Hi, I'm looking to run unbound acting as a dnscrypt server. My intention is to generate a new key and certificate say every 12 or 24 hours in order to maintain forward secrecy.
If I configure: dnscrypt-secret-key: 1.key dnscrypt-secret-key: 2.key dnscrypt-provider-cert: 1.cert dnscrypt-provider-cert: 2.cert I get 2 key/cert pairs, but when the times comes to generate a new one (be it again 1.key or even 3.key) how can I make unbound use the new one? I tried: unbound-control set_option dnscrypt-secret-key: 3.key unbound-control set_option dnscrypt-provider-cert: 3.cert But that doesn't seem to look for the files and advertise them. unbound-control flush is not so good either. It seems to reread the key/cert files, but it flushes the cache. Unless I'm missing something we may be missing a feature. If we are I'm ok to try to write something. I've done some unbound coding before. Thanks, Maciej
