On Mon, Dec 30, 2013 at 6:10 PM, Remi Locherer <[email protected]> wrote: > Having the root.key in a separate directory works.
Yes, it works. But "/var/unbound/etc" was the choice during configure which means a little more work: The autotrust path line in unbound.conf needs to be edited with the new root.key path. The new autotrust path must be specified when running unbound-anchor (or the compiled in default will be used). The new autotrust directory must be created with proper permissions. It's not a big deal, and it would maybe add a line or two to the proposed function addition to the rc file, but it would be better to just adjust the configure options when building the package if it's so dangerous to provide the daemon write access to its own configuration directory. I figured if the package creator compiled in those defaults they should be used instead of my original workaround (adding the directory, etc.). Chris
