GNU bug report logs - #68621
[PATCH 0/2] Provide default DNSSEC trust anchors for knot-resolver

Reported by: Leo Nikkilä <hello <at> lnikki.la>

Date: Sat, 20 Jan 2024 21:27:02 UTC

Severity: normal

Tags: patch

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Nikkilä <hello <at> lnikki.la>
To: guix-patches <at> gnu.org
Cc: Leo Nikkilä <hello <at> lnikki.la>
Subject: [PATCH 0/2] Provide default DNSSEC trust anchors for knot-resolver
Date: Sat, 20 Jan 2024 23:23:42 +0200

The default DNSSEC trust anchors for knot-resolver are currently
disabled through a build phase, but configured when you use the default
kresd.conf file provided by Guix.

If you write your own configuration, you might expect kresd to have
DNSSEC enabled by default since this is what upstream does [1]. On Guix,
DNSSEC is disabled unless you provide the same custom path in your own
configuration and install the file into the appropriate location.

This set updates the package to be built with the correct path as the
default, and the service to use that path and install the default trust
anchors at activation time when missing.

[1]: https://knot-resolver.readthedocs.io/en/stable/config-dnssec.html

Leo Nikkilä (2):
  gnu: knot-resolver: Re-enable default DNSSEC trust anchors.
  services: knot-resolver: Use default DNSSEC trust anchors.

 gnu/packages/dns.scm | 20 +++++++++++++-------
 gnu/services/dns.scm | 17 +++++++++++++----
 2 files changed, 26 insertions(+), 11 deletions(-)


base-commit: 9072f27f5d3514be22c6af208f2ad56ef4e112f4
-- 
2.41.0

This bug report was last modified 1 year and 52 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #68621 [PATCH 0/2] Provide default DNSSEC trust anchors for knot-resolver

GNU bug report logs - #68621
[PATCH 0/2] Provide default DNSSEC trust anchors for knot-resolver