<div><div dir="auto">Hi,</div><div dir="auto"><br></div><div dir="auto">On root hint, reload is not required. <span>Unbound will use root.hints file on startup but updates </span><span>its root NS list periodically by root priming queries [RFC8109].</span></div><div dir="auto"><br></div><div dir="auto">On DNSSEC trust anchor, all you need is</div><div dir="auto"> <span style="font-family:Monaco,Consolas,"Andale Mono","DejaVu Sans Mono",monospace;white-space:pre-wrap;color:rgb(34,34,34)">auto-trust-anchor-file: "/var/lib/unbound/root.key"</span></div><div dir="auto" style="background-color:rgba(0,0,0,0)!important;border-color:rgb(0,0,0)!important;color:rgb(0,0,0)!important"><font style="border-color:rgb(0,0,0);color:rgb(0,0,0)"> in unbound.conf and do not execute unbound-anchor periodically.</font></div><div dir="auto" style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0)"><span style="border-color:rgb(0,0,0)"> "auto-trust-anchor-file" keeps tracking </span><span style="border-color:rgb(0,0,0)">root trust anchor updates [RFC5011] and save it automatically.</span></div><div dir="auto" style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0)"><span style="border-color:rgb(0,0,0)"><br></span></div><div dir="auto" style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0)"><span style="border-color:rgb(0,0,0)">If you choose</span></div><div dir="auto" style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0)"><span style="border-color:rgb(0,0,0)"><span style="font-family:Monaco,Consolas,"Andale Mono","DejaVu Sans Mono",monospace;white-space:pre-wrap;border-color:rgb(34,34,34);color:rgb(34,34,34)"> trust-anchor-file: "/var/lib/unbound/root.key"</span></span></div><div dir="auto" style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0)"><span style="border-color:rgb(0,0,0)">(old style, not recommended) for some reason, reload is required on root.key file update. </span>unbound-anchor fetches trust-anchor but won't issue reload.</div>
</div>