1.7.3 - trusted-keys-file location
ѽ҉ᶬḳ℠
vtol at gmx.net
Thu Jul 26 16:29:43 UTC 2018
>> You can start the auto-trust-anchor-file rotation by providing a file
>> like for trust-anchor-file: a plain text file with DNSKEY or DS records
>> in there.
>>
>>
I tried this with (in conf)
auto-trust-anchor-file: "/etc/unbound/trusted-key.key"
auto-trust-anchor-file: "/etc/unbound/mail-trusted-key.key"
And the latter reading (copied from the BIND-9 zone file)
mail. 1d IN DS 22205 14 1
0FFE136DCCCFD7879D350A62610193ADA5F18111
mail. 1d IN DS 22205 14 2
816572C6D97DDBCD9E7EB99644EDD0CEB30237EA1FE20526574BADB1B9A5B6DA
and as variation
mail. 1d IN DNSKEY 22205 14 1
0FFE136DCCCFD7879D350A62610193ADA5F18111
mail. 1d IN DNSKEY 22205 14 2
816572C6D97DDBCD9E7EB99644EDD0CEB30237EA1FE20526574BADB1B9A5B6DA
but either way unbound is reporting the below and I do not understand
what the issue (anchor cannot be with and without autotrust) is?
error: anchor cannot be with and without autotrust
error: failed to load trust anchor from
/etc/unbound/mail-trusted-key.key at line 1, skipping
error: anchor cannot be with and without autotrust
error: failed to load trust anchor from
/etc/unbound/mail-trusted-key.key at line 2, skipping
error: failed to read /etc/unbound/mail-trusted-key.key
error: error reading auto-trust-anchor-file:
/etc/unbound/mail-trusted-key.key
error: validator: error in trustanchors config
error: validator: could not apply configuration settings.
fatal error: bad config for validator module
More information about the Unbound-users
mailing list