Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Code Block
dnssec_return_status: GETDNS_EXTENSION_TRUE

A trust anchor is also required for DNSSEC validation. 

getdns version 1.2 includes support for automatic trust anchor management - see 'zero Zero configuration DNSSEC' .  We plan to improve DNSSEC support in a future release so that errors in configuration are reported to the userwhich will automatically fetch a trust anchor is none is present on the system. See that link for the specific details of key management for DNSSEC


If using a version of getdns earlier than 1.2 then DNSSEC support also requires that a trust anchor is must be manually installed and managed on the system. We recommend using unbound-anchor.