git.openwrt.org Git - feed/packages.git/commit

author	Eric Luehrsen <ericluehrsen@hotmail.com>
	Thu, 2 Mar 2017 05:28:35 +0000 (00:28 -0500)
committer	Eric Luehrsen <ericluehrsen@hotmail.com>
	Thu, 2 Mar 2017 05:55:49 +0000 (00:55 -0500)
commit	8e153c96845dd4763dbb1f49e16bb6c8d79d2f70
tree	16461665722b3c301cc295d43396b6331ddcb84f	tree \| snapshot
parent	ef0c0eeab0812256d459c4b8d331242f92c2dfe8	commit \| diff

unbound: improve maintenance of trust anchor

Unbound UCI tries to protect embedded flash from excess
use. Unbound RFC5011 KSK tracking can rewrite root.key
every few minutes to an hour. It also writes and destroys
files in the same directory during the process.

Recommended UCI delays for copying busy work in /var/
back to /etc/ may be too conservative. These are all
changed from 28 to 9 days.

The RFC5011 KSK results were also destroyed by an
init.d restart, even if /var/ is mounted on persistent
storage like USB drive. /var/lib/unbound/root.key is
now preserved during this process, unless a newer key
is installed in /etc/ manually or package update.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>

net/unbound/Makefile		diff \| blob \| history
net/unbound/files/README.md		diff \| blob \| history
net/unbound/files/rootzone.sh		diff \| blob \| history
net/unbound/files/unbound.sh		diff \| blob \| history
net/unbound/files/unbound.uci		diff \| blob \| history