Hello,
We have been testing a resolver running Unbound 1.0.2 with DNSSEC
enabled in order to evaluate the server in a production environment.
The Unbound application would routinely stop every few hours when not
under heavy load. We turned up verbosity to level 3 in the config file,
but the only information written to syslog was the following message:
Oct 3 20:10:28 <hostname> unbound: [27453:0] info: service stopped
(unbound 1.0.2).
We enabled DNSSEC and installed 5 trust anchors and many different keys
to test using the trusted-keys format. The server was also configured
in a chroot environment. We did not enable IPv6 on the server.
Here is the configuration we were testing with. Any comments would be
most appreciated:
server:
interface: 0.0.0.0
port: 53
# interface: ::0
directory: "/etc/unbound"
username: unbound
chroot: "/etc/unbound"
pidfile: "/etc/unbound/unbound.pid"
use-syslog: yes
verbosity: 1
access-control: 0.0.0.0/0 allow
# access-control: 10.0.0.0/8 allow
# access-control: 2001:DB8::/64 allow
# trust anchors. In separate files, to be updated from cron.
trust-anchor-file: "/etc/unbound/anchors/br.anchor"
trust-anchor-file: "/etc/unbound/anchors/se.anchor"
trust-anchor-file: "/etc/unbound/anchors/bg.anchor"
trust-anchor-file: "/etc/unbound/anchors/pr.anchor"
trust-anchor-file: "/etc/unbound/anchors/cz.anchor"
# trust keys
trusted-keys-file: "/etc/unbound/keys/ripe.keys"
trusted-keys-file: "/etc/unbound/keys/nic.uk.keys"
trusted-keys-file: "/etc/unbound/keys/dlv.isc.org.keys"
trusted-keys-file: "/etc/unbound/keys/dnssec.comcast.net.keys"
trusted-keys-file: "/etc/unbound/keys/dnsops.keys"