El 08/10/18 a las 20:02, Adam D. Barratt escribió: > Control: severity -1 normal > Control: tags -1 + confirmed > > On Mon, 2018-10-08 at 19:35 +0200, Santiago Ruano Rincón wrote: > > Package: release.debian.org > > Severity: important > > p-u requests are always "normal". > > > I'd like to propose the attached dnsmasq NMU to update the DNSSEC > > trust anchor shipped with the package, to the forthcoming KSK-2017, > > whose rollover will be happen next Thursday (2018-10-11). Please see > > #907887: > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907887 > > > > While I have no feedback from Simon (in CC, and I hope he's doing > > well), I think this upload is important to prevent issues in non- > > default scenarios, where dnsmasq is running with DNSSEC enabled and > > relying on the trust anchors file included in dnsmasq-base. > > I assume you mean "and *not* relying on"?
Not exactly, I wasn't clear actually. Users have to manually enable DNSSEC in dnsmasq, and they need to let dnsmasq know where or how to find the trust anchors. E.g. the trust-anchors.conf shipped file, or by installing the dns-root-data package. > > Please go ahead. Thanks! -- Santiago
signature.asc
Description: PGP signature
