[Unbound-users] DNSSec validation

[Robert Edmonds]

Ondrej Mikle wrote:
> - Some distros like Fedora, RHEL and clones distribute unbound with root
> anchors, some like Debian/Ubuntu don't. But I generally wouldn't count on the
> key being present on a typical user's machine.

it's true that we (debian) don't distribute a root anchor _file_
embedded in the unbound package, but we invoke unbound-anchor in the
postinst script, so a typical/successful install will have the root TA
present in /var/lib/unbound/root.key.

-- 
Robert Edmonds
edmonds at debian.org