Juergen Daubert
a7d159b9ac
See the README, default location of the auto-trust-anchor-file has been changed because of bug #443 [1]. [1] https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=443
27 lines
832 B
Plaintext
27 lines
832 B
Plaintext
README for unbound 1.*
|
|
|
|
REQUIREMENTS
|
|
|
|
PRE/POST-INSTALL
|
|
|
|
1. Create a user/group unbound with a unused id < 99 or run the
|
|
provided pre-install script:
|
|
|
|
'groupadd -g 41 unbound'
|
|
'useradd -u 41 -g unbound -d /etc/unbound -s /bin/false unbound'
|
|
'passwd -l unbound'
|
|
|
|
PRECAUTION
|
|
|
|
To enable DNSSEC validation all you have to do is to enable the
|
|
"auto-trust-anchor-file" option in /etc/unbound/unbound.conf.
|
|
Unbound runs as default within a chroot located at /etc/unbound,
|
|
therefor the anchor-file has to reside somewhere below the chroot
|
|
directory. The default is /etc/unbound/anchor/root.key.
|
|
|
|
The effective user unbound is running as (default: unbound) needs
|
|
write access to /etc/unbound/anchor to update the trust anchor for
|
|
DNSSEC validation. Adjust the owner of that directory if you run
|
|
unbound as a different user.
|
|
|