appendix - Re: [MacPorts] #49264: unbound don't promote DNSSEC under El Capitan
Daniel J. Luke
dluke at geeklair.net
Sat Oct 31 16:00:56 PDT 2015
On Oct 31, 2015, at 1:04 PM, FritzS - gmx <fritzs at gmx.net> wrote:
> Now I updated port and unbound too, but it don’t work
> http://dnssectest.sidnlabs.nl/test.php
> says
> 'You are not protected
> Permissive mode detected:
> Your DNSSEC is configured in "permissive mode" (or you use a combination of validating- and non-validating resolvers) and as such you are not protected.’
that test tests whatever your system resolver(s) are, which may include things other than the unbound that you are running.
You should use `dig` to troubleshoot since you can tell it which resolver to test.
> /opt/local/etc/unbound/root.key are renewed at each boot.
>
> Must unbound.pid in the same directory as root.key?
no
> What could be wrong?
>
> My current unbound.conf
> # auto-trust-anchor-file: "/opt/local/var/run/unbound/root.key“
>
> # I testet both path below
> # auto-trust-anchor-file: "/opt/local/etc/unbound/root.key"
> auto-trust-anchor-file: "/root.key"
this part is likely what you didn't get right.
You want:
auto-trust-anchor-file: "/opt/local/etc/unbound/root.key"
--
Daniel J. Luke
+========================================================+
| *---------------- dluke at geeklair.net ----------------* |
| *-------------- http://www.geeklair.net -------------* |
+========================================================+
| Opinions expressed are mine and do not necessarily |
| reflect the opinions of my employer. |
+========================================================+
More information about the macports-users
mailing list