On Wed, Oct 3, 2012 at 2:35 PM, W.C.A. Wijngaards <[email protected]> wrote:
>> Is there some portable way to obtain a DNSSEC trust anchor in a >> system? It seems that unlike the other functions which set a >> default > portable? I cannot help you with this, perhaps authors of those > systems can provide you with their answers. I think this shouldn't be left on the unbound application developer. Similarly to ub_ctx_hosts() and ub_ctx_resolvconf() there should be an option to try some sensible defaults. E.g. try to find the unbound root.key file, then try the bind one, and so on. Then patches for the various unsupported systems will come to unbound from developers working with them. Otherwise this discovery phase will be duplicated on every project using unbound, and possibly with varying success. > The unbound-anchor tool has a default and can be used to also keep > this key up to date. It is meant to be used by the operating system > (e.g. run at startup time), but you could also run it to get a key for > your program. I develop a dane library to be used with gnutls and I cannot really run external applications. I'll try to do the root.key discovery, and if not found I'll return an error to the library user. regards, Nikos _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
