-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Nikos,
On 10/03/2012 09:58 AM, Nikos Mavrogiannopoulos wrote: > Hello, I'm trying to work with the DNSSec validation example in the > unbound tutorial [0]. My issue is that at some point it calls: > ub_ctx_add_ta_file() with a file called "keys" and that according > to the comment this is the "public keys for DNSSEC verification". > However what does that exactly mean? How do you obtain this list? I > have a high level understanding of dnssec, and I'd expect that if > I set there the file /etc/unbound/root.key it should be able to > verify any domain, is that correct? (it doesn't seem to work) You need: ub_ctx_set_option(ctx, "auto-trust-anchor-file:", "/etc/unbound/root.key"); because that file is in the 'auto-trust-anchor-file' format. (at least, I hope so, if the file is in the BIND-format, you need the function ub_ctx_trustedkeys). Best regards, Wouter > regards, Nikos > > [0]. > http://www.unbound.net/documentation/libunbound-tutorial-6.html > _______________________________________________ Unbound-users > mailing list [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQa/RIAAoJEJ9vHC1+BF+NpiAP/jCr1x7cUaJwYioA7o00lKC1 +3Au7Xv6CAz7iTG7Epd671g2aLF40XuOWntcSxP7PV5aVTkSuo4Jv7TWFaYnjNu0 Mv6EgtAFuHQQIoPXeudEt/cWVPO0BZIFErGpmr73qpbJqF+FDrqw9Y0uSOTG7Loz ayPHdv/aP0RplDjLAKaD8iXKSiPSHfGvJvieR6L/YIi+ztZeJR5vOJ8idypVTn8Y YduCjdXUV89uvk31Cx3NCEcfrS5O+MjuAwrO67Dt+TJBTSYnE2fuTLePPcZ97FtG 00RMNpw7IimRe3Z2SFwLqWJRjg/qUJ9GxwYokp8hMFaAhgLHPyH+B8whk9VrZukm pQB5omdXdNJaT4TWrhKQhQqDOnvM0fk5mcFlAcaNk6CiBwrvFNw7RIQD6cp5aal2 kKYRKtiDhxcjoDrLxps8fT/9ypovx8PrvYHMLmTwqqwbW77IXgIkH7W7C0fh9xSP 7jlAQ3+JyvpXKVH7X5w3m3DBlvAK9zmccztZ0Bv0kAE3etcm7ltkFGLAEMRElWTO sGIpq+30y/AzuqcmirAgpu87Fh2Rlt3NiIP5yEFIpmpVvSOtykOXdIHJeLf6K4Xs vC/ta9oO2EpbOwDqHHxlOIvVS3EuwuMzf/F7m9ZP3VCSv1jZZ6ETzzbcm+X4p7Ty YaCSGvvwzT9Ztdn4kp+W =VVxt -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
