Question about Unbound + Pi-Hole via Optimized Software

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
mail2rst
Posts: 138
Joined: Fri Apr 13, 2018 4:53 pm

Re: Question about Unbound + Pi-Hole via Optimized Software

Post by mail2rst »

In dietpi configured unbound.conf, we are using root.hints file but not root.key file.
is root.key added some sort of security in our installation & processing process? in unbound documentation it is written something about root.key which updated many times in a day. i do not figure out yet what is the functioning of that process. is it any disadvantage to us not using that thing in standard dietpi installation.
User avatar
Joulinar
Posts: 5666
Joined: Sat Nov 16, 2019 12:49 am

Re: Question about Unbound + Pi-Hole via Optimized Software

Post by Joulinar »

not sure what you mean but on my system root.key is located at /var/lib/unbound

Code: Select all

root@DietPiProd:~# ls -la /var/lib/unbound
total 16
drwxr-xr-x  2 unbound unbound 4096 May  3 14:52 .
drwxr-xr-x 25 root    root    4096 Apr 17 12:13 ..
-rw-r--r--  1 root    root    3313 May  1 01:52 root.hints
-rw-r--r--  1 unbound unbound  758 May  3 14:52 root.key
root@DietPiProd:~#
configuration is done with /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf

Code: Select all

root@DietPiProd:~# cat /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
server:
    # The following line will configure unbound to perform cryptographic
    # DNSSEC validation using the root trust anchor.
    auto-trust-anchor-file: "/var/lib/unbound/root.key"
root@DietPiProd:~#
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
mail2rst
Posts: 138
Joined: Fri Apr 13, 2018 4:53 pm

Re: Question about Unbound + Pi-Hole via Optimized Software

Post by mail2rst »

thanks for information.
Post Reply