Hi Ed - I currently maintain the Unbound package for LEDE / OpenWrt. On LEDE 17.01 we have Unbound configured to not only use RFC5011, but we have some scripting to keep it from cooking through flash. Unbound is rather busy maintaining the key, so we let it spin its wheels on tmpfs (mounted /var/). We then copy back to flash on longer intervals. The user feedback I get is that DNSSEC and home-owned recursion is an important feature for them. From the tone of some feed back, I could imply some take issue with their ISP practices in DNS.
- Eric
