unbound fails to resolve .org domain with DNSSEC

Paul Wouters paul at nohats.ca
Mon Sep 10 20:36:06 UTC 2018

On Mon, 10 Sep 2018, Paulo Roberto Tomasi via Unbound-users wrote:

> I'm trying to deploy an unbound installation in Ubuntu 16.04, but with no success enabling DNSSEC.

> when trust-anchor-file: "/var/lib/unbound/root.key" is active (uncommented), all .org domains aren't resolved (other domains are resolved
> correctly):

Is your unbound instance behind an old bind forwarder? There were some
bind versions that did not properly return all records needed for DNSSEC
validation in certain cases. Can you try with unbound having direct
unfiltered port 53 to the internet?


More information about the Unbound-users mailing list