347415 – net-dns/unbound - use of net-dns/dnssec-root

Bug 347415 - net-dns/unbound - use of net-dns/dnssec-root

Summary: net-dns/unbound - use of net-dns/dnssec-root

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Library (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	MATSUU Takuto (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-12-01 11:41 UTC by Daniel Black (RETIRED)
Modified:	2010-12-07 15:09 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
ebuild patch (unbound.ebuild.patch,1.98 KB, patch) 2010-12-01 11:43 UTC, Daniel Black (RETIRED)	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Black (RETIRED) gentoo-dev

2010-12-01 11:41:48 UTC

I've added the dnssec root keys to gentoo in the package. Suggest updating the unbound ebuild as follows to follow the dnssec root keys.

Comment 1 Daniel Black (RETIRED) gentoo-dev

2010-12-01 11:43:18 UTC

Created attachment 256039 [details, diff]
ebuild patch

Comment 2 TANABE Ken-ichi 2010-12-07 12:55:42 UTC

It just works fine on my ~amd64. Here is some tests.

 % dig +dnssec @127.0.0.1 org ns
; <<>> DiG 9.7.2-P2 <<>> +dnssec @127.0.0.1 org ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20133
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;org.                    IN   NS

;; ANSWER SECTION:
org.           86397     IN   NS   a0.org.afilias-nst.info.
org.           86397     IN   NS   a2.org.afilias-nst.info.
org.           86397     IN   NS   b0.org.afilias-nst.org.
org.           86397     IN   NS   b2.org.afilias-nst.org.
org.           86397     IN   NS   c0.org.afilias-nst.info.
org.           86397     IN   NS   d0.org.afilias-nst.org.
org.           86397     IN   RRSIG     NS 7 1 86400 20101215154703 20101201144703 43172 org. B6GpZCF7Pp8ZTjf/tEgtPYPqJcsBeZ+c6OFZCQYoOARqZ+UJXaWSEVhi 6h2SyQteeYZo/RpXHyBdaUr884gY0+h0zwTV7DcFD09Qvv5/A+L9+d09 VKbYUtKBGja+W8dbJHI6Wg/0i50a9IFjKmyvcxjkmh9W8Amkhdjf29Dg G6U=

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec  7 21:48:11 2010
;; MSG SIZE  rcvd: 333


I get 'ad' flags correctly. when I remove auto-trust-anchor-file in unbound.conf I get no 'ad' flags correctly.


 $ dig +dnssec @127.0.0.1 org ns
; <<>> DiG 9.7.2-P2 <<>> +dnssec @127.0.0.1 org ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64292
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;org.                    IN   NS

;; ANSWER SECTION:
org.           86400     IN   NS   a0.org.afilias-nst.info.
org.           86400     IN   NS   a2.org.afilias-nst.info.
org.           86400     IN   NS   b0.org.afilias-nst.org.
org.           86400     IN   NS   b2.org.afilias-nst.org.
org.           86400     IN   NS   c0.org.afilias-nst.info.
org.           86400     IN   NS   d0.org.afilias-nst.org.
org.           86400     IN   RRSIG     NS 7 1 86400 20101215154703 20101201144703 43172 org. B6GpZCF7Pp8ZTjf/tEgtPYPqJcsBeZ+c6OFZCQYoOARqZ+UJXaWSEVhi 6h2SyQteeYZo/RpXHyBdaUr884gY0+h0zwTV7DcFD09Qvv5/A+L9+d09 VKbYUtKBGja+W8dbJHI6Wg/0i50a9IFjKmyvcxjkmh9W8Amkhdjf29Dg G6U=

;; ADDITIONAL SECTION:
b0.org.afilias-nst.org.  86400     IN   A    199.19.54.1
d0.org.afilias-nst.org.  86400     IN   A    199.19.57.1
b0.org.afilias-nst.org.  86400     IN   AAAA 2001:500:c::1
d0.org.afilias-nst.org.  86400     IN   AAAA 2001:500:f::1

;; Query time: 250 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec  7 21:49:49 2010
;; MSG SIZE  rcvd: 421


A patch for unbound1.4.7.ebuild have white spaces. A cleanup is needed, I think.

# emerge --info
Portage 2.1.9.25 (default/linux/amd64/10.0/desktop, gcc-4.5.1, glibc-2.12.1-r3, 2.6.36-gentoo-r1 x86_64)
=================================================================
System uname: Linux-2.6.36-gentoo-r1-x86_64-Intel-R-_Core-TM-2_Duo_CPU_P7350_@_2.00GHz-with-gentoo-2.0.1
Timestamp of tree: Tue, 07 Dec 2010 11:00:22 +0000
distcc 3.1 x86_64-pc-linux-gnu [disabled]
app-shells/bash:     4.1_p9
dev-java/java-config: 2.1.11-r2
dev-lang/python:     2.6.6-r1, 2.7.1, 3.1.3
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 2.0.1-r1
sys-apps/openrc:     0.6.7
sys-apps/sandbox:    2.4
sys-devel/autoconf:  2.13, 2.68
sys-devel/automake:  1.5, 1.7.9-r1, 1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.3.4, 4.4.5, 4.5.1-r1
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.4-r1
sys-devel/make:      3.82
virtual/os-headers:  2.6.36.1 (sys-kernel/linux-headers)
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA Broadcom PUEL dlj-1.1 skype-eula AdobeFlash-10.1"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O3 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -O3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests binpkg-logs ccache distlocks fixlafiles fixpackages metadata-transfer news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://ftp.iij.ad.jp/pub/linux/gentoo http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo"
LANG="ja_JP.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="ja"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_EXTRA_OPTS="-6"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/lib/layman/haskell /var/lib/layman/x11 /usr/local/portage"
SYNC="rsync://rika.tokyo.tknetworks.org/gentoo-portage"
USE="X a52 aac acl acpi alsa amd64 berkdb bluetooth branding bzip2 cairo cdr cjk cli consolekit cracklib crypt cups curl cxx dbus dri dts dvd dvdr emboss encode exif fam firefox flac fontconfig freetype gdbm gif gpg gpm gtk gtk2 hal iconv ipv6 jpeg kerberos latex lcms libnotify live mad mikmod mmx mmx2 mng modules mozdevelop mp2 mp3 mp4 mpeg mudflap multilib ncurses nls nptl nptlonly nsplugin ogg opengl openmp pam pango pcre pdf perl png policykit ppds pppd python qt3support readline rtsp ruby sdl session spell sse sse2 ssl startup-notification svg sysfs tcpd tiff truetype unicode usb v4l v4l2 vorbis x264 xcb xft xinerama xml xorg xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse synaptics evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ja" PHP_TARGETS="php5-2" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nouveau vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS

Comment 3 MATSUU Takuto (RETIRED) gentoo-dev

2010-12-07 15:09:42 UTC

in cvs.