Maintained by: NLnet Labs

trust-anchor-file, auto-trust-anchor-file, trust-anchor

Robert Edmonds
Fri Feb 24 19:07:20 CET 2017


Edward Lewis via Unbound-users wrote:
> Is the use of trust-anchor-file for the public root zone KSK popular?  Do folks use it much at all (regardless of zone)?  The same for trust-anchor statements, which appear to be in-line of the configuration file.

Hi, Ed:

We ship the Debian package of unbound with an auto-trust-anchor-file
config for the root zone in the default configuration:

http://sources.debian.net/src/unbound/1.6.0-3/debian/unbound.conf.d/root-auto-trust-anchor-file.conf/

I think we've been shipping the root anchor with an
"auto-trust-anchor-file" directive in the default config for around five
years or so.

Debian is the upstream for Ubuntu, which together are pretty popular. If
you also look at the package defaults for Fedora (which is also used as
the upstream for RHEL) you'd probably be covering 80-90% or so of the
Linux distributions by usage.

-- 
Robert Edmonds
edmonds at debian.org