Is there a way to get unbund to re-read it’s trust anchors or does this require a restart of unbound? If this doesn’t already exist I think it would be a very useful feature to be able to send a signal to unbound and tell it to re-read all it’s dnssec keys files.
Brett
That might be more complicated then it sounds? What do you do for records
that no longer have a trust record which are in cache? Or records that
might become validated/invalidated due to changes in the trust path?
Paul
Hi B, Paul,
Is there a way to get unbund to re-read it's trust anchors or does this
require a restart of unbound? If this doesn't already exist I think it would
be a very useful feature to be able to send a signal to unbound and tell it
to re-read all it's dnssec keys files.
A reload suffices:
kill -HUP `cat ...unbound.pid`
or
unbound-control reload
Paul Wouters wrote:
That might be more complicated then it sounds? What do you do for records
that no longer have a trust record which are in cache? Or records that
might become validated/invalidated due to changes in the trust path?
The cache is cleared. That prevents your concerns.
Best regards,
Wouter
a message of 16 lines which said:
That might be more complicated then it sounds? What do you do for
records that no longer have a trust record which are in cache? Or
records that might become validated/invalidated due to changes in
the trust path?
That's indeed a problem with BIND. Reloading it gives strange results
when the trust anchors (or DLV configuration) were
modified. Restarting cures the problem.