Hi Beeblebrox, I think the issue is that -a adds the root.key file, but you also have the root.key file in your unbound.conf, hence it is added twice. You'd need another unbound.conf file without the root.key statement for unbound-anchor. (unbound.conf supports include: "file" to make that easy to maintain).
Best regards, Wouter On 24/07/17 09:04, Beeblebrox via Unbound-users wrote: > Hello. I have Unbound running in a FreeBSD Jail, with all required files > placed in /var/unbound. /etc/rc.conf starts unbound with: > > unbound_enable="YES" > unbound_flags="-c /var/unbound/unbound.conf" > unbound_anchorflags="-a '/var/unbound/root.key' -C /var/unbound/unbound.conf > -r '/var/unbound/root.hints'" > > DNSSEC is morking since "drill -D 00f.net" gives correct result. > However, unbound.log shows below message, and I'm wondering if it could cause > future problems: > > libunbound[74640:0] notice: init module 0: validator > libunbound[74640:0] error: trust anchor presented twice > libunbound[74640:0] error: could not parse auto-trust-anchor-file > /var/unbound/root.key line 2 > libunbound[74640:0] error: error reading auto-trust-anchor-file: > /var/unbound/root.key > libunbound[74640:0] error: validator: error in trustanchors config > libunbound[74640:0] error: validator: could not apply configuration settings. > libunbound[74640:0] error: module init for module validator failed > unbound[75230:0] notice: init module 0: validator > unbound[75230:0] notice: init module 1: iterator > unbound[75230:0] info: start of service (unbound 1.6.2). > > Regards. >
signature.asc
Description: OpenPGP digital signature