root.hints and root.key
George (Yorgos) Thessalonikefs
george at nlnetlabs.nl
Wed Jan 4 10:14:26 UTC 2023
Hi Gerben,
Best wishes for 20223 to you too!
If you don't specify a root hints file, Unbound will use the builtin
defaults. These are kept up-to-date with each version.
The root key file usually contains the DS/DNSKEY record of the root
trust anchor and is used for DNSSEC validation.
This file is best generated with the unbound-anchor utility.
If you use it with the 'auto-trust-anchor:' configuration option,
Unbound will perform RFC5011 behavior and keep that file up-to-date
automatically.
Best regards,
-- Yorgos
On 03/01/2023 23:52, Gerben Wierda via Unbound-users wrote:
> A good 2023 to all of you.
>
> I'm in the process of migrating to a new server (also OS family change,
> arch change (lot of docker now)) and I was copying/adapting my nsd and
> unbound configs.
>
> I copied my root.hints file over but that one is now about 3-4 years
> old. So, I was wondering, given that I keep the software version
> reasonably up-to-date, isn't it not simply enough to use the builtin
> root.hints? Or is it really useful to set up a regular download and
> installation of root.hints?
>
> And what is the use of root.key?
>
> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
> R&A IT Strategy <https://ea.rna.nl/> (main site)
> Book: Chess and the Art of Enterprise Architecture
> <https://ea.rna.nl/the-book/>
> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>
More information about the Unbound-users
mailing list