Reload required when updating root.hints or root.key?

Daisuke HIGASHI daisuke.higashi at
Thu Jun 23 10:16:37 UTC 2022


On root hint, reload is not required. Unbound will use root.hints file on
startup but updates its root NS list periodically by root priming queries

On DNSSEC trust anchor, all you need is
 auto-trust-anchor-file: "/var/lib/unbound/root.key"
 in unbound.conf and do not execute unbound-anchor periodically.
 "auto-trust-anchor-file" keeps tracking root trust anchor updates
[RFC5011] and save it automatically.

If you choose
trust-anchor-file: "/var/lib/unbound/root.key"
(old style, not recommended) for some reason, reload is required on
root.key file update. unbound-anchor fetches trust-anchor but won't issue
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Unbound-users mailing list