1.7.3 - trusted-keys-file location

ѽ҉ᶬḳ℠ vtol at gmx.net
Thu Jul 26 14:15:14 UTC 2018


to my understanding it is feasible to have DNSSEC served for private
zones in  stub-zone, requiring a trusted key entry with the public key
in config - that would be trough >  trusted-keys-file: <, right?

Since the authoritative server being Bind 9.13.0 I thought it would make
sense to utilize its zone file straight away for unbound as >
trusted-keys-file: "/var/named/mail.db" <. However, unbound is reporting

/etc/unbound/var/named/mail.db: No such file or directory
[1532614243] unbound-checkconf[2467:0] fatal error: trusted-keys-file:
"/var/named/mail.db" does not exist in chrootdir /etc/unbound

There is no chroot directive in the unbound conf however...

More information about the Unbound-users mailing list