Project

General

Profile

Actions

Bug #12985

closed

DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access

Added by Danilo Zrenjanin over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
DNS Resolver
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:

Description

The unbound-anchor starts after every unbound service (re)start, which causes delays if there is no active Internet connection.

There is no need for unbound-anchor to update /var/unbound/root.key if DNSsec is disabled.

Actions

Also available in: Atom PDF