Enable a default for --keyfile at compile time
By default, if no --keyfile is given at runtime, kresd bootstraps the root zone trust anchors from IANA in an unverified way.
In some contexts (e.g. debian), we can pretty much guarantee that there is a local copy of the root zone trust anchors already available in the filesystem (e.g. at /usr/share/dns/root.key
).
At compile time, it ought to be possible to specify a default for --keyfile
, so that if no --keyfile
is given on the command line there is a better local default than bootstrapping from IANA.