> > From unbound-anchor.8 I understand that unbound-anchor can be run from the
> > command line, or run as part of startup scripts _before_ the actual
> > (unbound)
> > DNS server is started. So there is no need for DNS. Proposal therefor is to
> > run unbound-anchor automatically before starting the unbound daemon (rc_pre
> > in
> > unbound rc-script).
>
>
> This (i.e. connecting out to https://data.iana.org from the system startup
> scripts) should *not* happen by default even if unbound is enabled. There
> would need to be a separate option controlling this.
How about letting /var/unbound/etc/unbound.conf control this behavior?
In the startup script (rc.d-script):
rc_pre() {
if ! egrep "# *auto-trust-anchor-file:" /var/unbound/etc/unbound.conf
>/dev/null; then
sudo -u _unbound /usr/sbin/unbound-anchor
fi
}
The same behavior can be obtained by writing a wrapper. Although these
'solutions' work, they are not elegant. What say thou?
