[nsd-users] nsd can't bind udp socket: Address already in use
Rick van Rein (OpenFortress)
rick at openfortress.nl
Wed Jul 10 17:32:31 UTC 2013
Hi,
> I know Rick answered me once already on this: But the fact that i validate DNSSEC with known good RRSIG would that mean its safe to ignore ? I think I did not quite get the meaning of the answer from Rick. My apologies for that :)
The unbound daemon is trying to download the trust anchor for the entire Internet. You are not permitting it to save that. I suppose it will continue to work with a memory-stored version, but it'll be risky every time you restart Unbound, because at that time it probably accepts whatever is offered at that time. Normally, it would find the root key among its configuration files and have a solid anchor point.
You should download it manually, verify it, and install it in /usr/local/etc/unbound/root.key. I'm including my file below, but of course you should seriously wonder if I can be trusted… a few other links are here, but I also have write access there so it hardly adds trust.
https://dnssec.surfnet.nl/?p=371
Oh… and if your Mac tells you the attachment is a keynote document… it's not ;-) it's ASCII
-Rick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: root.key
Type: application/octet-stream
Size: 759 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20130710/e4004209/attachment.obj>
More information about the nsd-users
mailing list