On 2014/03/21 09:30, Chris Smith wrote: > On Wed, Mar 19, 2014 at 7:44 PM, Chris Smith <obsd_m...@chrissmith.org> wrote: > > See the thread "unbound dnssec revisited" I started on 12/30/2013 for > > some hints. Looks like creating a new directory with the proper > > permissions is the best way to go. > > Now fixed in -current with a /var/unbound/db directory. Thanks Stuart! > > Chris
Kind-of; things will work properly if the validator is enabled now, and it's less bad than having /var/unbound/etc writable, but would really prefer to not have anything at all in the chroot be writable by the unprivileged _unbound user. Privilege separation would be desirable for this.
