Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#42644 - [ldns] Uses wrong anchor file

Attached to Project: Arch Linux
Opened by Mantas Mikul─Śnas (grawity) - Saturday, 01 November 2014, 10:57 GMT
Last edited by Gaetan Bisson (vesath) - Friday, 07 November 2014, 06:21 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Gaetan Bisson (vesath)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


ldns currently depends on dnssec-anchors, which installs "/etc/trusted-key.key"; however, tools such as `drill` are looking for "/etc/unbound/root.key". Since there's no such file, they don't validate responses at all.

(That file would be created by `unbound-anchor` from community/unbound, but even that won't happen because unbound is compiled to use dnssec-anchors "--with-rootkey-file=/etc/trusted-key.key".)

The package should be built using "--with-trust-anchor=/etc/trusted-key.key" to fix this.
This task depends upon

Closed by  Gaetan Bisson (vesath)
Friday, 07 November 2014, 06:21 GMT
Reason for closing:  Fixed
Additional comments about closing:  ldns-1.6.17-2 in [testing]
Comment by Gaetan Bisson (vesath) - Friday, 07 November 2014, 06:12 GMT
Thanks for noticing!