Public bug reported: Not the underlying package libunbound2 but only the big DNS resolver package unbound contains a script to install/copy the root.key. If you install just unbound-anchor, unbound-host, or -dev, this does not happen and all tools which rely on libunbound.so might not work.
Steps to Reproduce 1) install Ubuntu 18.04 LTS for Desktop (in my case, Minimal) 2) $ sudo apt remove unbound 3) $ sudo apt install unbound-anchor 4) $ sudo unbound-anchor Expected Result This should install a root.key at /var/lib/unbound/, because that is the default location, given unbound-anchor at compile time. Actual Result libunbound error: unable to open /var/lib/unbound/root.key for reading: No such file or directory libunbound error: error reading auto-trust-anchor-file: /var/lib/unbound/root.key libunbound error: validator: error in trustanchors config libunbound error: validator: could not apply configuration settings. libunbound error: module init for module validator failed Notes This happens *even* after changing the file /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf and its "auto-trust-anchor-file" to "/usr/share/dns/root.key" (package dns-root-data). The same issue happens with $ unbound-host -D example.com I am not sure how to solve this. My first guess would be that not the package unbound but the package libunbound2 should install that key file (script root_trust_anchor_update). This affects not only -anchor and -host but all apps which rely on libunbound.so, because those tools expect that "/var/lib/unbound/root.key" exists. Workarounds A) create the file yourself: sudo mkdir /var/lib/unbound sudo cp /usr/share/dns/root.key /var/lib/unbound/ B) specify the key of the package dns-root-data as command-line option: sudo unbound-anchor -a "/usr/share/dns/root.key" I was not able to use this approach for unbound-host. C) install the whole DNS resolver: sudo apt install unbound D) in your own app, instead of one, try two files: if (0 == access("/var/lib/unbound/root.key", R_OK)) { status_unbound = ub_ctx_add_ta_file(ub_context, "/var/lib/unbound/root.key"); } else { status_unbound = ub_ctx_add_ta_file(ub_context, "/usr/share/dns/root.key"); } ** Affects: unbound (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1771545 Title: root.key might be missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1771545/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs