tags 860064 +stretch tags 860064 +jessie thanks Am 01.07.2018 um 15:38 schrieb Adam D. Barratt: > On Sun, 2018-07-01 at 11:38 +0000, Martin, Christoph wrote: >> dns-root-data had an update a week before. the file with the dns root >> keys was updated. at least the format has changed. > > To re-iterate, no such change has happened recently in stretch. > > I understand that the update in jessie may have introduced such a > change, but at this stage there's unfortunately nothing that either the > security or release teams can do about that, as jessie is EOL and has > moved to the LTS team.
The file /usr/share/dns/root.ds was changed in both jessie and stretch with the update at june 24th: # ls -l /tmp/usr/share/dns/root.ds /usr/share/dns/root.ds -rw-r--r-- 1 root root 83 Aug 24 2017 /tmp/usr/share/dns/root.ds -rw-r--r-- 1 root root 180 Dec 8 2017 /usr/share/dns/root.ds # diff -u /tmp/usr/share/dns/root.ds /usr/share/dns/root.ds --- /tmp/usr/share/dns/root.ds 2017-08-24 11:37:46.000000000 +0200 +++ /usr/share/dns/root.ds 2017-12-08 07:31:40.000000000 +0100 @@ -1 +1,2 @@ -. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 +. 172800 IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 +. 172800 IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d So both jessie and stretch are affected und should get an update of /etc/init.d/dnsmasq . The following patch fixes it: # diff -u /etc/init.d/dnsmasq~ /etc/init.d/dnsmasq --- /etc/init.d/dnsmasq~ 2015-05-05 11:17:08.000000000 +0200 +++ /etc/init.d/dnsmasq 2018-06-25 10:04:05.138221809 +0200 @@ -111,7 +111,8 @@ ROOT_DS="/usr/share/dns/root.ds" if [ -f $ROOT_DS ]; then - DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e s/". IN DS "/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS | tr '\n' ' '`" +# DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e s/". IN DS "/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS | tr '\n' ' '`" + DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e s/".*\sIN\sDS\s"/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS | tr '\n' ' '`" fi start() -- ============================================================================ Christoph Martin, Leiter Unix-Systeme Zentrum für Datenverarbeitung, Uni-Mainz, Germany Anselm Franz von Bentzel-Weg 12, 55128 Mainz Telefon: +49(6131)3926337 Instant-Messaging: Jabber/XMPP: mar...@jabber.uni-mainz.de
<<attachment: martin.vcf>>
signature.asc
Description: OpenPGP digital signature
