On Mon, 10 Sep 2018, Paulo Roberto Tomasi via Unbound-users wrote:
I'm trying to deploy an unbound installation in Ubuntu 16.04, but with no success enabling DNSSEC.
when trust-anchor-file: "/var/lib/unbound/root.key" is active (uncommented), all .org domains aren't resolved (other domains are resolved correctly):
Is your unbound instance behind an old bind forwarder? There were some bind versions that did not properly return all records needed for DNSSEC validation in certain cases. Can you try with unbound having direct unfiltered port 53 to the internet? Paul
