We’ve been using ub_ctx_add_ta() in libunbound to manually include the root trust anchor in Monero (because there’s no standard for storing the root trust anchor, and Windows users almost definitely won’t have one). This worked for ages, but as of a few months ago the following error occurs:
[1452966957] libunbound[15265:0] info: warning: unsupported algorithm for trust anchor . DNSKEY IN
[1452966957] libunbound[15265:0] warning: trust anchor . has no supported algorithms, the anchor is ignored (check if you need to upgrade unbound and openssl)
We figured it would resolve itself with some future version of libunbound, but as of 1.5.8 (git head) from a few weeks ago it is still not working.
We've been using ub_ctx_add_ta() in libunbound to manually include
the root trust anchor in Monero (because there's no standard for
storing the root trust anchor, and Windows users almost definitely
won't have one). This worked for ages, but as of a few months ago
the following error occurs:
The format is a DNS resource record on one line, DS or DNSKEY.
If I call ub_ctx_add_ta() with the string you have there, the root
anchor with a \n after it, it works fine.
The warning is printed if you try to load an unsupported trust anchor,
this behaviour has changed in recent releases, dealing with loading
trust anchors with unknown algorithms, to support root key rollover
schemes more thoroughly.
However, the string you give has supported algorithms. I do not
understand either why you get this error. Are you loading a different
string? (for instance with an ECDSA algorithm and the user has old
OpenSSL with no ECDSA support).
Or have you compiled unbound without sha256 support? Not even sure if
that is possible and I think that needs configure options to do it,
but then this message would appear.
Note the hard coded anchor will get you in trouble with the root key
rollover that is talked about in public forums. You need to have some
sort of update process (f.e. using your software update).