dnssec-trust-anchors.d - Linux
Overview
dnssec-trust-anchors.d is a directory within /etc that contains trust anchors for DNSSEC validation. It allows administrators to specify which trust anchors should be used by DNSSEC-validating resolvers on the system.
Syntax
/etc/dnssec-trust-anchors.d/<trust-anchor-file>
where <trust-anchor-file> is the name of a file containing a trust anchor.
Options/Flags
There are no options or flags.
Examples
A file named example.com.pem containing a trust anchor for the zone "example.com" can be added to /etc/dnssec-trust-anchors.d to make it available to DNSSEC-validating resolvers on the system.
# Add a trust anchor for example.com
echo "-----BEGIN TRUSTED CERTIFICATE-----
...
-----END TRUSTED CERTIFICATE-----" > /etc/dnssec-trust-anchors.d/example.com.pem
Common Issues
If a trust anchor file is not in the correct format, it will not be loaded by DNSSEC-validating resolvers. The file should be in PEM format and should contain a single trust anchor certificate.
Integration
dnssec-trust-anchors.d can be used with other commands and tools to configure DNSSEC validation on a system. For example, it can be used with the systemd-resolve service to enable DNSSEC validation on a system-wide basis.
Related Commands
dnssec-set-trust-anchordnssec-remove-trust-anchordnssec-test