mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-17 19:21:04 +00:00
Code Issues Wiki Activity
670961 commits 267 branches 124 tags 5.9 GiB
Commit graph

13 commits

Author SHA1 Message Date
Vladimír Čunát 0a8814545a
dns-root-data: add DS for the new KSK-2024 
The key still won't be used for some time, two years maybe,
and I've been unable to find the DNSKEY itself yet,
but I think it's better to preemptively trust at least the DS already.
(outdated machines, etc.)

Some evidence that it's not just a hash of *my* private key:
https://www.iana.org/dnssec/ceremonies/53-2
https://data.iana.org/ksk-ceremony/53-2/kskm-keymaster-20240426-173035-995.log
https://www.youtube.com/live/gw4PFhtnVpk?si=C8zevM3nG9O0XAJr&t=12726

I also used exactly the same root.ds in knot-resolver upstream:
https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1556
 2024-06-20 19:18:09 +02:00
Vladimír Čunát e30be98231
dns-root-data: update B.root-servers.net addresses 
https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1478
 2023-11-28 19:34:01 +01:00
Markus Kowalewski 4b55ceddca
dns-root-data: add license 2022-11-02 23:28:22 +01:00
Felix Buehler e6ab13f005 dns-root-data: replace name with pname&version 2022-03-23 22:23:48 +01:00
Vladimír Čunát 075e8aeecb
dns-root-data: switch to new URL 
There's a redirect in place, so it doesn't really matter.
 2020-07-01 16:20:48 +02:00
Vladimír Čunát c4a5565e7a
dns-root-data: the old KSK is dead! 
Long live... eh, I hope the new KSK won't live as long as the old one.
Anyway, it doesn't really matter how fast people update this.
https://www.ietf.org/mail-archive/web/dnsop/current/msg24989.html
See RFC 5011 for details of the protocol.

I re-tested validation with both of these files, to be sure.
 2019-01-11 16:47:02 +01:00
Vladimír Čunát d16b298d19
dns-root-data: use a stable URL that I maintain anyway 
Close #31855.
 2017-11-21 13:58:19 +01:00
Vincent Laporte f35f995fff
dns-root-data: 2017-08-29 -> 2017-10-24 2017-11-06 19:22:38 +00:00
Chris Burr 0b356dfb75 dns-root-data: 2017-07-26 -> 2017-08-29 2017-09-04 10:50:32 +01:00
Jan Malakhovski afc8405a7a dns-root-data: use https 2017-08-17 12:11:49 +00:00
Yann Hodique 2a0c6c7bee dns-root-data: 2017-07-11 -> 2017-07-26 2017-08-14 16:54:25 +02:00
Vladimír Čunát 338a195204
dns-root-data: improve determinism, clear key status 
Nitpicks:
- The timestamps there were useless.
- The generator now switched the two keys; I don't know why.

I intentionally remove the comments like "state=1 [ ADDPEND ]".
The problem is that keys e.g. in ADDPEND state are *not* immediately
usable for validation - see RFC5011 for details.  I verified that Unbound
does disregard this on the format we and Debian use ATM, presumably due
to removing parts of the comments, but it would be confusing nevertheless.
 2017-07-15 10:38:01 +02:00
Franz Pletz 3bb9954a6b
dns-root-data: init at 2017-06-16 2017-07-12 09:45:25 +02:00