Commit c373a316 authored by Ondrej Sury's avatar Ondrej Sury

Update package to also include Root Hints and Root Zone File

parent 3497febf
dnssec-root-key for Debian
--------------------------
The weekly update needs Internet connectivity to check for updated
IANA root key.
-- Ondřej Surý <ondrej@debian.org>, Thu, 26 Jun 2014 10:28:09 +0200
dnssec-root-key for Debian
--------------------------
dns-root-data for Debian
------------------------
The source files for this package was created by downloading IANA
DNSSEC root-anchors directory from: http://data.iana.org/root-anchors/
-- Ondřej Surý <ondrej@debian.org>, Thu, 26 Jun 2014 09:26:54 +0200
-- Ondřej Surý <ondrej@debian.org>, Thu, 26 Jun 2014 11:19:25 +0200
dnssec-root-key (20100715) unstable; urgency=low
dns-root-data (20100715) unstable; urgency=low
* Initial release (Closes: #752745)
......
Source: dnssec-root-key
Source: dns-root-data
Section: misc
Priority: optional
Maintainer: Ondřej Surý <ondrej@debian.org>
......@@ -10,15 +10,16 @@ Build-Depends: debhelper (>= 8.0.0),
libxml2-utils
Standards-Version: 3.9.5
Homepage: https://data.iana.org/root-anchors/
#Vcs-Git: git://git.debian.org/collab-maint/dnssec-root-key.git
#Vcs-Browser: http://git.debian.org/?p=collab-maint/dnssec-root-key.git;a=summary
#Vcs-Git: git://git.debian.org/collab-maint/dns-root-data.git
#Vcs-Browser: http://git.debian.org/?p=collab-maint/dns-root-data.git;a=summary
Package: dnssec-root-key
Package: dns-root-data
Architecture: all
Depends: ${misc:Depends}, unbound-anchor
Description: DNSSEC root key (trust anchors)
This package contains DNSSEC root key in all available formats that
all packages doing DNSSEC validation can use as a common data source.
Depends: ${misc:Depends}
Description: DNS root data including root zone and DNSSEC key
This package contains various root zone related data as published
by IANA to be used by various DNS software as a common source
of DNS root zone data, namely:
.
unbound-anchor is used to keep the root.key up-to-date
via RFC5011 mechanism.
* Root Hints and Zone Files (root.hints, root.zone)
* Root Trust Anchors (root.key, root.ds)
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: dnssec-root-key
Source: https://data.iana.org/root-anchors/
Upstream-Name: IANA Root Zone Management
Source: http://www.iana.org/domains/root/files
Files: *
Copyright: Copyright (c) 2010 Internet Corporation For Assigned Names and Numbers
......
#!/bin/sh
unbound-anchor -a /etc/dns/root.key \
-c /usr/share/dnssec-root-key/icannbundle.pem
/etc/dns
/usr/share/dnssec-root-key
draft-icann-dnssec-trust-anchor.* /usr/share/doc/dnssec-root-key/
icannbundle.* /usr/share/dnssec-root-key/
icann.pgp /usr/share/dnssec-root-key/
*.crt /usr/share/dnssec-root-key/
*.csr /usr/share/dnssec-root-key/
root-anchors.* /usr/share/dnssec-root-key/
root.key /etc/dns/
root.ds /etc/dns/
#!/bin/sh
# postinst script for getdns-common
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <postinst> `abort-remove'
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
case "$1" in
configure)
unbound-anchor -a /etc/dns/root.key \
-c /usr/share/dnssec-root-key/icannbundle.pem
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
......@@ -37,6 +37,9 @@ override_dh_auto_build:
# Compare the DS from root.key and from root-anchors.xml
diff root-anchors.ds root.ds
# Verify signature on root.zone using validated root.key
dnssec-verify -o . root.zone root.key
override_dh_auto_clean:
rm -f root-anchors.ds root.ds
......@@ -46,4 +49,5 @@ get_orig_source:
unbound-anchor \
-a $(CURDIR)/root.key \
-c $(CURDIR)/icannbundle.pem
wget -O $(CURDIR)/root.zone "http://www.internic.net/domain/root.zone"
wget -O $(CURDIR)/root.hints "http://www.internic.net/domain/named.root"
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: June 2, 2014
; related version of root zone: 2014060201
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::B
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::C
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
; End of File
; autotrust trust anchor file
;;id: . 1
;;last_queried: 1403770717 ;;Thu Jun 26 10:18:37 2014
;;last_success: 1403770717 ;;Thu Jun 26 10:18:37 2014
;;next_probe_time: 1403812361 ;;Thu Jun 26 21:52:41 2014
;;last_queried: 1403774651 ;;Thu Jun 26 11:24:11 2014
;;last_success: 1403774651 ;;Thu Jun 26 11:24:11 2014
;;next_probe_time: 1403817219 ;;Thu Jun 26 23:13:39 2014
;;query_failed: 0
;;query_interval: 43200
;;retry_time: 8640
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment