dnssec-trust-anchors.d - Linux


dnssec-trust-anchors.d is a directory within /etc that contains trust anchors for DNSSEC validation. It allows administrators to specify which trust anchors should be used by DNSSEC-validating resolvers on the system.



where <trust-anchor-file> is the name of a file containing a trust anchor.


There are no options or flags.


A file named example.com.pem containing a trust anchor for the zone "example.com" can be added to /etc/dnssec-trust-anchors.d to make it available to DNSSEC-validating resolvers on the system.

# Add a trust anchor for example.com
-----END TRUSTED CERTIFICATE-----" > /etc/dnssec-trust-anchors.d/example.com.pem

Common Issues

If a trust anchor file is not in the correct format, it will not be loaded by DNSSEC-validating resolvers. The file should be in PEM format and should contain a single trust anchor certificate.


dnssec-trust-anchors.d can be used with other commands and tools to configure DNSSEC validation on a system. For example, it can be used with the systemd-resolve service to enable DNSSEC validation on a system-wide basis.

Related Commands

  • dnssec-set-trust-anchor
  • dnssec-remove-trust-anchor
  • dnssec-test