Import Windows local-domain trust-anchor into Unbound/IPfire?

General questions.
Post Reply
Posts: 70
Joined: July 27th, 2014, 3:21 pm

Import Windows local-domain trust-anchor into Unbound/IPfire?

Post by qiller » April 16th, 2019, 11:11 pm


i'm looking for a solution to import the trust anchor of a local domain (e.g. "domain.local") created by a DNSSEC-activated Windows DNS-Server into unbound. I already switched from a forwarding-zone (disabled it in web-interface) to a stub-zone for the local-domain by creating the config manually.


Code: Select all

	domain-insecure: "domain.local"

	name: "domain.local"
	stub-prime: yes
The domain-insecure option is still necessary. I get SERVFAIL error if i remove it - i think cause of missing trust-anchor. At least the missing trust-anchor was the problem on another Windows-DNS server, which hosts only secondary-zones of the local-domain (got the same SERVFAIL-error til trust-anchor was added). I looked through 2 manuals: ... to-anchor/ ... nd-anchor/

It seems that unbound-anchor tool is only for importing the root trust-anchor. Or do i miss something and it is possible to add custom trust-anchors?

Post Reply