On Tue, 31 Dec 2013, Chris Smith wrote:
> From: Chris Smith
> To: Dennis Davis
> Cc: OpenBSD-Misc
> Date: Tue, 31 Dec 2013 19:53:03
> Subject: Re: unbound dnssec revisited
>
> On Tue, Dec 31, 2013 at 2:40 PM, Dennis Davis
> wrote:
> > It's a while since I l
On Tue, Dec 31, 2013 at 2:40 PM, Dennis Davis
wrote:
> It's a while since I looked at this, so the exact details are hazy,
> but is all this necessary?
> Doesn't seem to me that you need to run unbound-anchor as a part of
> /etc/rc.d/unbound. You just need to run it once as part of setting
> up
On Mon, 30 Dec 2013, Chris Smith wrote:
> From: Chris Smith
> To: OpenBSD-Misc
> Date: Mon, 30 Dec 2013 17:10:10
> Subject: unbound dnssec revisited
>
> I've been working on using dnssec with the unbound package and viewing
> some of the threads here on the list re
Thinking about this further, where would root.key be put if unbound
were not running in a chroot? Probably /var/unbound, and since we
already have a /var/unbound/var then the root.key file (and any others
that the _unbound user may need access to could (and maybe should) go
into /var/unbound/var/un
On Mon, Dec 30, 2013 at 6:10 PM, Remi Locherer wrote:
> Having the root.key in a separate directory works.
Yes, it works. But "/var/unbound/etc" was the choice during configure
which means a little more work:
The autotrust path line in unbound.conf needs to be edited with the
new root.key path.
T
On Mon, Dec 30, 2013 at 3:22 PM, Ted Unangst wrote:
> More simply, can that file be moved to another location? Then we can
> enable write permissions to /var/unbound/etc/autotrust/files/... or
> something, without giving away the keys to the whole kingdom.
Actually that was close to my first solu
On Mon, Dec 30, 2013 at 03:22:34PM -0500, Ted Unangst wrote:
> On Mon, Dec 30, 2013 at 12:10, Chris Smith wrote:
> > I've been working on using dnssec with the unbound package and viewing
> > some of the threads here on the list regarding this.
> >
> > Enabling autotrust and the validator module i
On Mon, Dec 30, 2013 at 12:10, Chris Smith wrote:
> I've been working on using dnssec with the unbound package and viewing
> some of the threads here on the list regarding this.
>
> Enabling autotrust and the validator module in unbound.conf and
> running unbound-anchor before starting unbound wil
On Mon, Dec 30, 2013 at 12:10 PM, Chris Smith wrote:
> And to strongly reiterate that it would be supper to have this product
> in base
Er.. that it would be SUPER to have this product in base
I've been working on using dnssec with the unbound package and viewing
some of the threads here on the list regarding this.
Enabling autotrust and the validator module in unbound.conf and
running unbound-anchor before starting unbound will enable dnssec but
eventually will log errors of:
could no
10 matches
Mail list logo
