- # add ipfire config
- mkdir -pv /etc/unbound/blocklists
- mv -v /etc/unbound/unbound.conf /etc/unbound/unbound_org.conf
- install -v -m 644 $(DIR_SRC)/config/unbound/*.conf /etc/unbound/
- install -v -m 644 $(DIR_SRC)/config/unbound/root.hints /etc/unbound/
- install -v -m 644 $(DIR_SRC)/config/unbound/root.key /etc/unbound/
+
+ # Install configuration
+ install -v -m 644 $(DIR_SRC)/config/unbound/unbound.conf \
+ /etc/unbound/unbound.conf
+ touch /etc/unbound/{dhcp-leases,forward}.conf
+ -mkdir -pv /etc/unbound/local.d
+
+ # Install root hints
+ install -v -m 644 $(DIR_SRC)/config/unbound/root.hints \
+ /etc/unbound/root.hints
+
+ # Install DHCP leases bridge
+ install -v -m 755 $(DIR_SRC)/config/unbound/unbound-dhcp-leases-bridge \
+ /usr/sbin/unbound-dhcp-leases-bridge
+
+ # Install key
+ -mkdir -pv /var/lib/unbound
+ install -v -m 644 $(DIR_SRC)/config/unbound/root.key \
+ /var/lib/unbound/root.key
+ chown -Rv nobody.nobody /var/lib/unbound
+
+ # Ship ICANN's certificates to validate DNS trust anchors
+ install -v -m 644 $(DIR_SRC)/config/unbound/icannbundle.pem \
+ /etc/unbound/icannbundle.pem
+