I have an OpenWRT router device which has unbound 1.4.5 bundled for it and I haven't yet gotten around to getting cross-compilation going so I can build something newer myself.
Yesterday, ICANN sent out notification of the root KSK Ceremony 12, which took place on February 12th. Might be a factor? When I went to bed at 5am US Eastern, DNS at home was working fine. When I got up some hours later, there was no DNS resolution at home. I got it working by disabling the DNSSEC verification in unbound on the router. If I use unbound-anchor (on a host where that's available) and copy/paste that into the router's file, it still doesn't help. With the trust anchor turned on, I get: root@coal:/etc/unbound# unbound -dd Nov 27 08:22:20 unbound[2919:0] notice: init module 0: validator Nov 27 08:22:20 unbound[2919:0] notice: init module 1: iterator Nov 27 08:22:20 unbound[2919:0] info: start of service (unbound 1.4.5). Nov 27 08:22:30 unbound[2919:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure <. DNSKEY IN> Nov 27 08:22:30 unbound[2919:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure <. DNSKEY IN> Nov 27 08:22:30 unbound[2919:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure <. DNSKEY IN> [...] Does anyone know what might be causing this? Algorithm change not supported by ancient unbound, something else? Thanks, -Phil _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
