-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 2011-09-17 at 14:00 -0400, Paul Wouters wrote: > You can find source and package pre-releases at: > ftp://ftp.xelerance.com/dnssec-trigger/ At least for Fedora 15: BuildRequires: glib-devel, gtk2-devel, ldns-devel and in %install mkdir -p %{buildroot}%{_localstatedir}/run/dnssec-triggerd After killing off dnsmasq and starting unbound and dnssec-trigger, Sep 17 18:19:02 laptop setroubleshoot: SELinux is preventing /usr/sbin/unbound from name_bind access on the tcp_socket port 8953. For complete SELinux messages. run sealert -l 924dfa70-fe9e-4cc0-add0- 364b8ae90ef6 grep unbound /var/log/audit/audit.log | audit2allow -M unboundpatch semodule -i unboundpatch.pp cat /etc/resolv.conf # Generated by dnssec-trigger 0.3 nameserver 127.0.0.1 It took over dns via unbound, even though the dhcp assigned dns servers allow dnssec queries. dnssec-trigger-control-setup setup in directory /etc dnssec_trigger_server.key exists dnssec_trigger_control.key exists create dnssec_trigger_server.pem (self signed certificate) create dnssec_trigger_control.pem (signed client certificate) Signature ok subject=/CN=dnssec-trigger-control Getting CA Private Key Setup success. Certificates created. dnssec-trigger-control-setup -i setup in directory /etc unbound-checkconf: no errors in /etc/unbound/unbound.conf checking if unbound-control needs to be enabled checking if root trust anchor needs to be enabled fetching or updating root trust anchor: unbound-anchor [1316311135] libunbound[17598:0] error: ldns error while converting string to RR: Syntax error, could not parse the RR's rdata [1316311135] libunbound[17598:0] error: failed to load trust anchor from /etc/unbound/root.key at line 2, skipping [1316311135] libunbound[17598:0] error: ldns error while converting string to RR: Syntax error, could not parse the RR's TTL [1316311135] libunbound[17598:0] error: failed to load trust anchor from /etc/unbound/root.key at line 4, skipping [1316311135] libunbound[17598:0] error: failed to read /etc/unbound/root.key [1316311135] libunbound[17598:0] error: error reading auto-trust-anchor- file: /etc/unbound/root.key [1316311135] libunbound[17598:0] error: validator: error in trustanchors config [1316311135] libunbound[17598:0] error: validator: could not apply configuration settings. [1316311135] libunbound[17598:0] error: module init for module validator failed add to /etc/unbound/unbound.conf: auto-trust-anchor-file: "/etc/unbound/root.key" check for search path in resolv.conf and edit /etc/dnssec-trigger.conf check for domain in resolv.conf and edit /etc/dnssec-trigger.conf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFOdVItL6j7milTFsERAjHqAKCDFvKuwgKiYvRtvJBUVRpunvAxmQCbBVJP lsJmLAFHfCBnFPrR4/exxME= =KN8D -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
