I have been unable to find a fix or good solution for this. Since it is bad for the unbound daemon to have privileges to write to the root.key file, can we not make unbound not try to write to it at all and have a cronjob that runs to update it every so often to make sure it is the correct key? It is not a big deal since it just writes a line in the /var/log/daemon log every so often. I was just wondering if we could turn that option to write to root.key in unbound off and then do it with a script that would then change the owner and permissions of the file to read only and owned by unbound.
Again I couldn't find anything on this to stop the error in the /var/log/daemon log that didn't give the daemon writeable access to a file it doesn't need to really have writable access to. Kevin Gerrard
