Just for clarity, I want to ask if Unbound loads the cert-bundle once
before chroot? Or, is it reread or polled for updates? Is the current
implementation the desired behavior? The documentation does not say what
is done, or what the design intent should be:
tls-cert-bundle: <file>
If null or "", no file is used. Set it to the
certificate bundle file, for example
"/etc/pki/tls/certs/ca-bundle.crt". These certificates
are used for authenticating connections made to
outside peers. For example auth-zone urls, and also
DNS over TLS connections.
Thank You
Eric
