Hi
I have a a macports unbound port. It is resolving as it should however I can’t get the dnssec enabled. Could someone possibly point me in the right direction ? Should unbound be used without the dnssec being enabled ?
Thanks
Bob
dnssec is enabled per default, and would have to be explicitely disabled
using val-permissive-mode=yes
Paul
I have a a macports unbound port. It is resolving as it should however I
can't get the dnssec enabled. Could someone possibly point me in the right
direction ? Should unbound be used without the dnssec being enabled ?
I'm not familiar with the macports port, because on Mac I now use the
bundled Unbound that comes with DNSSEC-Trigger [1].
If the port is new enough, you should have a utility called
`unbound-anchor' which obtains the root DNSSEC key and stores it in
/etc/unbound/root.key. [Invoke that as `unbound-anchor -a'.]
Then make sure Unbound is actually using that key by configuring (in
unbound.conf):
auto-trust-anchor-file: "/etc/unbound/root.key"
Restart Unbound and you should be fine. (Check the logs.)
-JP