Just to conclude this thread - call it my ignorance of having
copied/pasted in the server directive various zone statements and that
including [ domain-insecure: mail ]. After removing it the error is gone.
> You can start the auto-trust-anchor-file rotation by providing a file
> like for
Thank you for the suggestion and whilst not the solution it provided
the pointer to sort this...
Basically call it my stupidity or ignorance of having copy/pasted in
the server directive various zone statements and that including [
domain-insecure: mail ]. After
Try this instead.
local-zone: [mail.example.net] typetransparent
local-data: "[mail.example.net] 3600 IN DS [parms hash blob]"
Then the DS is pulled from Unbound internally and not subject to
root-reconcilation, rfc5011, and such.
You can start the auto-trust-anchor-file rotation by providing a file
like for trust-anchor-file: a plain text file with DNSKEY or DS records
in there.
>> I tried this with (in conf)
>>
>> auto-trust-anchor-file: "/etc/unbound/trusted-key.key"
>> auto-trust-anchor-file:
