trust-anchor-file, auto-trust-anchor-file, trust-anchor

Edward Lewis edward.lewis at
Fri Feb 24 17:35:45 UTC 2017

>From reading the documentation, the difference between trust-anchor-file and  auto-trust-anchor-file is that the former is manually managed, the latter open to Automated Updates (RFC 5011) management - is that correct?

Is the use of trust-anchor-file for the public root zone KSK popular?  Do folks use it much at all (regardless of zone)?  The same for trust-anchor statements, which appear to be in-line of the configuration file.

I'm writing a howto to use an upcoming ICANN-provided testbed for Automated Updates testing.  I'm not sure if I need to cover cases where someone currently uses unbound in a manually-managed trust anchor set manner.  I'm prompted to ask because I haven't seen many training materials for unbound that feature the manual trust anchor database management options.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2013 bytes
Desc: not available
URL: <>

More information about the Unbound-users mailing list