Change DS creation to omit TTL and use spaces instead of tabs (Closes: #864016)
The version of dnsmasq in testing (currently 2.76-5) and which will apparently be released with stretch uses the following sed parser to convert the root.ds file in dns-root-data to command-line arguments for dnsmasq: sed -e s/". IN DS "/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS This chokes on the root.ds file shipped in the dns-root-data 2017041101 package. (See #858506 and #860064.) Consequently dnsmasq 2.77-1 shipped the following parser: sed -e s/"^.*DS[\t ]"/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS This commit relaxes the format of the root.ds file so that it can be parsed by the init script in both dnsmasq 2.76-5 and dnsmasq 2.77-1, by removing the TTL field (which doesn't make much sense for a trust anchor anyway) and converting the tab characters to spaces. This results in the following root.ds content: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d Both the dnsmasq 2.76-5 and 2.77-1 parsers convert the above root.ds content to the following dnsmasq command-line arguments: --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d For comparison, previous versions of dns-root-data (before we started shipping the second trust anchor for the KSK rollover) formatted the root.ds file like this: . IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 This commit also adds a workaround in debian/rules to munge the output of ldns-key2ds so that the diff comparison will succeed.
parent
df8d42ed
Please register or sign in to comment