Getting error messages, DNSSEC appears to be working nevertheless

Beeblebrox zaphod at berentweb.com
Mon Jul 24 16:57:39 UTC 2017


Hi Wouter & thanks for the insight.

I apparently overlooked some items when going through the /var/unbound/unbound.conf settings. I had (root-hints: "/var/unbound/root.hints") commented out, so I no longer need this flag in /etc/rc.conf: "-r '/var/unbound/root.hints'"

I took out the "-a" flag, but that did not solve the error message.
I then disabled (auto-trust-anchor-file: "/var/unbound/root.key") as well (no auto-trust anywhere), and the error went away:
libunbound[64349:0] notice: init module 0: validator
libunbound[64349:0] notice: init module 1: iterator
unbound[65656:0] notice: init module 0: validator
unbound[65656:0] notice: init module 1: iterator
unbound[65656:0] info: start of service (unbound 1.6.2).

I did not see mentioned error before adding below line to etc/rc.conf
unbound_anchorflags="-C /var/unbound/unbound.conf"
I assume when used, anchorflags setting auto-detects what it's supposed to do, and dislikes other inputs.

Thanks & Regards.

-- 
HardenedBSD_amd64_12-Current_RadeonKMS
Please CC my email when responding, mail from list is not delivered.



More information about the Unbound-users mailing list