[Unbound-users] Not sure if and why DNSSEC not working

Jaap Akkerhuis jaap at NLnetLabs.nl
Mon Jun 23 15:08:24 UTC 2014

    Using unbound v_1.4.22 on different LAN IP (my resolv.conf points to
    192.168.2.xx as DNS resolver, a VM on the LAN). syslog from unbound
    startup shows key & hints files being read. But, neither "drill -TD
    -k /var/unbound/root.key" nor web-based checks show active DNSSEC (for
    ex http://dnssec.vs.uni-due.de/ gives "No, your DNS resolver does NOT
    validate DNSSEC signatures"). unbound.conf has no forward-zones.
Shouldn't that be  /etc/unbound/root.key? That is what man drill tells


More information about the Unbound-users mailing list