Is it necessary to restart Unbound every six month to refresh root.key? #47
Comments
|
Gatsby, good question. You're understanding is correct that the unbound.sh script that runs at container creation executes I have not explicitly tested this to confirm that it updates itself if the container isn't re-initialized for a long-time. However, my understanding of the Unbound docs is that "Unbound uses RFC5011 updates to keep the anchor updated if it is changed while the computer is in operation, but the unbound-anchor tool is used if it is changed while the computer is not in operation." This other doc may also be helpful: https://unbound.docs.nlnetlabs.nl/en/latest/getting-started/configuration.html Does this help? |
|
@MatthewVance I was confused I am trying to use unbound DNS as a recursive DNS, not forwarding DNS. I am wondering if there is a way not to stop the running unbound and reload the updated config or root.hints. Thank you |
|
@MatthewVance BTW, do you happen know why this repo's Dockerfile can't be used to build a image for amd64? When I compared the two dockerfiles, I don't see much difference. ( maybe I can't see the difference due to the lack of knowledge ) |
Hello,
First, I really appreciate to your work.
I believes your works have helped lots of people.
The question I'd like to ask you is if it's required or necessary to restart Unbound to refresh the root.key.
I read from somewhere that says the root.key should be updated. ( mostly by package manager )
If I understood the
unbound.shin this repo, theunbound.shupdates theroot.keywhen the container is initialized first time.So, I am wondering if I have to ( or need to ) setup an crontab schedule that stop ( and remove ) Unbound container by schedule.
Thank you
Gatsby
The text was updated successfully, but these errors were encountered: