This script is a criminal. I'm sorry.
/usr/local/etc/rc.d/unbound
start_precmd()
{
echo -n "Obtaining a trust anchor:"
if [ "${unbound_anchorflags}T" = "T" ]; then
su -m unbound -c /usr/local/sbin/unbound-anchor
else
su -m unbound -c
On Thu, 3 Aug 2017 16:04:56 +0200
"W.C.A. Wijngaards via Unbound-users" wrote:
> Hi T.Suzuki,
>
> I don't know why it is querying for the root DNSKEY for you. It should
> not do that, unless a client asked for it.
There is no client at startup.
> Do you have
Hi T.Suzuki,
I don't know why it is querying for the root DNSKEY for you. It should
not do that, unless a client asked for it.
Do you have verbosity 5 debug logs? Perhaps this config file is not the
actual config file used by your resolver?
Best regards, Wouter
On 03/08/17 14:14, T.Suzuki
On Thu, 3 Aug 2017 09:08:52 +0200
"W.C.A. Wijngaards via Unbound-users" wrote:
> Hi T.Suzuki,
>
> Do you have prefetch-key enabled still? It causes the DNSKEY to be
> prefetched. If so, that would just be extra data in the cache, and not
> hamper KSK rollovers.
I
for it.
Best regards, Wouter
On 03/08/17 02:05, T.Suzuki via Unbound-users wrote:
> I found a packet requesting dnskey record at priming,in spite of removing
> "validator" from my config.
> What is the purpose of this function?
> I think this function may cause tro
I found a packet requesting dnskey record at priming,in spite of removing
"validator" from my config.
What is the purpose of this function?
I think this function may cause trouble with KSK rollover.
--
--
T.Suzuki