From 594dd4101a3acd39160a53891db7852b4ebcb6df Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 2 Oct 2017 16:52:53 -0400 Subject: [PATCH] - Enable RFC 8145 Trust Anchor Signaling to help the root zone get keytag statistics --- unbound.conf | 3 +++ unbound.spec | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/unbound.conf b/unbound.conf index 8a74aec..127a644 100644 --- a/unbound.conf +++ b/unbound.conf @@ -471,6 +471,9 @@ server: # and under the terms of our LICENSE (see that file in the source). # auto-trust-anchor-file: "/var/lib/unbound/root.key" + # trust anchor signaling sends a RFC8145 key tag query after priming. + trust-anchor-signaling: yes + # File with DLV trusted keys. Same format as trust-anchor-file. # There can be only one DLV configured, it is trusted from root down. # DLV is going to be decommissioned. Please do not use it any more. diff --git a/unbound.spec b/unbound.spec index 75ae339..7143aba 100644 --- a/unbound.spec +++ b/unbound.spec @@ -21,7 +21,7 @@ Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound Version: 1.6.6 -Release: 1%{?extra_version:.%{extra_version}}%{?dist} +Release: 2%{?extra_version:.%{extra_version}}%{?dist} License: BSD Url: https://www.unbound.net/ Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz @@ -439,6 +439,9 @@ popd %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key %changelog +* Mon Oct 02 2017 Paul Wouters - 1.6.6-2 +- Enable RFC 8145 Trust Anchor Signaling to help the root zone get keytag statistics + * Fri Sep 22 2017 Paul Wouters - 1.6.6-1 - Resolves: rhbz#1483572 unbound-1.6.6 is available - Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit)