Public bug reported: Package provides centralized version of DNS root data including root zone and DNSSEC key Package provides information available at https://data.iana.org/root-anchors/ and http://www.internic.net/domain/named.root together with some derived bytes This is data-only package: http://packages.ubuntu.com/vivid/all/dns-root-data/filelist
== Availability == In universe == Rationale == New dependency (recommends) for dnsmasq-base If dns-root-data package is installed dnsmasq uses /usr/share/dns/root.ds provided by this package as --trust-anchor If dns-root-data package is not installed dnsmasq uses its own trust anchor stored inside /usr/share/dnsmasq/trust-anchors.conf Right now both anchors are the same. It means that we have two options: (a) drop 'recommends' to 'suggests' -- dnsmasq will use its own trust-anchor all the time (b) include dns-root-data into main and keep it 'recommends' While (a) is simpler, there are some arguments for (b) as well: (1) some other packages may start using dns-root-data in the near future (see bug opened for bind9: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760459) (2) when and if dnssec keys will be changed it's much simpler to update them in a single place than to provide deltas to all depending packages I would appreciate any input on which option to choose. == Security == No CVE's found: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=dns-root-data http://secunia.com/advisories/search/?search=dns-root-data http://people.canonical.com/~ubuntu-security/cve/universe.html Package is about public keys / certificates used to verify validity of DNSSEC signatures. Special attention of security team might be needed. == QA == Package works out of the box (data-only package) with no prompting There is no major bugs in Ubuntu: https://launchpad.net/ubuntu/+source/dns-root-data/+bugs There is no major bugs in Debian (just a single wishlist bug): https://bugs.debian.org/cgi-bin/pkgreport.cgi?package=dns-root-data No testsuite provided (seems to be okay for data-only package) The package is maintained well in Debian by Ondřej Surý: https://packages.qa.debian.org/d/dns-root-data.html The package provides debian/README.source == Dependencies == Package has no dependencies == Standards Compliance == FHS compliant Debian Policy compliant (package is compliant to Debian Policy 3.9.5 not the latest 3.9.6) == Maintenance == Can be synced with Debian Server team will own the package ** Affects: dns-root-data (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1426460 Title: [MIR] dns-root-data To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dns-root-data/+bug/1426460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
