Maintained by: NLnet Labs

[Unbound-users] unbound and it's trust anchors

W.C.A. Wijngaards
Fri Sep 19 08:52:04 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi B, Paul,

> On Thu, 18 Sep 2008, B C wrote:
>> Is there a way to get unbund to re-read it's trust anchors or does this
>> require a restart of unbound? If this doesn't already exist I think it would
>> be a very useful feature to be able to send a signal to unbound and tell it
>> to re-read all it's dnssec keys files.

A reload suffices:
	kill -HUP `cat ...unbound.pid`
or
	unbound-control reload

Paul Wouters wrote:
> That might be more complicated then it sounds? What do you do for records
> that no longer have a trust record which are in cache? Or records that
> might become validated/invalidated due to changes in the trust path?

The cache is cleared.  That prevents your concerns.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjTTBMACgkQkDLqNwOhpPiVWgCeNxxn7w8heCdWiBecwGD52LZU
caEAnRSWVcQE0Ndn6cTe1WIKoO5TiP7u
=mWpG
-----END PGP SIGNATURE-----