Import Windows local-domain trust-anchor into Unbound/IPfire?

General questions.
Post Reply
qiller
Posts: 70
Joined: July 27th, 2014, 3:21 pm

Import Windows local-domain trust-anchor into Unbound/IPfire?

Post by qiller » April 16th, 2019, 11:11 pm

Hi,

i'm looking for a solution to import the trust anchor of a local domain (e.g. "domain.local") created by a DNSSEC-activated Windows DNS-Server into unbound. I already switched from a forwarding-zone (disabled it in web-interface) to a stub-zone for the local-domain by creating the config manually.

/etc/unbound/local.d/stub.conf:

Code: Select all

server:	
	domain-insecure: "domain.local"

stub-zone:
	name: "domain.local"
	stub-addr: 192.168.5.31
	stub-addr: 192.168.5.21
	stub-prime: yes
The domain-insecure option is still necessary. I get SERVFAIL error if i remove it - i think cause of missing trust-anchor. At least the missing trust-anchor was the problem on another Windows-DNS server, which hosts only secondary-zones of the local-domain (got the same SERVFAIL-error til trust-anchor was added). I looked through 2 manuals:

https://nlnetlabs.nl/documentation/unbo ... to-anchor/
https://nlnetlabs.nl/documentation/unbo ... nd-anchor/

It seems that unbound-anchor tool is only for importing the root trust-anchor. Or do i miss something and it is possible to add custom trust-anchors?

Post Reply