unbound auto-trust the root.key file

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

unbound auto-trust the root.key file

Kevin Gerrard
I have been unable to find a fix or good solution for this. Since it is bad
for the unbound daemon to have privileges to write to the root.key file, can
we not make unbound not try to write to it at all and have a cronjob that
runs to update it every so often to make sure it is the correct key? It is
not a big deal since it just writes a line in the /var/log/daemon log every
so often. I was just wondering if we could turn that option to write to
root.key in unbound off and then do it with a script that would then change
the owner and permissions of the file to read only and owned by unbound.

 

Again I couldn't find anything on this to stop the error in the
/var/log/daemon log that didn't give the daemon writeable access to a file
it doesn't need to really have writable access to.

 

Kevin Gerrard

Reply | Threaded
Open this post in threaded view
|

Re: unbound auto-trust the root.key file

Quentin Rameau
Hi Kevin,

> can we not make unbound not try to write to it at all

it seems that you are using auto-trust-anchor-file, but what you
search for is trust-anchor-file.

> and have a cronjob that runs to update it every so often to make sure it is the correct key?

Then you can use unbound-anchor to update it.