[nsd-users] nsd can't bind udp socket: Address already in use

Rick van Rein (OpenFortress) rick at openfortress.nl
Wed Jul 10 15:03:11 CEST 2013


Hi,

> Also i am getting this error 
> 10/07/2013 14:03:12.523 unbound[705]: [705:0] error: could not open autotrust file for writing, /usr/local/etc/unbound/root.key.705-0: Permission denied
> Is it safe to disregard?  Was reading that it appears to not affect unbound process. I can tell that unbound is still working properly :) 

This looks like it is downloading the root key for DNS and attempting to pin it by storing it into the filesystem.  You do want that, or you will be vulnerable to arbitrary DNSKEYs being claimed for . (the DNS root) which is probably not in line with the ideas you had when you rolled out DNSSEC.

You should probably find some evidence to the root key stored here as well.  A few hints are your OS might provide it by now, or you could look for signatures by people you rely on.

-Rick




More information about the nsd-users mailing list