The first file enables remote control while the second configures the
trust anchor.
You can put your custom configuration file in this directory as well.
Without any include directives though.
So from your first email the contents of that file should only be:
```
server:
# send minimal amount of information to upstream servers to enhance
privacy
qname-minimisation: yes
# the interface that is used to connect to the network (this will
listen to all interfaces)
interface: 0.0.0.0
# interface: ::0
# addresses from the IP range that are allowed to connect to the
resolver
access-control: 192.168.1.0/26 allow
# access-control: 2001:DB8/64 allow
```
And the /etc/unbound/unbound.conf file should be left at the default:
```
include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
```
Best regards,
-- Yorgos
On 01/08/2024 14:13, Alexandre Froissard wrote:
I just check and in the /etc/unbound/unbound.conf.d/ directory, I found
2 files :
afroissard@raspberrypi:/etc/unbound/unbound.conf.d
<http://raspberrypi:/etc/unbound/unbound.conf.d>$ ls -al
total 16
drwxr-xr-x 2 root root 4096 Jul 31 18:30 .
drwxr-xr-x 3 root root 4096 Aug 1 11:25 ..
-rw-r--r-- 1 root root 195 Feb 26 13:47 remote-control.conf
-rw-r--r-- 1 root root 190 Feb 26 13:47 root-auto-trust-anchor-file.conf
afroissard@raspberrypi:/etc/unbound/unbound.conf.d
<http://raspberrypi:/etc/unbound/unbound.conf.d>$
When I cat them here's what's inside :
afroissard@raspberrypi:/etc/unbound/unbound.conf.d
<http://raspberrypi:/etc/unbound/unbound.conf.d>$ cat
root-auto-trust-anchor-file.conf
server:
# The following line will configure unbound to perform cryptographic
# DNSSEC validation using the root trust anchor.
auto-trust-anchor-file: "/var/lib/unbound/root.key"
afroissard@raspberrypi:/etc/unbound/unbound.conf.d
<http://raspberrypi:/etc/unbound/unbound.conf.d>$ cat remote-control.conf
remote-control:
control-enable: yes
# by default the control interface is is 127.0.0.1 and ::1 and port 8953
# it is possible to use a unix socket too
control-interface: /run/unbound.ctl
afroissard@raspberrypi:/etc/unbound/unbound.conf.d
<http://raspberrypi:/etc/unbound/unbound.conf.d>$
Le 1 août 2024 à 12:13, Yorgos Thessalonikefs <yor...@nlnetlabs.nl> a
écrit :
On 01/08/2024 11:48, Alexandre Froissard wrote:
I commented # the auto-trust-anchor-file from my configuration file ans
it works just fine now.
I'm not a Linux specialist.
From what I understand, removing this line will tell Ubuntu to use what
was installed by default, correct ?
I'm trying to make sure removing this line has no consequences on the
security of the system and/or dns service.
Removing this line does not explicitly tell anything to Unbound.
I believe one of the files under /etc/unbound/unbound.conf.d/ specifies
a trust-anchor and that should be the system installed one.
You can verify yourself by looking at the files under
/etc/unbound/unbound.conf.d/.
Best regards,
-- Yorgos
