Robert Edmonds via Unbound-users:
validation failure <www.iana.org. A IN>: no keys have a DS with algorithm RSASHA1-NSEC3-SHA1 from 2001:500:8f::53 for key icann.org. while building chain of trust
Robert, did you compile unbound with "--disable-sha1"? see https://unbound.net/pipermail/unbound-users/2017-April/004747.html anyway, www.iana.org works fine here: $ dig www.iana.org ; <<>> DiG 9.10.3-P4-Debian <<>> www.iana.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33171 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.iana.org. IN A ;; ANSWER SECTION: www.iana.org. 2725 IN CNAME ianawww.vip.icann.org. ianawww.vip.icann.org. 30 IN A 192.0.32.8 ;; Query time: 260 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Oct 30 13:57:34 CET 2017 ;; MSG SIZE rcvd: 89
