- Fix #1244: document that use of chroot requires trust anchor file to

  be under chroot.

git-svn-id: file:///svn/unbound/trunk@4087 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index d1e4a81f1ef4e9ebcd95e9fc35654afe827f2d5c..f9cc66a57c6b30df3f54c545618b1337ebcfcfb1 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+4 April 2017: Wouter
+       - Fix #1244: document that use of chroot requires trust anchor file to
+         be under chroot.
+
 3 April 2017: Ralph
        - Do not add current time twice to TTL before ECS cache store.
        - Do not touch rrset cache after ECS cache message generation.

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index e937b824b9cb62e40c0eb70028b4a398c7179768..7054a7ac763011865e2dc24511990e7abc7235ea 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -785,7 +785,8 @@ frequently.  The initial file can be one with contents as described in
 \fBtrust\-anchor\-file\fR.  The file is written to when the anchor is updated,
 so the unbound user must have write permission.  Write permission to the file,
 but also to the directory it is in (to create a temporary file, which is
-necessary to deal with filesystem full events).
+necessary to deal with filesystem full events), it must also be inside the
+chroot (if that is used).
 .TP
 .B trust\-anchor: \fI<"Resource Record">
 A DS or DNSKEY RR for a key to use for validation. Multiple entries can be