[Unbound-users] Not sure if and why DNSSEC not working
Michael Van Der Beek
michael.van at antlabs.com
Tue Jun 24 10:49:43 UTC 2014
I think the necessary steps are
1) unbound-anchor -a /var/unbound/root.key
2) fetch ftp://ftp.internic.net/domain/named.cache and save the file as root.hints
3) fetch http://ftp.isc.org/www/dlv/dlv.isc.org.key and setup the configuration in your unbound.conf
Now restart unbound.
That should make it work. I had the same problem.
Dlv is necessary as many top domains are not signed yet, so users have to use dlv as an alternative signatory.
From: Unbound-users [mailto:unbound-users-bounces at unbound.net] On Behalf Of Beeblebrox
Sent: Tuesday, 24 June, 2014 5:12 PM
Cc: unbound-users at unbound.net
Subject: Re: [Unbound-users] Not sure if and why DNSSEC not working
I'm stuck on how to debug this.
Are there any other tests I can run so as to find what's happening on my end?
My unbound.conf is below and may have some "UNusual settings" with regards to 127.0.0.1. That's because normally dnscrypt-proxy is running inside the same FreeBSD jail (VM) and unbound should forward queries to it as a forward zone.
# private-address: 127.0.1.0/28 - breaks dnscrypt-proxy
# name: "."
# forward-addr: 192.168.2.xx at 9040 #_setting 127.0.0.1 at 9040 does not
work for some odd reason.
Unbound-users mailing list
Unbound-users at unbound.net
More information about the Unbound-users