From b53232e51ee739a02cee9b4f29d2c3e444b86514 Mon Sep 17 00:00:00 2001 From: Jacek Konieczny Date: Fri, 25 Apr 2014 11:21:21 +0200 Subject: [PATCH] Set the auto-trust-anchor-file by default This enables DNSSEC validation in the default config file. --- unbound-default_trust_anchor.patch | 12 ++++++++++++ unbound.spec | 2 ++ 2 files changed, 14 insertions(+) create mode 100644 unbound-default_trust_anchor.patch diff --git a/unbound-default_trust_anchor.patch b/unbound-default_trust_anchor.patch new file mode 100644 index 0000000..7ffede3 --- /dev/null +++ b/unbound-default_trust_anchor.patch @@ -0,0 +1,12 @@ +diff -dur unbound-1.4.22.orig/doc/example.conf.in unbound-1.4.22/doc/example.conf.in +--- unbound-1.4.22.orig/doc/example.conf.in 2014-03-12 13:31:42.000000000 +0100 ++++ unbound-1.4.22/doc/example.conf.in 2014-04-25 11:14:14.000000000 +0200 +@@ -342,7 +342,7 @@ + # you start unbound (i.e. in the system boot scripts). And enable: + # Please note usage of unbound-anchor root anchor is at your own risk + # and under the terms of our LICENSE (see that file in the source). +- # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" ++ auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" + + # File with DLV trusted keys. Same format as trust-anchor-file. + # There can be only one DLV configured, it is trusted from root down. diff --git a/unbound.spec b/unbound.spec index df4bd9b..8e69964 100644 --- a/unbound.spec +++ b/unbound.spec @@ -17,6 +17,7 @@ Source3: https://data.iana.org/root-anchors/icannbundle.pem # Source3-md5: 59774aba58dbde1049bdf4722fb4f02c Source4: ftp://ftp.internic.net/domain/named.cache # Source4-md5: b3b07a2944d29d1f5bd58fe2fe183148 +Patch0: %{name}-default_trust_anchor.patch URL: http://unbound.net/ BuildRequires: expat-devel BuildRequires: libevent-devel @@ -112,6 +113,7 @@ Pythonowy interfejs do biblioteki unbound. %prep %setup -q +%patch0 -p1 %build %configure \ -- 2.44.0