Maintained by: NLnet Labs

What format does ub_ctx_add_ta expect?

Riccardo Spagni
Sat Jan 16 21:05:31 CET 2016


Hi all,

   We've been using ub_ctx_add_ta() in libunbound to manually include the
root trust anchor in Monero (because there's no standard for storing the
root trust anchor, and Windows users almost definitely won't have one).
This worked for ages, but as of a few months ago the following error occurs:

[1452966957] libunbound[15265:0] info: warning: unsupported algorithm for
trust anchor . DNSKEY IN
[1452966957] libunbound[15265:0] warning: trust anchor . has no supported
algorithms, the anchor is ignored (check if you need to upgrade unbound and
openssl)

   We figured it would resolve itself with some future version of
libunbound, but as of 1.5.8 (git head) from a few weeks ago it is still not
working.

   This is the hard-coded anchor:
https://github.com/monero-project/bitmonero/blob/master/src/common/dns_utils.cpp#L87

   And this is the snippet where we add the anchor using ub_ctx_add_ta():
https://github.com/monero-project/bitmonero/blob/master/src/common/dns_utils.cpp#L229

   Any suggestions? Is it expecting a different format for that anchor?
Thanks!

Riccardo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20160116/9cc74bfe/attachment.html>