09.05.2022 18:04, Petr Menšík wrote: ..
The thing is unbound-libs package contains also unbound-anchor.service, which uses unbound-anchor to keep /var/lib/unbound/root.key up-to-date automagically even if the key changes. Shipping another library package would be possible, but it would have to solve conflict of those services and who should maintain that key validity. It gets unnecessary complicated.
How do you run unbound-anchor? From a cron job? unbound itself manages root trust anchor automatically these days (before, unbound-anchor were needed to keep it up to date iirc). In debian we decided to provide a separate package, dns-root-data, which contains the root.key and root.hints, distributed using the usual way. I dunno myself how reliable that will be in practice.
I think suggested changes make it simple enough and backward compatible while adding just self-contained changes. But all packages I checked on Fedora do not use ub_resolve_event function with just one exception: libreswan. It seems no one else adopted asynchronous callback.
Yes, this is exactly why it is failing, - this is the only known software which actually uses this functionality... :) /mjt
