Hi Gerben,
Best wishes for 20223 to you too!
If you don't specify a root hints file, Unbound will use the builtin
defaults. These are kept up-to-date with each version.
The root key file usually contains the DS/DNSKEY record of the root
trust anchor and is used for DNSSEC validation.
This file is best generated with the unbound-anchor utility.
If you use it with the 'auto-trust-anchor:' configuration option,
Unbound will perform RFC5011 behavior and keep that file up-to-date
automatically.
Best regards,
-- Yorgos
On 03/01/2023 23:52, Gerben Wierda via Unbound-users wrote:
A good 2023 to all of you.
I'm in the process of migrating to a new server (also OS family change,
arch change (lot of docker now)) and I was copying/adapting my nsd and
unbound configs.
I copied my root.hints file over but that one is now about 3-4 years
old. So, I was wondering, given that I keep the software version
reasonably up-to-date, isn't it not simply enough to use the builtin
root.hints? Or is it really useful to set up a regular download and
installation of root.hints?
And what is the use of root.key?
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture
<https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
