aboutsummaryrefslogtreecommitdiffstats
path: root/main/unbound/conf.patch
blob: f7ad7515dcb14fb46c0ef2275732f126fbd5644e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -308,12 +308,9 @@
 	# timetoresolve, fromcache and responsesize.
 	# log-replies: no
 
-	# the pid file. Can be an absolute path outside of chroot/work dir.
-	# pidfile: "@UNBOUND_PIDFILE@"
-
 	# file to read root hints from.
 	# get one from https://www.internic.net/domain/named.cache
-	# root-hints: ""
+	root-hints: /usr/share/dns-root-hints/named.root
 
 	# enable to not answer id.server and hostname.bind queries.
 	# hide-identity: no
@@ -450,7 +447,7 @@
 	# you start unbound (i.e. in the system boot scripts).  And enable:
 	# Please note usage of unbound-anchor root anchor is at your own risk
 	# and under the terms of our LICENSE (see that file in the source).
-	# auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+	# auto-trust-anchor-file: ""
 
 	# trust anchor signaling sends a RFC8145 key tag query after priming.
 	# trust-anchor-signaling: yes
@@ -464,7 +461,7 @@
 	# with several entries, one file per entry.
 	# Zone file format, with DS and DNSKEY entries.
 	# Note this gets out of date, use auto-trust-anchor-file please.
-	# trust-anchor-file: ""
+	trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
 
 	# Trusted key for validation. DS or DNSKEY. specify the RR on a
 	# single line, surrounded by "". TTL is ignored. class is IN default.