Maintained by: NLnet Labs

[Unbound-users] About trust-anchor-files

JB
Tue Feb 17 14:50:55 CET 2009


Hello,

In my unbound.conf I have:

        ...
        trust-anchor-file: "/usr/local/etc/unbound/ancoras/br.anchor"
        trust-anchor-file: 
"/usr/local/etc/unbound/ancoras/dlv.isc.org.anchor"
        ...

But I saw in Chris Griffiths message:

        ...
        trust-anchor-file: "/etc/unbound/anchors/br.anchor"
        trust-anchor-file: "/etc/unbound/anchors/se.anchor"
        trust-anchor-file: "/etc/unbound/anchors/bg.anchor"
        trust-anchor-file: "/etc/unbound/anchors/pr.anchor"
        trust-anchor-file: "/etc/unbound/anchors/cz.anchor"
        ...

My question is about how many trusted keys for validation must I use? And, 
if I manage about 200 domains, must I take care about them in my recursive 
servers, including its trusted keys? Are there security additional advantage 
to take care in anchor .br, .se, .bg and so on?

Thank you,

JB