[Unbound-users] What is needed for dnssec?
Marcel van Beurden
marcel_unbound at datkan.net
Tue Feb 14 23:05:46 UTC 2012
On 14-02-12 10:03, Phil Mayers wrote:
> With unbound on your server, you should be able to do:
>
> dig +dnssec @server <signed name>
>
> ...and get back a response with the "ad" flag set e.g.
>
> $ dig +dnssec org ns
> ...
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 7
> ^^ AD flag set
This now works. I have solved it by adding the following line to my
unbound.conf on my server:
auto-trust-anchor-file: "/etc/unbound/root.key"
I thought this path would be the default path and was not needed to
specify. But it is. I removed unbound from my desktop pc as it's not needed.
Maybe unbound-anchor should add this line to unbound.conf automatically or
at least check/warn the user if it is incorrect.
Thanks all for the help.
Marcel
More information about the Unbound-users
mailing list