Reload required when updating root.hints or root.key?
Daisuke HIGASHI
daisuke.higashi at gmail.com
Thu Jun 23 10:16:37 UTC 2022
Hi,
On root hint, reload is not required. Unbound will use root.hints file on
startup but updates its root NS list periodically by root priming queries
[RFC8109].
On DNSSEC trust anchor, all you need is
auto-trust-anchor-file: "/var/lib/unbound/root.key"
in unbound.conf and do not execute unbound-anchor periodically.
"auto-trust-anchor-file" keeps tracking root trust anchor updates
[RFC5011] and save it automatically.
If you choose
trust-anchor-file: "/var/lib/unbound/root.key"
(old style, not recommended) for some reason, reload is required on
root.key file update. unbound-anchor fetches trust-anchor but won't issue
reload.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220623/37bbb0b7/attachment.htm>
More information about the Unbound-users
mailing list