Enable DNS-Sec For unbound

Benno Overeinder benno at NLnetLabs.nl
Tue Feb 11 14:51:52 UTC 2020


On 11 Feb 2020, at 15:07, Ramin Malekgahsemi via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:
> Hi Dear Friend I want enable DNS sec Validation For Recursive mode Unbound
> I use This link For 
> https://plone.lucidsolutions.co.nz/linux/dns/enable-dnssec-for-unbound-resolver
> Now When Type in CLI 
> unbound-anchor -a /etc/unbound/root.key 
> Log to me 
> [1581430016] libunbound[17599:0] error: failed to load trust anchor from /etc/unbound/root.key at line 5, skipping
> How Can Download Latest Trusted Key For Unbound 

As far as I can tell from the CentOS7 packages, the Unbound package unbound-1.6.6-1.el7.x86_64.rpm is installed with unbound-libs-1.6.6-1.el7.x86_64.rpm.  This includes (and is pre-configured) with /var/lib/unbound/root.key, which contains both the old DNS root key (key ID 19036 from 2010) and the current DNS root key (key ID 20326 from 2017).  The Unbound package is already pre-configured to run as a validating resolver, see /etc/unbound/unbound.conf and auto-trust-anchor-file: "/var/lib/unbound/root.key”.

So with CentOS7 you are already done with Unbound as a validating resolver!

> My OS is Centos 7 X64 and unbound  version is  
> notice: Start of unbound 1.6.6.

Unbound 1.6.6 is 2.5 years old and many bugs have been patched and features have been added.  You may consider installing a more recent version, e.g. unbound-1.9.0-2.gf.el7.x86_64.rpm.


— Benno

Benno J. Overeinder
NLnet Labs

More information about the Unbound-users mailing list