[Unbound-users] About trust-anchor-files

Tue Feb 17 13:50:55 UTC 2009

Hello,

In my unbound.conf I have:

        ...
        trust-anchor-file: "/usr/local/etc/unbound/ancoras/br.anchor"
        trust-anchor-file: 
"/usr/local/etc/unbound/ancoras/dlv.isc.org.anchor"
        ...

But I saw in Chris Griffiths message:

        ...
        trust-anchor-file: "/etc/unbound/anchors/br.anchor"
        trust-anchor-file: "/etc/unbound/anchors/se.anchor"
        trust-anchor-file: "/etc/unbound/anchors/bg.anchor"
        trust-anchor-file: "/etc/unbound/anchors/pr.anchor"
        trust-anchor-file: "/etc/unbound/anchors/cz.anchor"
        ...

My question is about how many trusted keys for validation must I use? And, 
if I manage about 200 domains, must I take care about them in my recursive 
servers, including its trusted keys? Are there security additional advantage 
to take care in anchor .br, .se, .bg and so on?

Thank you,

JB