbound.conf, and I have DNSSEC validation
running again.

% host www.dnssec-failed.org
Host www.dnssec-failed.org not found: 3(NXDOMAIN)

Thank you!

I also feel stupid for not noticing the date on the router. :(

ntpd is running once more, router is at stratum 3, DNSSEC working.  Oh,
and syslog is being sent off the router, which it wasn't when I set
things up, so if this recurs I may actually have a history I can
examine.

-Phil