Your message dated Fri, 29 Apr 2022 14:35:37 +0000 with message-id <[email protected]> and subject line Bug#641704: fixed in unbound 1.15.0-7 has caused the Debian Bug report #641704, regarding unbound-host should be preconfigured with DNS root trust anchor to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 641704: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641704 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: unbound-host Version: 1.4.12-1 Severity: normal Dear Maintainer, Using a simple "aptitude install unbound-host", the installed unbound-host doesn't seem to know about the root trust anchor. And there is no description in the man page, or in /ush/share/doc/unbound-host, about how to get and install this anchor. The DNS root is now signed. Since I expect most people will use the root trust anchor, then it would make sense for this to be preconfigured. If the root anchor is changed, then an update can be put into the Debian volative repository. To document that the current unbound-host installation don't know about the root trust anchor, I ran the following commands: t@h ~> unbound-host -v isc.org isc.org has address 149.20.64.42 (insecure) isc.org has IPv6 address 2001:4f8:0:2::d (insecure) isc.org mail is handled by 10 mx.ams1.isc.org. (insecure) isc.org mail is handled by 10 mx.pao1.isc.org. (insecure) t@h ~> unbound-host -v -y ". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5" isc.org isc.org has address 149.20.64.42 (secure) isc.org has IPv6 address 2001:4f8:0:2::d (secure) isc.org mail is handled by 10 mx.pao1.isc.org. (secure) isc.org mail is handled by 10 mx.ams1.isc.org. (secure) Regards, Thue PS: why doesn't running t@h ~> unbound-host isc.org isc.org has address 149.20.64.42 isc.org has IPv6 address 2001:4f8:0:2::d isc.org mail is handled by 10 mx.pao1.isc.org. isc.org mail is handled by 10 mx.ams1.isc.org. Throw a warning or error, since by running with -v I can see that validation failed? -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=da_DK.UTF-8, LC_CTYPE=da_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages unbound-host depends on: ii libc6 2.13-21 ii libev4 1:4.04-1 ii libgcc1 1:4.6.1-10 ii libldns1 1.6.10-2 ii libpython2.6 2.6.7-4 ii libssl1.0.0 1.0.0e-2 ii libunbound2 1.4.12-1 unbound-host recommends no packages. unbound-host suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: unbound Source-Version: 1.15.0-7 Done: Michael Tokarev <[email protected]> We believe that the bug you reported is fixed in the latest version of unbound, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <[email protected]> (supplier of updated unbound package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 29 Apr 2022 16:53:50 +0300 Source: unbound Architecture: source Version: 1.15.0-7 Distribution: unstable Urgency: medium Maintainer: unbound packagers <[email protected]> Changed-By: Michael Tokarev <[email protected]> Closes: 641704 1003135 1009928 Changes: unbound (1.15.0-7) unstable; urgency=medium . * unbound-resolvconf.service: - do not (re)start it explicitly from the postinst script, it should only be started as a part of unbound.service. Closes: #1009928 - add comments to this service file to clarify its purpose - add lintian overrides for this service file * /etc/resolvconf/update.d/unbound resolvconf hook script: - ship it enabled for new installs. Closes: #1003135 - but do not re-enable it for previous installs - add more comments to this file clarifying its purpose and possible issues - add comments about various ways to enable/disable this hook, - implement ability to disable it by setting USE_RESOLVCONF_FORWARDS=false in /etc/default/unbound - multiple other small changes and cleanups - rename it in debian packaging from d/resolvconf to d/resolvconf-forwards to make it's purpose more explicit * use dns root.key stored in /usr/share/dns/ (as provided by dns-root-data package) instead of the unbound-owned /var/lib/unbound/root.key (which is managed by an untrusted user). This changes defaults for unbound-host and unbound-anchor. Add Recommends: dns-root-data for unbound-host so it can find this root.key in the default install. Closes: #641704 Checksums-Sha1: 24a1db6cad1d4c69890bd22a5c4c9412933b36c3 2774 unbound_1.15.0-7.dsc 074f796fc5a31697e62eff9d9b1a3f52ffb8decf 27484 unbound_1.15.0-7.debian.tar.xz a0e3fc642a836a3b81a9b6c163613160eba0f54b 7669 unbound_1.15.0-7_source.buildinfo Checksums-Sha256: ff7fee3b6d52d9ec5ccd1d23421601cff7fe9adbbb6b9463e3cb463f60c8c043 2774 unbound_1.15.0-7.dsc c990b153e946f5f4a160f76e5589e899d3b232d344bf7827079f75571b471c3e 27484 unbound_1.15.0-7.debian.tar.xz fad96eff9bd802f1391fa6c9a72e72fcfff06e2ce2256eb7aeb39f33deae200d 7669 unbound_1.15.0-7_source.buildinfo Files: c1a8519528ccbb0b0adc095ffb21611a 2774 net optional unbound_1.15.0-7.dsc cc6fa58e0555e4d0089ddd1903d683c4 27484 net optional unbound_1.15.0-7.debian.tar.xz 34205b60cf279fe9ad918843d7d93e03 7669 net optional unbound_1.15.0-7_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmJr8QIPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZdrQIAJTqRYYXyHHl1Gg+DiwBXoXDiKtbUScG1jV5 qA1EYuJcu0QUBsYbsns7d4z4Nd2n8ym0BKzkBRLemDX7sxES08RvN19RlB2rz9vM Hrq7FeF2fJuh38VRJizGb1ts87v0omLyEBrzWGaG0lLOG+Z13uQy6xKoW2cKexIm kkml6r+Wy56vaQRofS2gsVb/iz0Ggt2VgQ1wycFnLESKNWVkVxmy9D81vI6l/Ucv mygXHCaR9TQOrW4N+Gx6R/QbGnbUhisXQBWRWH/AupAq1ntKDaYWtZ7L0sRoy3oi orh6fuwBtTlG70g2K+ysoZ0Rgv6wdwbIzpXX20G0JRDazsZ3dok= =RGpo -----END PGP SIGNATURE-----
--- End Message ---
