Reload required when updating root.hints or root.key?

Daisuke HIGASHI daisuke.higashi at gmail.com
Thu Jun 23 10:16:37 UTC 2022


Hi,

On root hint, reload is not required. Unbound will use root.hints file on
startup but updates its root NS list periodically by root priming queries
[RFC8109].

On DNSSEC trust anchor, all you need is
 auto-trust-anchor-file: "/var/lib/unbound/root.key"
 in unbound.conf and do not execute unbound-anchor periodically.
 "auto-trust-anchor-file" keeps tracking root trust anchor updates
[RFC5011] and save it automatically.

If you choose
trust-anchor-file: "/var/lib/unbound/root.key"
(old style, not recommended) for some reason, reload is required on
root.key file update. unbound-anchor fetches trust-anchor but won't issue
reload.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220623/37bbb0b7/attachment.htm>


More information about the Unbound-users mailing list