trust-anchor-file, auto-trust-anchor-file, trust-anchor

Eric Luehrsen ericluehrsen at
Fri Mar 3 05:19:36 CET 2017

Hi Ed -

I currently maintain the Unbound package for LEDE / OpenWrt. On LEDE 
17.01 we have Unbound configured to not only use RFC5011, but we have 
some scripting to keep it from cooking through flash. Unbound is rather 
busy maintaining the key, so we let it spin its wheels on tmpfs (mounted 
/var/). We then copy back to flash on longer intervals. The user 
feedback I get is that DNSSEC and home-owned recursion is an important 
feature for them. From the tone of some feed back, I could imply some 
take issue with their ISP practices in DNS.

- Eric

More information about the Unbound-users mailing list