README for unbound 1.*
REQUIREMENTS
PRE/POST-INSTALL
1. Create a user/group unbound with a unused id < 99 or run the
provided pre-install script:
'groupadd -r unbound'
'useradd -r -g unbound -d /etc/unbound -s /bin/false unbound'
'passwd -l unbound'
PRECAUTION
To enable DNSSEC validation all you have to do is to enable the
"auto-trust-anchor-file" option in /etc/unbound/unbound.conf.
Unbound runs as default within a chroot located at /etc/unbound,
therefor the anchor-file has to reside somewhere below the chroot
directory. The default is /etc/unbound/anchor/root.key.
The effective user unbound is running as (default: unbound) needs
write access to /etc/unbound/anchor to update the trust anchor for
DNSSEC validation. Adjust the owner of that directory if you run
unbound as a different user.
