Maintained by: NLnet Labs

[Unbound-users] Not sure if and why DNSSEC not working

Jaap Akkerhuis
Mon Jun 23 17:08:24 CEST 2014


    Using unbound v_1.4.22 on different LAN IP (my resolv.conf points to
    192.168.2.xx as DNS resolver, a VM on the LAN). syslog from unbound
    startup shows key & hints files being read. But, neither "drill -TD
    -k /var/unbound/root.key" nor web-based checks show active DNSSEC (for
    ex http://dnssec.vs.uni-due.de/ gives "No, your DNS resolver does NOT
    validate DNSSEC signatures"). unbound.conf has no forward-zones.
    
Shouldn't that be  /etc/unbound/root.key? That is what man drill tells
me.

	jaap