[Unbound-users] Enable Dnssec
Jan-Piet Mens
jpmens.dns at gmail.com
Sun Jun 10 08:51:34 UTC 2012
> I have a a macports unbound port. It is resolving as it should however I
> can't get the dnssec enabled. Could someone possibly point me in the right
> direction ? Should unbound be used without the dnssec being enabled ?
I'm not familiar with the macports port, because on Mac I now use the
bundled Unbound that comes with DNSSEC-Trigger [1].
If the port is new enough, you should have a utility called
`unbound-anchor' which obtains the root DNSSEC key and stores it in
/etc/unbound/root.key. [Invoke that as `unbound-anchor -a'.]
Then make sure Unbound is actually using that key by configuring (in
unbound.conf):
auto-trust-anchor-file: "/etc/unbound/root.key"
Restart Unbound and you should be fine. (Check the logs.)
-JP
[1] http://www.nlnetlabs.nl/projects/dnssec-trigger/
More information about the Unbound-users
mailing list