CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2014/03/20 18:23:15
Modified files:
etc/mtree : 4.4BSD.dist
usr.sbin/unbound: Makefile.bsd-wrapper
etc : unbound.conf
Log message:
Install a /var/unbound/db directory, writable by the _unbound daemon,
and use it as the default location for the DNSSEC root key. Update default
config for this location.
With this, the only step required to enable DNSSEC validation is to
uncomment these default config entries and restart:
#module-config: "validator iterator"
#auto-trust-anchor-file: "/var/unbound/db/root.key"
There is no longer a requirement to run unbound-anchor manually to
update the root key. The rc.d script will take care of updates at boot,
and Unbound will manage the file itself at runtime.
Test with "dig test.dnssec-or-not.net txt @127.0.0.1" or similar.
