Re: priming and dnskey

2017-08-04 Thread T.Suzuki via Unbound-users
This script is a criminal. I'm sorry. /usr/local/etc/rc.d/unbound start_precmd() { echo -n "Obtaining a trust anchor:" if [ "${unbound_anchorflags}T" = "T" ]; then su -m unbound -c /usr/local/sbin/unbound-anchor else su -m unbound -c

Re: priming and dnskey

2017-08-03 Thread T.Suzuki via Unbound-users
On Thu, 3 Aug 2017 16:04:56 +0200 "W.C.A. Wijngaards via Unbound-users" wrote: > Hi T.Suzuki, > > I don't know why it is querying for the root DNSKEY for you. It should > not do that, unless a client asked for it. There is no client at startup. > Do you have

Re: priming and dnskey

2017-08-03 Thread W.C.A. Wijngaards via Unbound-users
Hi T.Suzuki, I don't know why it is querying for the root DNSKEY for you. It should not do that, unless a client asked for it. Do you have verbosity 5 debug logs? Perhaps this config file is not the actual config file used by your resolver? Best regards, Wouter On 03/08/17 14:14, T.Suzuki

Re: priming and dnskey

2017-08-03 Thread T.Suzuki via Unbound-users
On Thu, 3 Aug 2017 09:08:52 +0200 "W.C.A. Wijngaards via Unbound-users" wrote: > Hi T.Suzuki, > > Do you have prefetch-key enabled still? It causes the DNSKEY to be > prefetched. If so, that would just be extra data in the cache, and not > hamper KSK rollovers. I

Re: priming and dnskey

2017-08-03 Thread W.C.A. Wijngaards via Unbound-users
for it. Best regards, Wouter On 03/08/17 02:05, T.Suzuki via Unbound-users wrote: > I found a packet requesting dnskey record at priming,in spite of removing > "validator" from my config. > What is the purpose of this function? > I think this function may cause tro

priming and dnskey

2017-08-02 Thread T.Suzuki via Unbound-users
I found a packet requesting dnskey record at priming,in spite of removing "validator" from my config. What is the purpose of this function? I think this function may cause trouble with KSK rollover. -- -- T.Suzuki