From: Frank Brehm Date: Mon, 18 Sep 2017 11:02:50 +0000 (+0200) Subject: committing changes in /etc after apt run X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=a85cca1fb80ffcc5072cc29b139e74e199b955ec;p=config%2Fns3%2Fetc.git committing changes in /etc after apt run Package changes: -bind9 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64 -bind9-host 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64 -bind9utils 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64 +bind9 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64 +bind9-host 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64 +bind9utils 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64 -dnsutils 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64 +dnsutils 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64 -libbind9-140 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64 +libbind9-140 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64 -libdns162 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64 +libdns162 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64 -libirs141 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64 -libisc160 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64 -libisccc140 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64 -libisccfg140 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64 +libirs141 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64 +libisc160 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64 +libisccc140 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64 +libisccfg140 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64 -liblwres141 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64 +liblwres141 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64 -libunbound2 1.6.0-3 amd64 +libunbound2 1.6.0-3+deb9u1 amd64 -tcpdump 4.9.0-2 amd64 +tcpdump 4.9.2-1~deb9u1 amd64 --- diff --git a/bind/bind.keys b/bind/bind.keys index 068a8ce..db22d4b 100644 --- a/bind/bind.keys +++ b/bind/bind.keys @@ -1,4 +1,3 @@ -/* $Id: bind.keys,v 1.7 2011/01/03 23:45:07 each Exp $ */ # The bind.keys file is used to override the built-in DNSSEC trust anchors # which are included as part of BIND 9. As of the current release, the only # trust anchors it contains are those for the DNS root zone ("."), and for @@ -15,32 +14,56 @@ # # This file is NOT expected to be user-configured. # -# These keys are current as of January 2011. If any key fails to +# These keys are current as of Feburary 2017. If any key fails to # initialize correctly, it may have expired. In that event you should # replace this file with a current version. The latest version of # bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys. managed-keys { - # ISC DLV: See https://www.isc.org/solutions/dlv for details. - # NOTE: This key is activated by setting "dnssec-lookaside auto;" - # in named.conf. - dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 - brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ - 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 - ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk - Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM - QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt - TDN0YUuWrBNh"; + # ISC DLV: See https://www.isc.org/solutions/dlv for details. + # + # NOTE: The ISC DLV zone is being phased out as of February 2017; + # the key will remain in place but the zone will be otherwise empty. + # Configuring "dnssec-lookaside auto;" to activate this key is + # harmless, but is no longer useful and is not recommended. + dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 + brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ + 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 + ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk + Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM + QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt + TDN0YUuWrBNh"; - # ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml - # for current trust anchor information. - # NOTE: This key is activated by setting "dnssec-validation auto;" + # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml + # for current trust anchor information. + # + # These keys are activated by setting "dnssec-validation auto;" # in named.conf. - . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF - FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX - bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD - X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz - W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS - Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq - QxA+Uk1ihz0="; + # + # This key (19036) is to be phased out starting in 2017. It will + # remain in the root zone for some time after its successor key + # has been added. It will remain this file until it is removed from + # the root zone. + . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF + FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX + bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD + X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz + W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS + Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq + QxA+Uk1ihz0="; + + # This key (20326) is to be published in the root zone in 2017. + # Servers which were already using the old key (19036) should + # roll seamlessly to this new one via RFC 5011 rollover. Servers + # being set up for the first time can use the contents of this + # file as initializing keys; thereafter, the keys in the + # managed key database will be trusted and maintained + # automatically. + . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 + +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv + ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF + 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e + oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd + RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN + R1AkUTV74bU="; };