Maintained by: NLnet Labs

[Unbound-users] Not sure if and why DNSSEC not working

Tue Jun 24 14:45:26 CEST 2014

Hi Michael,

> 1) unbound-anchor -a /var/unbound/root.key
> 2) fetch and save the file
> as root.hints 3) fetch and
> setup the configuration in your unbound.conf dlv-anchor-file:
> "/var/unbound/"

I had steps 1&2 already done, but not #3. I also have root.hints being
fetched periodically by cron job and I added the dlv key file to that
script. No need to do that for the anchor file since
"AUTO-trust-anchor-file" (rather than trust-anchor-file) instructs
unbound to run "unbound-anchor" each time.

dnscrypt-proxy definitely NOT working with DNSSEC though. Works if
DNSSEC is not enabled in unbound.

Thanks for the help & regards.