This script is a criminal. I'm sorry.
/usr/local/etc/rc.d/unbound
start_precmd()
{
echo -n "Obtaining a trust anchor:"
if [ "${unbound_anchorflags}T" = "T" ]; then
su -m unbound -c /usr/local/sbin/unbound-anchor
else
su -m unbound -c "/usr/l
On Thu, 3 Aug 2017 16:04:56 +0200
"W.C.A. Wijngaards via Unbound-users" wrote:
> Hi T.Suzuki,
>
> I don't know why it is querying for the root DNSKEY for you. It should
> not do that, unless a client asked for it.
There is no client at startup.
> Do you have verbosity 5 debug logs? Perhaps t
Hi T.Suzuki,
I don't know why it is querying for the root DNSKEY for you. It should
not do that, unless a client asked for it.
Do you have verbosity 5 debug logs? Perhaps this config file is not the
actual config file used by your resolver?
Best regards, Wouter
On 03/08/17 14:14, T.Suzuki via
On Thu, 3 Aug 2017 09:08:52 +0200
"W.C.A. Wijngaards via Unbound-users" wrote:
> Hi T.Suzuki,
>
> Do you have prefetch-key enabled still? It causes the DNSKEY to be
> prefetched. If so, that would just be extra data in the cache, and not
> hamper KSK rollovers.
I do not enable any key configu
Hi T.Suzuki,
Do you have prefetch-key enabled still? It causes the DNSKEY to be
prefetched. If so, that would just be extra data in the cache, and not
hamper KSK rollovers.
Otherwise, unbound shouldn't be fetching the DNSKEY itself then, but
downstream clients could still be asking for it.
Bes
I found a packet requesting dnskey record at priming,in spite of removing
"validator" from my config.
What is the purpose of this function?
I think this function may cause trouble with KSK rollover.
--
--
T.Suzuki