From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id oIn8H7E6rGV3wAAA62LTzQ:P1 (envelope-from ) for ; Sat, 20 Jan 2024 22:27:13 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id oIn8H7E6rGV3wAAA62LTzQ (envelope-from ) for ; Sat, 20 Jan 2024 22:27:13 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lnikki.la header.s=fm1 header.b=OWDEyWVz; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b=w5jo03pK; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1705786033; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=IJVC0an6Z4ae0TjMKVkaMAp3A805UexkcMP/7RrpD5w=; b=k4baZdHe5kXjNM80WbiA4BH0cLEdvtqFJXxKzkctAFDXwbAQ1n7+gudglIxWNx22vzVct2 N9Uwi3GtLpirYZs6z7DRn0+SrFvKlOAC0+MvVslKorGlbfZnUEpK+5vKJOf4+XbEyLSgy1 iHE1nbU2vMwIu5x+jIOsrHRJ7rFkA4KQdz6TFGt3COMT3SbniX2hgxxGrZIcMms4hMbLFi leCgYaeUAx8gBj6ShiiAZqPwbg+66qIZoneKEjNJE4qFqSsH3gDWq0Tr/zW6KxAz+YxFGH JbljqT3nzPf7d2QYj65PufZWUI/Zx0O+oaDpuAXfjr1W5TJFPsHJg1+rV10afQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lnikki.la header.s=fm1 header.b=OWDEyWVz; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b=w5jo03pK; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1705786033; a=rsa-sha256; cv=none; b=FeGgFt9OflkvY+4lxfyJyFBILKARcvggMbHIMLfQIk/p8A2+3tDTKYIzBaH41nyQKmf3dw sRieFGrVYd5qxErMk4QIQ6oY1F3ISPAL00Rd1HMU5wsiajjdYz5oFpTwyEe313YLBW4kUN DfuXpOjTOnWk1t1ABFz9sRBrhOjPTvVA05zPrILiJn2bQXoztcqOjKy9UM5vhWOcGyS97j HW17ks3nlBgmRjs7miwfFhoe1ZoDU51IDarAWrbXhnll+ktpLD/9lM9YIuDlIV+fXVttDv vrUjGi6VM2CD0PfIIrwCa1y8MzlCLbTJ908EfCr7SErmB8Cfw3NakDLhNaa+zQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7D3AE20C6A for ; Sat, 20 Jan 2024 22:27:12 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rRIrn-0000br-4F; Sat, 20 Jan 2024 16:27:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rRIrk-0000ba-Ea for guix-patches@gnu.org; Sat, 20 Jan 2024 16:27:00 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rRIrk-0000G2-2v for guix-patches@gnu.org; Sat, 20 Jan 2024 16:27:00 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rRIrm-0008SP-Qy for guix-patches@gnu.org; Sat, 20 Jan 2024 16:27:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#68621] [PATCH 0/2] Provide default DNSSEC trust anchors for knot-resolver Resent-From: Leo =?UTF-8?Q?Nikkil=C3=A4?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 20 Jan 2024 21:27:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 68621 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 68621@debbugs.gnu.org Cc: Leo =?UTF-8?Q?Nikkil=C3=A4?= X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.170578600032453 (code B ref -1); Sat, 20 Jan 2024 21:27:02 +0000 Received: (at submit) by debbugs.gnu.org; 20 Jan 2024 21:26:40 +0000 Received: from localhost ([127.0.0.1]:35982 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRIrQ-0008RM-BY for submit@debbugs.gnu.org; Sat, 20 Jan 2024 16:26:40 -0500 Received: from lists.gnu.org ([2001:470:142::17]:57956) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRIrM-0008Qk-AB for submit@debbugs.gnu.org; Sat, 20 Jan 2024 16:26:37 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rRIr5-00009g-4y for guix-patches@gnu.org; Sat, 20 Jan 2024 16:26:21 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rRIr3-00009B-33 for guix-patches@gnu.org; Sat, 20 Jan 2024 16:26:18 -0500 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 1FA3C5C00A6; Sat, 20 Jan 2024 16:26:13 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Sat, 20 Jan 2024 16:26:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lnikki.la; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm1; t=1705785973; x=1705872373; bh=IJ VC0an6Z4ae0TjMKVkaMAp3A805UexkcMP/7RrpD5w=; b=OWDEyWVzXmgVDE8JN1 FDjX1JIvoO9ivx6t0NQoP/e31/9sTNBG0xQya7tz2P8P0ONCWV+nkzlsVBpsjqKn vIPgExjvT3lRwlIkpyOL6nony4FWTPI+9KbMT9XF5lNqXRrMII8VW6WHUNeWamb4 MYfGK/NK/7IKjYIA+CGsxOpUuNnVr0tLVQyEJ7sxF1QUQ0dmuGJljZNINOrdjRzG 9O1kAo7X+bhbIlZk2A1NmyOEV3m2h4zi3H8JzNQVYkeK4Ncf7xgfNEBK/oL95Pqk +hhlXVO1t3jd5k/hlJN4RfTtYitU/4z3Gq91+G8TjATODU0+0eJefcM15G1YfrM2 rvWw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1705785973; x=1705872373; bh=IJVC0an6Z4ae0 TjMKVkaMAp3A805UexkcMP/7RrpD5w=; b=w5jo03pK1rOfmikn98gUGpdPt1Ouc f5KqAAO824hDRh8MiVlv6rtQyCRMdN6aUXo9M5Smkf266z8Fogug8aXXFPEJh6Fs vxkVmt2gv26pg2OHnDCO0ZLcJqrf39SY6mfaFQKSPcnTWR4faX23SiDTb44kFVao 3OwRvTJnNBAiD5iveWpfwisxu3YYS33llDh+MFo2bf7E/QNNhTTvGGm04RPLrHDb qQCVcsjrUiN3xDqV0GHoN3cSK5mJY7mQoxSOdnVIcVMvmXjBr+jufW6CE4Yp+U53 p7V9A9I/v28dGHXtGzDQAkW2fSQScMjiR15OqO4F8FUuixfyN7vjMhjdQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdekvddgudehudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofggtgfgsehtke ertdertdejnecuhfhrohhmpefnvghoucfpihhkkhhilhomuceohhgvlhhloheslhhnihhk khhirdhlrgeqnecuggftrfgrthhtvghrnhepvdejfeejuefffeeiuedvleetkeettdefje elfeevvdeffeehgeduvedufefgheeinecuffhomhgrihhnpehrvggrughthhgvughotghs rdhiohenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hhvghllhhosehlnhhikhhkihdrlhgr X-ME-Proxy: Feedback-ID: i41f146a7:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 20 Jan 2024 16:26:12 -0500 (EST) Date: Sat, 20 Jan 2024 23:23:42 +0200 Message-ID: <20240120212542.17473-1-hello@lnikki.la> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=66.111.4.25; envelope-from=hello@lnikki.la; helo=out1-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Leo =?UTF-8?Q?Nikkil=C3=A4?= X-ACL-Warn: , =?utf-8?q?Leo_Nikkil=C3=A4_via_Guix-patches?= From: =?utf-8?q?Leo_Nikkil=C3=A4_via_Guix-patches?= via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -7.28 X-Spam-Score: -7.28 X-Migadu-Queue-Id: 7D3AE20C6A X-Migadu-Scanner: mx12.migadu.com X-TUID: BANQW9+3Kx6s The default DNSSEC trust anchors for knot-resolver are currently disabled through a build phase, but configured when you use the default kresd.conf file provided by Guix. If you write your own configuration, you might expect kresd to have DNSSEC enabled by default since this is what upstream does [1]. On Guix, DNSSEC is disabled unless you provide the same custom path in your own configuration and install the file into the appropriate location. This set updates the package to be built with the correct path as the default, and the service to use that path and install the default trust anchors at activation time when missing. [1]: https://knot-resolver.readthedocs.io/en/stable/config-dnssec.html Leo Nikkilä (2): gnu: knot-resolver: Re-enable default DNSSEC trust anchors. services: knot-resolver: Use default DNSSEC trust anchors. gnu/packages/dns.scm | 20 +++++++++++++------- gnu/services/dns.scm | 17 +++++++++++++---- 2 files changed, 26 insertions(+), 11 deletions(-) base-commit: 9072f27f5d3514be22c6af208f2ad56ef4e112f4 -- 2.41.0