[Unbound-users] Not sure if and why DNSSEC not working

Beeblebrox zaphod at berentweb.com
Tue Jun 24 12:45:26 UTC 2014

Hi Michael,

> 1) unbound-anchor -a /var/unbound/root.key
> 2) fetch ftp://ftp.internic.net/domain/named.cache and save the file
> as root.hints 3) fetch http://ftp.isc.org/www/dlv/dlv.isc.org.key and
> setup the configuration in your unbound.conf dlv-anchor-file:
> "/var/unbound/dlv.isc.org.key"

I had steps 1&2 already done, but not #3. I also have root.hints being
fetched periodically by cron job and I added the dlv key file to that
script. No need to do that for the anchor file since
"AUTO-trust-anchor-file" (rather than trust-anchor-file) instructs
unbound to run "unbound-anchor" each time.

dnscrypt-proxy definitely NOT working with DNSSEC though. Works if
DNSSEC is not enabled in unbound.

Thanks for the help & regards.


More information about the Unbound-users mailing list