From: "Leo Nikkilä via Guix-patches via" <guix-patches@gnu.org>
To: 68621@debbugs.gnu.org
Cc: "Leo Nikkilä" <hello@lnikki.la>
Subject: [bug#68621] [PATCH 0/2] Provide default DNSSEC trust anchors for knot-resolver
Date: Sat, 20 Jan 2024 23:23:42 +0200 [thread overview]
Message-ID: <20240120212542.17473-1-hello@lnikki.la> (raw)
The default DNSSEC trust anchors for knot-resolver are currently
disabled through a build phase, but configured when you use the default
kresd.conf file provided by Guix.
If you write your own configuration, you might expect kresd to have
DNSSEC enabled by default since this is what upstream does [1]. On Guix,
DNSSEC is disabled unless you provide the same custom path in your own
configuration and install the file into the appropriate location.
This set updates the package to be built with the correct path as the
default, and the service to use that path and install the default trust
anchors at activation time when missing.
[1]: https://knot-resolver.readthedocs.io/en/stable/config-dnssec.html
Leo Nikkilä (2):
gnu: knot-resolver: Re-enable default DNSSEC trust anchors.
services: knot-resolver: Use default DNSSEC trust anchors.
gnu/packages/dns.scm | 20 +++++++++++++-------
gnu/services/dns.scm | 17 +++++++++++++----
2 files changed, 26 insertions(+), 11 deletions(-)
base-commit: 9072f27f5d3514be22c6af208f2ad56ef4e112f4
--
2.41.0
next reply other threads:[~2024-01-20 21:27 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-20 21:23 Leo Nikkilä via Guix-patches via [this message]
2024-01-20 21:23 ` [bug#68620] [PATCH 1/2] gnu: knot-resolver: Re-enable default DNSSEC trust anchors Leo Nikkilä via Guix-patches via
2024-04-23 16:04 ` [bug#68620] Moved into 68621 Dale Mellor
2024-04-23 16:21 ` Dale Mellor
2024-01-20 21:23 ` [bug#68622] [PATCH 2/2] services: knot-resolver: Use default DNSSEC trust anchors Leo Nikkilä via Guix-patches via
2024-04-23 16:05 ` [bug#68622] Moved to 68621 Dale Mellor
2024-04-23 16:22 ` [bug#68622] Moved into 68621 Dale Mellor
2024-01-20 21:37 ` [bug#68621] [PATCH 0/2] Provide default DNSSEC trust anchors for knot-resolver Leo Nikkilä via Guix-patches via
2024-04-23 15:59 ` [bug#68621] Consolidating patches under this one issue number Dale Mellor
2024-04-23 16:12 ` [bug#68621] [PATCH v2 1/4] gnu: knot-resolver: Re-enable default DNSSEC trust anchors Dale Mellor
2024-04-23 16:12 ` [bug#68621] [PATCH v2 2/4] gnu: knot-resolver: Appease some guix lint complaints Dale Mellor
2024-04-23 16:12 ` [bug#68621] [PATCH v2 3/4] services: knot-resolver: Use default DNSSEC trust anchors Dale Mellor
2024-04-23 16:12 ` [bug#68621] [PATCH v2 4/4] gnu: knot-resolver: version to 5.7.2 Dale Mellor
2024-04-23 18:33 ` [bug#68621] [PATCH v2 0/4] Allow use of DNSSEC in knot-resolver service Dale Mellor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240120212542.17473-1-hello@lnikki.la \
--to=guix-patches@gnu.org \
--cc=68621@debbugs.gnu.org \
--cc=hello@lnikki.la \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).