[nsd-users] nsd can't bind udp socket: Address already in use

zongo saiba zongosaiba at gmail.com
Wed Jul 10 19:25:39 UTC 2013

On 10/07/2013 19:32, Rick van Rein (OpenFortress) wrote:
> Hi,
>> I know Rick answered me once already on this: But the fact that i validate DNSSEC with known good RRSIG would that mean its safe to ignore ? I think I did not quite get the meaning of the answer from Rick. My apologies for that :)
> The unbound daemon is trying to download the trust anchor for the entire Internet.  You are not permitting it to save that.  I suppose it will continue to work with a memory-stored version, but it'll be risky every time you restart Unbound, because at that time it probably accepts whatever is offered at that time.  Normally, it would find the root key among its configuration files and have a solid anchor point.
> You should download it manually, verify it, and install it in /usr/local/etc/unbound/root.key.  I'm including my file below, but of course you should seriously wonder if I can be trusted…  a few other links are here, but I also have write access there so it hardly adds trust.
> https://dnssec.surfnet.nl/?p=371
> Oh… and if your Mac tells you the attachment is a keynote document… it's not ;-) it's ASCII
> -Rick
fixed the issue :' could not open autotrust file for writing, 
/usr/local/etc/unbound/root.key.705-0: Permission denied'
change owner to _unbound and 'chmod g+x' on root.key
i now have ' -rw-rw-r--   1 _unbound  admin      759 10 Jul 13:20 
root.key' - Would that be the correct permissions set ?
Thanks Rick :)
Thanks for all the help - was quite an experience compiling and 
installing Unbound and NSD on OSX :)
Will start deep testing now.

Kind Regards


More information about the nsd-users mailing list