Reload required when updating root.hints or root.key?

Daisuke HIGASHI daisuke.higashi at
Thu Jun 23 16:31:24 UTC 2022

Sandro <lists at>:

> So, I
> fetched the key from one of the OpenNIC root servers and put it in
> /var/lib/unbound/root.key. But how would Unbound know which server to
> query for RFC5011? Does it use the root hints for that? Or do I need
> to define that elsewhere?

Unbound's RFC5011 (auto-trust-anchor-file) fetches root trust anchor
(DNSKEYs) from root servers which is specified in root hints (or root
priming). So if you use OpenNIC root hints, Unbound should keep track
OpenNIC root trust anchors.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Unbound-users mailing list