diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2017-07-15 10:38:01 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2017-07-15 10:38:01 +0200 |
commit | 338a19520493f941a3f478bf852074e74a67b03d (patch) | |
tree | 61c65b2a7e610a6db63bdb34e8df919dffaec70f /pkgs/data/misc | |
parent | 3bb9954a6bb977f3e33f766ae5df926495ef7bc4 (diff) | |
download | nixlib-338a19520493f941a3f478bf852074e74a67b03d.tar nixlib-338a19520493f941a3f478bf852074e74a67b03d.tar.gz nixlib-338a19520493f941a3f478bf852074e74a67b03d.tar.bz2 nixlib-338a19520493f941a3f478bf852074e74a67b03d.tar.lz nixlib-338a19520493f941a3f478bf852074e74a67b03d.tar.xz nixlib-338a19520493f941a3f478bf852074e74a67b03d.tar.zst nixlib-338a19520493f941a3f478bf852074e74a67b03d.zip |
dns-root-data: improve determinism, clear key status
Nitpicks: - The timestamps there were useless. - The generator now switched the two keys; I don't know why. I intentionally remove the comments like "state=1 [ ADDPEND ]". The problem is that keys e.g. in ADDPEND state are *not* immediately usable for validation - see RFC5011 for details. I verified that Unbound does disregard this on the format we and Debian use ATM, presumably due to removing parts of the comments, but it would be confusing nevertheless.
Diffstat (limited to 'pkgs/data/misc')
-rw-r--r-- | pkgs/data/misc/dns-root-data/root.ds | 1 | ||||
-rw-r--r-- | pkgs/data/misc/dns-root-data/root.key | 4 | ||||
-rwxr-xr-x | pkgs/data/misc/dns-root-data/update-root-key.sh | 9 |
3 files changed, 7 insertions, 7 deletions
diff --git a/pkgs/data/misc/dns-root-data/root.ds b/pkgs/data/misc/dns-root-data/root.ds index 61c5b8fcd344..7578e0405d9d 100644 --- a/pkgs/data/misc/dns-root-data/root.ds +++ b/pkgs/data/misc/dns-root-data/root.ds @@ -1,3 +1,2 @@ -; created by unbound-anchor on Tue Jul 11 23:48:16 2017 . IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 . IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D diff --git a/pkgs/data/misc/dns-root-data/root.key b/pkgs/data/misc/dns-root-data/root.key index 9046cefcb713..c0da7b3f60fa 100644 --- a/pkgs/data/misc/dns-root-data/root.key +++ b/pkgs/data/misc/dns-root-data/root.key @@ -1,2 +1,2 @@ -. 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=1 [ ADDPEND ] -. 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=2 [ VALID ] +. 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} +. 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} diff --git a/pkgs/data/misc/dns-root-data/update-root-key.sh b/pkgs/data/misc/dns-root-data/update-root-key.sh index 5db179621a70..9a3141aef197 100755 --- a/pkgs/data/misc/dns-root-data/update-root-key.sh +++ b/pkgs/data/misc/dns-root-data/update-root-key.sh @@ -2,8 +2,9 @@ #!nix-shell -i bash -p busybox unbound TMP=`mktemp` -unbound-anchor -a $TMP -grep -Ev "^($$|;)" $TMP | sed -e 's/ ;;count=.*//' > root.key -rm $TMP +unbound-anchor -a "$TMP" +grep -Ev "^($$|;)" "$TMP" | sed -e 's/ ;;.*//' > root.key -unbound-anchor -F -a root.ds +unbound-anchor -F -a "$TMP" +sed '/^;/d' < "$TMP" > root.ds +rm $TMP |