[Unbound-users] About trust-anchor-files

JB juliaobraga at gmail.com
Tue Feb 17 13:50:55 UTC 2009


Hello,

In my unbound.conf I have:

        ...
        trust-anchor-file: "/usr/local/etc/unbound/ancoras/br.anchor"
        trust-anchor-file: 
"/usr/local/etc/unbound/ancoras/dlv.isc.org.anchor"
        ...

But I saw in Chris Griffiths message:

        ...
        trust-anchor-file: "/etc/unbound/anchors/br.anchor"
        trust-anchor-file: "/etc/unbound/anchors/se.anchor"
        trust-anchor-file: "/etc/unbound/anchors/bg.anchor"
        trust-anchor-file: "/etc/unbound/anchors/pr.anchor"
        trust-anchor-file: "/etc/unbound/anchors/cz.anchor"
        ...

My question is about how many trusted keys for validation must I use? And, 
if I manage about 200 domains, must I take care about them in my recursive 
servers, including its trusted keys? Are there security additional advantage 
to take care in anchor .br, .se, .bg and so on?

Thank you,

JB




More information about the Unbound-users mailing list