Maintained by: NLnet Labs

priming and dnskey

Thu Aug 3 14:14:59 CEST 2017

On Thu, 3 Aug 2017 09:08:52 +0200
"W.C.A. Wijngaards via Unbound-users" <unbound-users at> wrote:

> Hi T.Suzuki,
> Do you have prefetch-key enabled still?  It causes the DNSKEY to be
> prefetched.  If so, that would just be extra data in the cache, and not
> hamper KSK rollovers.

I do not enable any key configuration.

unbound 1.6.3 (FreeBSD 11.0-RELEASE pkg)

	verbosity: 1
	msg-cache-size: 8m
	rrset-cache-size: 8m
	access-control: allow
	logfile: "unbound.log"
	log-queries: yes
	root-hints: "named.cache"
	unwanted-reply-threshold: 100000
	do-not-query-localhost: no
	# prefetch-key: no
	module-config: "iterator"
        # auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
        # trust-anchor-file: ""

	control-enable: yes

# tshark -n port 53
Capturing on 'em0'
    1   0.000000 →  DNS 70 Standard query 0xca87 NS <Root> OPT
    2   0.015573 → DNS 1139 Standard query response 0xca87 NS <Root> NS NS NS NS NS NS NS NS NS NS NS NS NS RRSIG A A A A A A A A A A A A A AAAA 2001:503:ba3e::2:30 AAAA 2001:500:200::b AAAA 2001:500:2::c AAAA 2001:500:2d::d AAAA 2001:500:a8::e AAAA 2001:500:2f::f AAAA 2001:500:12::d0d AAAA 2001:500:1::53 AAAA 2001:7fe::53 AAAA 2001:503:c27::2:30 AAAA 2001:7fd::1 AAAA 2001:500:9f::42 AAAA 2001:dc3::35 OPT
    3   0.015879 →   DNS 70 Standard query 0x6795 DNSKEY <Root> OPT
    4   0.130131 → DNS 1181 Standard query response 0x6795 DNSKEY <Root> DNSKEY DNSKEY DNSKEY RRSIG OPT