Version 1.15.0 compatible with, is it good idea?

Michael Tokarev mjt at
Mon May 9 16:03:28 UTC 2022

09.05.2022 18:04, Petr Menšík wrote:
> The thing is unbound-libs package contains also unbound-anchor.service,
> which uses unbound-anchor to keep /var/lib/unbound/root.key up-to-date
> automagically even if the key changes. Shipping another library package
> would be possible, but it would have to solve conflict of those services
> and who should maintain that key validity. It gets unnecessary complicated.

How do you run unbound-anchor? From a cron job?

unbound itself manages root trust anchor automatically these days
(before, unbound-anchor were needed to keep it up to date iirc).

In debian we decided to provide a separate package, dns-root-data, which
contains the root.key and root.hints, distributed using the usual way.
I dunno myself how reliable that will be in practice.

> I think suggested changes make it simple enough and backward compatible
> while adding just self-contained changes.
> But all packages I checked on Fedora do not use ub_resolve_event
> function with just one exception: libreswan. It seems no one else
> adopted asynchronous callback.

Yes, this is exactly why it is failing, - this is the only known
software which actually uses this functionality... :)


More information about the Unbound-users mailing list