Re : Re: Re : Re: Re : Re: unbound.conf issue

[Alexandre Froissard via Unbound-users]

I just check and in the /etc/unbound/unbound.conf.d/ directory, I found 2 files : afroissard@ 
raspberrypi:/etc/unbound/unbound.conf.d $ ls -al total 16 drwxr-xr-x 2 root root 4096 Jul 31 
18:30 . drwxr-xr-x 3 root root 4096 Aug 1 11:25 .. -rw-r--r-- 1 root root 195 Feb 26 13:47 
remote-control.conf -rw-r--r-- 1 root root 190 Feb 26 13:47 root-auto-trust-anchor-file.conf 
afroissard@ raspberrypi:/etc/unbound/unbound.conf.d $ When I cat them here's what's inside : 
afroissard@ raspberrypi:/etc/unbound/unbound.conf.d $ cat root-auto-trust-anchor-file.conf 
server: # The following line will configure unbound to perform cryptographic # DNSSEC 
validation using the root trust anchor. auto-trust-anchor-file: 
"/var/lib/unbound/root.key" afroissard@ raspberrypi:/etc/unbound/unbound.conf.d $ cat 
remote-control.conf remote-control: control-enable: yes # by default the control interface is 
is 127.0.0.1 and ::1 and port 8953 # it is possible to use a unix socket too control-interface: 
/run/unbound.ctl afroissard@ raspberrypi:/etc/unbound/unbound.conf.d $ Le 1 août 2024 à 12:13, 
Yorgos Thessalonikefs <yor...@nlnetlabs.nl> a écrit : On 01/08/2024 11:48, Alexandre 
Froissard wrote: I commented # the auto-trust-anchor-file from my configuration file ans it 
works just fine now. I'm not a Linux specialist. From what I understand, removing this line 
will tell Ubuntu to use what was installed by default, correct ? I'm trying to make sure 
removing this line has no consequences on the security of the system and/or dns service. 
Removing this line does not explicitly tell anything to Unbound. I believe one of the files 
under /etc/unbound/unbound.conf.d/ specifies a trust-anchor and that should be the system 
installed one. You can verify yourself by looking at the files under 
/etc/unbound/unbound.conf.d/. Best regards, -- Yorgos