Maintained by: NLnet Labs

Trust anchor retrieval 11 September 2017 - 11 October 2017


There is an issue for new installations between 11 September and 11 October 2017 with Unbound versions prior to 1.6.5 (1.6.4 or older). The KSK2017 will be added in the ADDPEND state for 30 days (RFC 5011) and will not be in the VALID state on 11 October. All is fine for trust anchor files created before 11 September and after 11 October 2017, in any Unbound version.

Solution for the period of 11 September to 11 October 2017

You have two options: update to Unbound 1.6.5, or download the trust anchor file from the Unbound website.

Update to Unbound 1.6.5

Delete the root.key file with rm root.key, then run unbound-anchor (1.6.5 or later) to create the root.key file again. You can verify that worked by checking that both keys have the string VALID in the newly created root.key file.

Download the trust anchor file from the Unbound website

If updating to Unbound 1.6.5 is not possible, a trust anchor file containing the two VALID keys can be fetched from: