Re: trust-anchor-file, auto-trust-anchor-file, trust-anchor
Edward Lewis via Unbound-users wrote: > Is the use of trust-anchor-file for the public root zone KSK popular? Do > folks use it much at all (regardless of zone)? The same for trust-anchor > statements, which appear to be in-line of the configuration file. Hi, Ed: We ship the Debian package of unbound with an auto-trust-anchor-file config for the root zone in the default configuration: http://sources.debian.net/src/unbound/1.6.0-3/debian/unbound.conf.d/root-auto-trust-anchor-file.conf/ I think we've been shipping the root anchor with an "auto-trust-anchor-file" directive in the default config for around five years or so. Debian is the upstream for Ubuntu, which together are pretty popular. If you also look at the package defaults for Fedora (which is also used as the upstream for RHEL) you'd probably be covering 80-90% or so of the Linux distributions by usage. -- Robert Edmonds edmo...@debian.org
Relation between ub_fd/ub_poll/ub_process and ub_ctx_async
Hello, I'm not quite clear on the relation between ub_ctx_async() on the one hand, and ub_fd(), ub_poll() and ub_process() the other hand. The latter triple can clearly be integrated with an event loop, but the former seems to suggest that background threads or processes are used. If I use ub_resolve_async() but don't call ub_ctx_async() at all, will there be no background thread or process and can I instead do my own integration with an event loop? Otherwise, how does integration with an event loop work? -Rick
trust-anchor-file, auto-trust-anchor-file, trust-anchor
>From reading the documentation, the difference between trust-anchor-file and >auto-trust-anchor-file is that the former is manually managed, the latter open >to Automated Updates (RFC 5011) management - is that correct? Is the use of trust-anchor-file for the public root zone KSK popular? Do folks use it much at all (regardless of zone)? The same for trust-anchor statements, which appear to be in-line of the configuration file. I'm writing a howto to use an upcoming ICANN-provided testbed for Automated Updates testing. I'm not sure if I need to cover cases where someone currently uses unbound in a manually-managed trust anchor set manner. I'm prompted to ask because I haven't seen many training materials for unbound that feature the manual trust anchor database management options. smime.p7s Description: S/MIME cryptographic signature