[csw-maintainers] dnssec and unbound
Ben Walton
bwalton at opencsw.org
Mon Oct 29 17:20:08 CET 2012
Hi Dago,
> I am just fiddling with the latest gnutls and got a configure time error:
>
>> DNSSEC root key file: /etc/unbound/root.key
Aside: Is gnutls assuming this path or picking it up from something
delivered by the unbound packages?
>>
>> configure: WARNING:
>> ***
>> *** The DNSSEC root key file in /etc/unbound/root.key was not found.
>> *** This file is needed for the verification of DNSSEC responses.
>> *** Use the command: unbound-anchor -a "/etc/unbound/root.key"
>> *** to generate or update it.
>> ***
>
> Any advice on how we should handle this? Add the key to libunbound2?
> Ihsan?
My initial reaction to this was that including the "config" file in
the library package wasn't the right thing to do, but after reading
about it and thinking some more, I think your suggestion is ok.
Originally I thought a -data package to deliver this (and similar
files from unbound if they exist) might be a better option but that
seems to heavy and counter-productive.
The recipe for unbound could automate creating root.key at every
re-spin using the procedure described here:
http://www.unbound.net/documentation/howto_anchor.html
Ihsan?
Thanks
-Ben
More information about the maintainers
mailing list