aboutsummaryrefslogtreecommitdiff
path: root/network/unbound/doinst.sh
diff options
context:
space:
mode:
Diffstat (limited to 'network/unbound/doinst.sh')
-rw-r--r--network/unbound/doinst.sh15
1 files changed, 15 insertions, 0 deletions
diff --git a/network/unbound/doinst.sh b/network/unbound/doinst.sh
index 9e3a986fd9..a1aece44fe 100644
--- a/network/unbound/doinst.sh
+++ b/network/unbound/doinst.sh
@@ -35,3 +35,18 @@ if [ -r /etc/logrotate.d/unbound ] && [ $(stat -c "%U:%G" "/etc/logrotate.d/unbo
echo "To fix it, simply run:"
echo "# chown root:root /etc/logrotate.d/unbound"
fi
+
+echo "----------------------------"
+echo "As of Unbound SlackBuild 1.18.0-2 DNSSEC is enabled by default."
+echo
+echo "You have two options:"
+echo
+echo "1) Run the following command to setup the root trust anchor (RECOMMENDED!)"
+echo "# sudo -u unbound unbound-anchor -f /etc/resolv.conf -R -a /var/lib/unbound/root.key"
+echo
+echo "2) Disable DNSSEC and unbound-anchor functionality."
+echo "Edit /etc/unbound/unbound.conf, and erase or comment the following line:"
+echo 'auto-trust-anchor-file: "/var/lib/unbound/root.key"'
+echo
+echo "This is a suitable option if you plan to use Unbound simply as a forwarding resolver."
+echo "----------------------------"
generated by cgit v1.2.3 (git 2.26.2) at 2025-08-13 14:14:42 +0000