[csw-maintainers] dnssec and unbound
İhsan Doğan
ihsan at opencsw.org
Mon Mar 11 11:23:43 CET 2013
Hi,
On 10/29/2012 05:20 PM, Ben Walton wrote:
>>> configure: WARNING:
>>> ***
>>> *** The DNSSEC root key file in /etc/unbound/root.key was not found.
>>> *** This file is needed for the verification of DNSSEC responses.
>>> *** Use the command: unbound-anchor -a "/etc/unbound/root.key"
>>> *** to generate or update it.
>>> ***
>>
>> Any advice on how we should handle this? Add the key to libunbound2?
>> Ihsan?
>
> My initial reaction to this was that including the "config" file in
> the library package wasn't the right thing to do, but after reading
> about it and thinking some more, I think your suggestion is ok.
> Originally I thought a -data package to deliver this (and similar
> files from unbound if they exist) might be a better option but that
> seems to heavy and counter-productive.
>
> The recipe for unbound could automate creating root.key at every
> re-spin using the procedure described here:
> http://www.unbound.net/documentation/howto_anchor.html
When I started to package Unbound in 2009, DNSSEC was still experimental
and there was no root key yet. I will include the key in the future
build. Thanks for pointing on this.
Ihsan
--
ihsan at dogan.ch http://blog.dogan.ch/
More information about the maintainers
mailing list