[nsd-users] nsd can't bind udp socket: Address already in use
zongo saiba
zongosaiba at gmail.com
Wed Jul 10 19:25:39 UTC 2013
On 10/07/2013 19:32, Rick van Rein (OpenFortress) wrote:
> Hi,
>
>> I know Rick answered me once already on this: But the fact that i validate DNSSEC with known good RRSIG would that mean its safe to ignore ? I think I did not quite get the meaning of the answer from Rick. My apologies for that :)
> The unbound daemon is trying to download the trust anchor for the entire Internet. You are not permitting it to save that. I suppose it will continue to work with a memory-stored version, but it'll be risky every time you restart Unbound, because at that time it probably accepts whatever is offered at that time. Normally, it would find the root key among its configuration files and have a solid anchor point.
>
> You should download it manually, verify it, and install it in /usr/local/etc/unbound/root.key. I'm including my file below, but of course you should seriously wonder if I can be trusted… a few other links are here, but I also have write access there so it hardly adds trust.
>
> https://dnssec.surfnet.nl/?p=371
>
> Oh… and if your Mac tells you the attachment is a keynote document… it's not ;-) it's ASCII
>
> -Rick
>
fixed the issue :' could not open autotrust file for writing,
/usr/local/etc/unbound/root.key.705-0: Permission denied'
change owner to _unbound and 'chmod g+x' on root.key
i now have ' -rw-rw-r-- 1 _unbound admin 759 10 Jul 13:20
root.key' - Would that be the correct permissions set ?
Thanks Rick :)
Thanks for all the help - was quite an experience compiling and
installing Unbound and NSD on OSX :)
Will start deep testing now.
Kind Regards
zongo
More information about the nsd-users
mailing list