Unbound custom zone files

[derhelge]

Hello everyone,

In the documentation [1], I read about how custom configurations for unbound can be stored. But how can entire zone files be included in the chroot environment?

Background: I want to do DNS RPZ zone transfer with a shared secret. Since Unbound apparently cannot do this on its own, a workaround via dig [2] is necessary:

Code: [Select]

shell:
dig -y "hmac-sha512:rpz.nlnetlabs.nl.:<key>" @nlnetlabs.nl rpz.nlnetlabs.nl AXFR > rpz.nlnetlabs.nl

A config extension should include the following points:

Code: [Select]

server:
module-config: "respip validator iterator"
rpz:
name: rpz.nlnetlabs.nl
zonefile: rpz.nlnetlabs.nl

But how do I get the zone files copied to /var/unbound?

Many thanks,
Helge

[1] https://docs.opnsense.org/manual/unbound.html#advanced-configurations
[2] https://github.com/NLnetLabs/unbound/issues/336