Enable DNS-Sec For unbound
Benno Overeinder
benno at NLnetLabs.nl
Tue Feb 11 14:51:52 UTC 2020
Hi,
On 11 Feb 2020, at 15:07, Ramin Malekgahsemi via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:
>
> Hi Dear Friend I want enable DNS sec Validation For Recursive mode Unbound
>
> I use This link For
> https://plone.lucidsolutions.co.nz/linux/dns/enable-dnssec-for-unbound-resolver
>
> Now When Type in CLI
> unbound-anchor -a /etc/unbound/root.key
>
> Log to me
>
> [1581430016] libunbound[17599:0] error: failed to load trust anchor from /etc/unbound/root.key at line 5, skipping
>
> How Can Download Latest Trusted Key For Unbound
>
As far as I can tell from the CentOS7 packages, the Unbound package unbound-1.6.6-1.el7.x86_64.rpm is installed with unbound-libs-1.6.6-1.el7.x86_64.rpm. This includes (and is pre-configured) with /var/lib/unbound/root.key, which contains both the old DNS root key (key ID 19036 from 2010) and the current DNS root key (key ID 20326 from 2017). The Unbound package is already pre-configured to run as a validating resolver, see /etc/unbound/unbound.conf and auto-trust-anchor-file: "/var/lib/unbound/root.key”.
So with CentOS7 you are already done with Unbound as a validating resolver!
> My OS is Centos 7 X64 and unbound version is
> notice: Start of unbound 1.6.6.
Unbound 1.6.6 is 2.5 years old and many bugs have been patched and features have been added. You may consider installing a more recent version, e.g. unbound-1.9.0-2.gf.el7.x86_64.rpm.
Regards,
— Benno
--
Benno J. Overeinder
NLnet Labs
https://www.nlnetlabs.nl/
More information about the Unbound-users
mailing list