L-Root IPv6 address renumbering

W.C.A. Wijngaards wouter at nlnetlabs.nl
Thu Mar 17 08:40:52 UTC 2016


Hi,

On 17/03/16 05:55, Dave Warren via Unbound-users wrote:
> On 2016-03-16 14:06, Robert Edmonds via Unbound-users wrote:
>> Dave Warren via Unbound-users wrote:
>> This is a good point, it doesn't really matter for the distro user, I
>> guess.
> 
> I may be wrong, but for those who take the time and effort to build
> their own Unbound, I see them either using a root.hints file because
> they know what they're doing, or not because they've never heard of it
> (or because they know what they're doing)

The simple solution, set a root-hints: "/usr/share/dns/root.hints" file
in unbound.conf; or as a drop-in file in /etc/unbound.conf.d/*.conf if
you have that.  And then keep that file up to date?

The defaults are for people that don't have a file around, but if you
want to maintain it, use the root-hints file.

If you want more complicated decisions around the file; having a script
that makes symlinks one way or the other or something along those lines
is something you can cobble together.

But I think just setting the configuration option for root-hints in
unbound.conf is probably just what you want?  Do you still need to be
able to set a default value for the root-hints file location, or is it
just as good to set it in unbound.conf (or unbound.conf.d/ drop-file) ?

Best regards, Wouter

> 
> I'm sure there's some small group that will create one and abandon it,
> but I just can't imagine that this type would remember to manually
> update the binary.
> 
> 
>> I agree, the consequences are extremely mild in the first place. We
>> still go to the trouble of backporting the root hint updates, though. 
> 
> I agree that it's worth doing, but the keep-it-simple of just reading
> the configured file or not seems like it's more valuable than guessing
> at whether the file should be used or ignored. Also, the principle of
> least surprise, a user will expect that the file will be used or not.
> 
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20160317/b5923579/attachment.bin>


More information about the Unbound-users mailing list