Hello,
I am writing a howto for linux-journal on using unbound as a caching dnssec validating server. I am wondering if the following would be recommended:
** I want to control the server via a remote control-client.
To do so I have generated keys on the server by doing
unbound-control-setup
On the remote client I install unbound so I have the client. After that I copy the keys|pems to the client:
sudo scp root@192.168.0.110:/var/lib/docker/volumes/unbound_unbound_conf/_data/unbound_control.key ~/keys/
sudo scp root@192.168.0.110:/var/lib/docker/volumes/unbound_unbound_conf/_data/unbound_server.pem ~/keys/
However, this means I copy 4 keys (actually 2 pemfiles and 2 keys)
server-key-file: “/opt/unbound/etc/unbound/unbound_server.key”
server-cert-file: “/opt/unbound/etc/unbound/unbound_server.pem”
control-key-file: “/opt/unbound/etc/unbound/unbound_control.key”
control-cert-file: “/opt/unbound/etc/unbound/unbound_control.pem”
Is this correct>? Because the client wouldn’t work if it did’t have all 4 files.
After this the client works fine, but I was wondering if this a recommended way to go about. Couldn’t find docs about a remote control client.
sudo unbound-control -c ~/keys/unbound.conf -s 192.168.0.110@953 stats_noreset | egrep time
thread0.recursion.time.avg=0.282076
thread0.recursion.time.median=0
thread1.recursion.time.avg=0.092444
thread1.recursion.time.median=0
total.recursion.time.avg=0.218865
total.recursion.time.median=0
time.now=1547242327.282419
time.up=84725.735959
time.elapsed=84725.735959
thanx