Hi, On 17/03/16 05:55, Dave Warren via Unbound-users wrote: > On 2016-03-16 14:06, Robert Edmonds via Unbound-users wrote: >> Dave Warren via Unbound-users wrote: >> This is a good point, it doesn't really matter for the distro user, I >> guess. > > I may be wrong, but for those who take the time and effort to build > their own Unbound, I see them either using a root.hints file because > they know what they're doing, or not because they've never heard of it > (or because they know what they're doing)
The simple solution, set a root-hints: "/usr/share/dns/root.hints" file in unbound.conf; or as a drop-in file in /etc/unbound.conf.d/*.conf if you have that. And then keep that file up to date? The defaults are for people that don't have a file around, but if you want to maintain it, use the root-hints file. If you want more complicated decisions around the file; having a script that makes symlinks one way or the other or something along those lines is something you can cobble together. But I think just setting the configuration option for root-hints in unbound.conf is probably just what you want? Do you still need to be able to set a default value for the root-hints file location, or is it just as good to set it in unbound.conf (or unbound.conf.d/ drop-file) ? Best regards, Wouter > > I'm sure there's some small group that will create one and abandon it, > but I just can't imagine that this type would remember to manually > update the binary. > > >> I agree, the consequences are extremely mild in the first place. We >> still go to the trouble of backporting the root hint updates, though. > > I agree that it's worth doing, but the keep-it-simple of just reading > the configured file or not seems like it's more valuable than guessing > at whether the file should be used or ignored. Also, the principle of > least surprise, a user will expect that the file will be used or not. > > >
signature.asc
Description: OpenPGP digital signature