Maintained by: NLnet Labs

[Unbound-users] Not sure if and why DNSSEC not working

Beeblebrox
Tue Jun 24 14:45:26 CEST 2014


Hi Michael,

> 1) unbound-anchor -a /var/unbound/root.key
> 2) fetch ftp://ftp.internic.net/domain/named.cache and save the file
> as root.hints 3) fetch http://ftp.isc.org/www/dlv/dlv.isc.org.key and
> setup the configuration in your unbound.conf dlv-anchor-file:
> "/var/unbound/dlv.isc.org.key"

I had steps 1&2 already done, but not #3. I also have root.hints being
fetched periodically by cron job and I added the dlv key file to that
script. No need to do that for the anchor file since
"AUTO-trust-anchor-file" (rather than trust-anchor-file) instructs
unbound to run "unbound-anchor" each time.

dnscrypt-proxy definitely NOT working with DNSSEC though. Works if
DNSSEC is not enabled in unbound.

Thanks for the help & regards.

-- 
FreeBSD_amd64_11-Current_RadeonKMS