>> You can start the auto-trust-anchor-file rotation by providing a file >> like for trust-anchor-file: a plain text file with DNSKEY or DS records >> in there. >> >>
I tried this with (in conf) auto-trust-anchor-file: "/etc/unbound/trusted-key.key" auto-trust-anchor-file: "/etc/unbound/mail-trusted-key.key" And the latter reading (copied from the BIND-9 zone file) mail. 1d IN DS 22205 14 1 0FFE136DCCCFD7879D350A62610193ADA5F18111 mail. 1d IN DS 22205 14 2 816572C6D97DDBCD9E7EB99644EDD0CEB30237EA1FE20526574BADB1B9A5B6DA and as variation mail. 1d IN DNSKEY 22205 14 1 0FFE136DCCCFD7879D350A62610193ADA5F18111 mail. 1d IN DNSKEY 22205 14 2 816572C6D97DDBCD9E7EB99644EDD0CEB30237EA1FE20526574BADB1B9A5B6DA but either way unbound is reporting the below and I do not understand what the issue (anchor cannot be with and without autotrust) is? error: anchor cannot be with and without autotrust error: failed to load trust anchor from /etc/unbound/mail-trusted-key.key at line 1, skipping error: anchor cannot be with and without autotrust error: failed to load trust anchor from /etc/unbound/mail-trusted-key.key at line 2, skipping error: failed to read /etc/unbound/mail-trusted-key.key error: error reading auto-trust-anchor-file: /etc/unbound/mail-trusted-key.key error: validator: error in trustanchors config error: validator: could not apply configuration settings. fatal error: bad config for validator module
