# the log file, "" means log to stderr.
# Use of this option sets use-syslog to "no".
- logfile: ""
+ # logfile: ""
# Log to syslog(3) if yes. The log facility LOG_DAEMON is used to
# log to, with identity "unbound". If yes, it overrides the logfile.
- # use-syslog: yes
+ use-syslog: yes
# print UTC timestamp in ascii to logfile, default is epoch in seconds.
# log-time-ascii: no
# file to read root hints from.
# get one from ftp://FTP.INTERNIC.NET/domain/named.cache
- # root-hints: ""
-
- # File with DLV trusted keys. Same format as trust-anchor-file.
- # There can be only one DLV configured, it is trusted from root down.
- # Download http://ftp.isc.org/www/dlv/dlv.isc.org.key
- dlv-anchor-file: "dlv.isc.org.key"
-
- # File with trusted keys for validation. Specify more than one file
- # with several entries, one file per entry.
- # Zone file format, with DS and DNSKEY entries.
- # trust-anchor-file: ""
- trust-anchor-file: "anchors.mf"
-
- # File with trusted keys, kept uptodate using RFC5011 probes,
- # initial file like trust-anchor-file, then it stores metadata.
- # Use several entries, one per domain name, to track multiple zones.
- # auto-trust-anchor-file: ""
+ root-hints: "named.cache"
+
+
+ # Root zone trust anchor key
+ # Will be autoupdated by unbound in case of key change
+ auto-trust-anchor-file: "root.autokey"
+
+ # If you want to also do DLV validation (RFC5074),
+ # download http://ftp.isc.org/www/dlv/dlv.isc.org.key
+ # and uncomment following line:
+ #dlv-anchor-file: "dlv.isc.org.key"
+
+ # You can also do ITAR validation (https://itar.iana.org)
+ # To download and update anchors.mf file, use update-itar.sh
+ # from page http://www.unbound.net/documentation/howto_itar.html
+ #trust-anchor-file: "anchors.mf"
# If you want to forward requests to another recursive DNS server
projects / openwrt / svn-archive / archive.git / blobdiff