I was thinking that the script unbound-control-setup could be called by the postinst script. As unbound-control-setup generates a few certificate files required to use unbound-control it would simplify the setup procedure. That way to make unbound-control work the user would only need to add this to unbound.conf :
remote-control:
control-enable: yes
The file generated by unbound-control-setup have those permissions :
-rw-r----- 1 root unbound 887 Dec 18 17:30 unbound_control.key
-rw-r----- 1 root unbound 627 Dec 18 17:30 unbound_control.pem
-rw-r----- 1 root unbound 887 Dec 18 17:30 unbound_server.key
-rw-r----- 1 root unbound 619 Dec 18 17:30 unbound_server.pem
I was thinking that the script unbound- control- setup could be called by the postinst script. As unbound- control- setup generates a few certificate files required to use unbound-control it would simplify the setup procedure. That way to make unbound-control work the user would only need to add this to unbound.conf :
remote-control:
control-enable: yes
The file generated by unbound- control- setup have those permissions :
-rw-r----- 1 root unbound 887 Dec 18 17:30 unbound_control.key
-rw-r----- 1 root unbound 627 Dec 18 17:30 unbound_control.pem
-rw-r----- 1 root unbound 887 Dec 18 17:30 unbound_server.key
-rw-r----- 1 root unbound 619 Dec 18 17:30 unbound_server.pem