Do I need the unbound anchor service?

Ask Fedora
1

systemd-analyze blame is showing the following:

21.867s unbound-anchor.service                                                                   
 9.735s dnf-makecache.service                                                                    
 9.165s NetworkManager-wait-online.service                                                       
 7.900s plymouth-quit-wait.service                                                               
 4.478s logrotate.service                                                                        
 2.685s firewalld.service                                                                        
 2.287s udisks2.service                                                                          
 2.259s akmods.service                                                                           
 2.002s systemd-udev-settle.service                                                              
 2.001s dkms.service                                                                             
 1.479s cups.service                                                                             
 1.164s sysstat-summary.service                                                                  
 1.048s lvm2-monitor.service                                                                     
 1.004s systemd-random-seed.service                                                              
  953ms systemd-logind.service                                                                   
  899ms accounts-daemon.service                                                                  
  803ms sssd.service                                                                             
  724ms dracut-initqueue.service                                                                 
  610ms avahi-daemon.service                                                                     
  562ms initrd-switch-root.service                                                               
  509ms rtkit-daemon.service

I am just wondering what the unbound anchor service is used for? I have three machines running fedora 31 and only 1 is showing this as slow service.

2 
systemctl status unbound-anchor

● unbound-anchor.service - update of the root trust anchor for DNSSEC validation in unbound
   Loaded: loaded (/usr/lib/systemd/system/unbound-anchor.service; static; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:unbound-anchor(8)

man 8 unbound-anchor

Good Luck!

1 Like
3

I’m running Fedora 33 and I asked myself the same question.

Perhaps unbound-anchor.service is run before internet connection is estabilished? Should it be run after NetworkManager-wait-online.service?

journalctl -u unbound-anchor.service shows the time needed to start it for each reboot.
I see in my logs that sometimes it’s very quick (less than 1 second) and sometimes it takes about 18 seconds:

-- Reboot --
nov 06 00:00:29 localhost.localdomain systemd[1]: Starting update of the root trust anchor for DNSSEC validation in unbound...
nov 06 00:00:29 localhost.localdomain systemd[1]: unbound-anchor.service: Succeeded.
nov 06 00:00:29 localhost.localdomain systemd[1]: Finished update of the root trust anchor for DNSSEC validation in unbound.
-- Reboot --
nov 07 00:01:02 localhost.localdomain systemd[1]: Starting update of the root trust anchor for DNSSEC validation in unbound...
nov 07 00:01:02 localhost.localdomain systemd[1]: unbound-anchor.service: Succeeded.
nov 07 00:01:02 localhost.localdomain systemd[1]: Finished update of the root trust anchor for DNSSEC validation in unbound.
-- Reboot --
nov 08 19:04:58 localhost.localdomain systemd[1]: Starting update of the root trust anchor for DNSSEC validation in unbound...
nov 08 19:05:16 localhost.localdomain systemd[1]: unbound-anchor.service: Succeeded.
nov 08 19:05:16 localhost.localdomain systemd[1]: Finished update of the root trust anchor for DNSSEC validation in unbound.
-- Reboot --
nov 10 23:24:46 localhost.localdomain systemd[1]: Starting update of the root trust anchor for DNSSEC validation in unbound...
nov 10 23:25:04 localhost.localdomain systemd[1]: unbound-anchor.service: Succeeded.
nov 10 23:25:04 localhost.localdomain systemd[1]: Finished update of the root trust anchor for DNSSEC validation in unbound.
-- Reboot --
nov 11 00:00:28 localhost.localdomain systemd[1]: Starting update of the root trust anchor for DNSSEC validation in unbound...
nov 11 00:00:28 localhost.localdomain systemd[1]: unbound-anchor.service: Succeeded.
nov 11 00:00:28 localhost.localdomain systemd[1]: Finished update of the root trust anchor for DNSSEC validation in unbound.
-- Reboot --
nov 12 18:33:52 localhost.localdomain systemd[1]: Starting update of the root trust anchor for DNSSEC validation in unbound...
nov 12 18:34:13 localhost.localdomain systemd[1]: unbound-anchor.service: Succeeded.
nov 12 18:34:13 localhost.localdomain systemd[1]: Finished update of the root trust anchor for DNSSEC validation in unbound.
-- Reboot --
nov 13 16:40:10 localhost.localdomain systemd[1]: Starting update of the root trust anchor for DNSSEC validation in unbound...
nov 13 16:40:28 localhost.localdomain systemd[1]: unbound-anchor.service: Succeeded.
nov 13 16:40:28 localhost.localdomain systemd[1]: Finished update of the root trust anchor for DNSSEC validation in unbound.
-- Reboot --
nov 14 23:29:18 localhost.localdomain systemd[1]: Starting update of the root trust anchor for DNSSEC validation in unbound...
nov 14 23:29:36 localhost.localdomain systemd[1]: unbound-anchor.service: Succeeded.
nov 14 23:29:36 localhost.localdomain systemd[1]: Finished update of the root trust anchor for DNSSEC validation in unbound.
nov 15 00:01:01 localhost.localdomain systemd[1]: Starting update of the root trust anchor for DNSSEC validation in unbound...
nov 15 00:01:01 localhost.localdomain systemd[1]: unbound-anchor.service: Succeeded.
nov 15 00:01:01 localhost.localdomain systemd[1]: Finished update of the root trust anchor for DNSSEC validation in unbound.
1 Like