Trust anchor retrieval 11 September 2017 - 11 October 2017
There is an issue for new installations between 11 September and 11 October 2017
with Unbound versions prior to 1.6.5 (1.6.4 or older). The KSK2017 will be added
in the ADDPEND state for 30 days (RFC 5011) and will not be in the VALID
state on 11 October.
All is fine for trust anchor files created before 11 September and
after 11 October 2017, in any Unbound version.
Solution for the period of 11 September to 11 October 2017
You have two options: update to Unbound 1.6.5, or download the trust anchor file from the
Update to Unbound 1.6.5
Delete the root.key file with
, then run
(1.6.5 or later) to create the root.key file again.
You can verify that worked by checking that
both keys have the string VALID in the newly created root.key file.
Download the trust anchor file from the Unbound website
If updating to Unbound 1.6.5 is not possible, a trust anchor file
containing the two VALID keys can be fetched from: