On Thu, Oct 11, 2018 at 03:44:56PM -0700, pg...@dev-mail.net wrote: > resolver's up, running & working now, as least as verified with the usual > > dig @127.0.0.1 dnssec-failed.org a +dnssec > > not clear if all of that^ was needed, but it apparently did the trick. > > thanks all.
Check the user "named" runs as after chroot and dropping privs has
write permissions to update the root trust-anchor file (may need
write permissions to the containing directory to make the update
atomic).
--
Viktor.
