recommended way to use control-client

[Hans-Cees Speel]

Hello,


I am writing a howto for linux-journal on using unbound as a caching 
dnssec validating server. I am wondering if the following would be 
recommended:


**  I want to control the server via a remote control-client.

To do so I have generated keys on the server by doing

unbound-control-setup


On the remote client I install unbound so I have the client. After that 
I copy the keys|pems to the client:

sudo scp 
root at 192.168.0.110:/var/lib/docker/volumes/unbound_unbound_conf/_data/unbound_control.key 
~/keys/
sudo scp 
root at 192.168.0.110:/var/lib/docker/volumes/unbound_unbound_conf/_data/unbound_server.pem 
~/keys/

However, this means I copy 4 keys (actually 2 pemfiles and 2 keys)


server-key-file: "/opt/unbound/etc/unbound/unbound_server.key"

server-cert-file: "/opt/unbound/etc/unbound/unbound_server.pem"

control-key-file: "/opt/unbound/etc/unbound/unbound_control.key"

control-cert-file: "/opt/unbound/etc/unbound/unbound_control.pem"


Is this correct>? Because the client wouldn't work if it did't have all 
4 files.


After this the client works fine, but I was wondering if this a 
recommended way to go about. Couldn't find docs about a remote control 
client.



  sudo unbound-control -c ~/keys/unbound.conf -s 192.168.0.110 at 953 
stats_noreset | egrep time

thread0.recursion.time.avg=0.282076
thread0.recursion.time.median=0
thread1.recursion.time.avg=0.092444
thread1.recursion.time.median=0
total.recursion.time.avg=0.218865
total.recursion.time.median=0
time.now=1547242327.282419
time.up=84725.735959
time.elapsed=84725.735959

thanx







-- 
Vriendelijke groet, Hans-Cees Speel (hanscees at hanscees.com)

* Eigenaar bomengids.nl <http://www.bomengids.nl> (volg twitter 
<http://twitter.com/bomengidsnl>)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190111/6091baf2/attachment.htm>