Re : Re: Re : Re: Re : Re: unbound.conf issue

Alexandre Froissard vrealist at icloud.com
Thu Aug 1 12:13:49 UTC 2024 

I just check and in the /etc/unbound/unbound.conf.d/ directory, I found 2 files : afroissard@ raspberrypi:/etc/unbound/unbound.conf.d $ ls -al total 16 drwxr-xr-x 2 root root 4096 Jul 31 18:30 . drwxr-xr-x 3 root root 4096 Aug 1 11:25 .. -rw-r--r-- 1 root root 195 Feb 26 13:47 remote-control.conf -rw-r--r-- 1 root root 190 Feb 26 13:47 root-auto-trust-anchor-file.conf afroissard@ raspberrypi:/etc/unbound/unbound.conf.d $ When I cat them here's what's inside : afroissard@ raspberrypi:/etc/unbound/unbound.conf.d $ cat root-auto-trust-anchor-file.conf server: # The following line will configure unbound to perform cryptographic # DNSSEC validation using the root trust anchor. auto-trust-anchor-file: "/var/lib/unbound/root.key" afroissard@ raspberrypi:/etc/unbound/unbound.conf.d $ cat remote-control.conf remote-control: control-enable: yes # by default the control interface is is 127.0.0.1 and ::1 and port 8953 # it is possible to use a unix socket too control-interface: /run/unbound.ctl afroissard@ raspberrypi:/etc/unbound/unbound.conf.d $ Le 1 août 2024 à 12:13, Yorgos Thessalonikefs <yorgos at nlnetlabs.nl> a écrit : On 01/08/2024 11:48, Alexandre Froissard wrote: I commented # the auto-trust-anchor-file from my configuration file ans it works just fine now. I'm not a Linux specialist. From what I understand, removing this line will tell Ubuntu to use what was installed by default, correct ? I'm trying to make sure removing this line has no consequences on the security of the system and/or dns service. Removing this line does not explicitly tell anything to Unbound. I believe one of the files under /etc/unbound/unbound.conf.d/ specifies a trust-anchor and that should be the system installed one. You can verify yourself by looking at the files under /etc/unbound/unbound.conf.d/. Best regards, -- Yorgos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20240801/d52927b6/attachment.htm>

More information about the Unbound-users mailing list