Warning: No trusted keys were given. Will not be able to verify authenticity! when using drill command

I want to do a DNSSEC (-D) trace (-T) from the rootservers down to my domain. So I type:

drill -TD {my-domain}

But I am getting:

Warning: No trusted keys were given. Will not be able to verify authenticity!

There is no /etc/unbound/root.key file. It is the file from which trusted keys are loaded when no -k option is given. So How do I create this trusted key file? What command do I need to type?

  1. Here is how to create dns.key using the drill command itself:
    drill -t . DNSKEY | grep -e '^\.' > dns.key
  2. Verify it:
    cat dns.key
  3. Now try it to get rid of the Warning: No trusted keys were given. Will not be able to verify authenticity! message. For example:
    drill -k dns.key -TD {my-domain}
  4. Here is how it looks for the cyberciti.biz:
    drill -k root_dnssec_key -TD cyberciti.biz

1 Like