Version 1.15.0 compatible with libunbound.so.2, is it good idea?
Michael Tokarev
mjt at tls.msk.ru
Mon May 9 16:03:28 UTC 2022
09.05.2022 18:04, Petr Menšík wrote:
..
> The thing is unbound-libs package contains also unbound-anchor.service,
> which uses unbound-anchor to keep /var/lib/unbound/root.key up-to-date
> automagically even if the key changes. Shipping another library package
> would be possible, but it would have to solve conflict of those services
> and who should maintain that key validity. It gets unnecessary complicated.
How do you run unbound-anchor? From a cron job?
unbound itself manages root trust anchor automatically these days
(before, unbound-anchor were needed to keep it up to date iirc).
In debian we decided to provide a separate package, dns-root-data, which
contains the root.key and root.hints, distributed using the usual way.
I dunno myself how reliable that will be in practice.
> I think suggested changes make it simple enough and backward compatible
> while adding just self-contained changes.
>
> But all packages I checked on Fedora do not use ub_resolve_event
> function with just one exception: libreswan. It seems no one else
> adopted asynchronous callback.
Yes, this is exactly why it is failing, - this is the only known
software which actually uses this functionality... :)
/mjt
More information about the Unbound-users
mailing list