failed to prime trust anchor

dy1977 at dy1977 at
Sun May 1 18:43:34 UTC 2022


I am facing a sudden problem on several devices :

lists of errors in Unboud log :

info: generate keytag query _ta-4f66. NULL IN
info: failed to prime trust anchor -- could not fetch DNSKEY rrset . 

100 lines of that, around 10 times the first line, and 90 times the second.

and after that :

info: validation failure < A IN>: no DNSKEY rrset 
from and and (...)  for trust anchor . while 
building chain of trust

and this repeated for b.root..., c.root... and so on.

At the place where I wrote (...) a list of Ip addresses, which can be 
the same address repeated up to 25 times, or different addresses, some 
repeated and others no.

Sometimes using unbound-anchor seemed to fix the problem, other times 
no. The command is successful, but the messages still appear.

These errors appear suddenly for un unknown reason.

I saw in a PfSense forum that this may come from having dnssec anb 
forwarding at the same time. But forwarding is not used here.

Any clue to understand would be appreciated.



L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.

More information about the Unbound-users mailing list