* Bjvrn Ketelaars <bjorn.ketela...@hydroxide.nl> [2012-02-15 18:04]: > 2012/2/15 Ralf <r...@ackstorm.de (mailto:r...@ackstorm.de)>: > > > I haven't gotten the DNSSec to work, so I ran with module-config: > > iterator. But I'm not too familiar with DNSsec, so I might have done > > something wrong on that part. And I cheated a bit when compiling and > > installing, as the machine didn't have the full source tree, so I did > > some steps manually, maybe I left something out. > > The supplied unbound.conf should work (mental note to myself: assumption is > the mother of all b&). Could you check that there is a root.key in > /var/unbound/etc? If not, please run unbound-anchor manually, do not forget to > set the right permissions on root.key or run as _unbound (this is part of the > current unbound rc.d-script - rc_pre()).
The problem was the clock of this old machine. I had ntpd configured, but unfortunately without -s. The clock was somewhere around year 2020, causing some certificate verification in unbound-anchor to fail with message "the PKCS7 signature failed". After fixing the clock it works now with your default config on hppa. Cheers, Ralf
