From f094f4ea3c943c5b5b2b6fa8bee0e7a8f3cfdc51 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Thu, 25 Jul 2024 11:42:22 +0200 Subject: [PATCH] - Add root key 38696 from 2024 for DNSSEC validation. It is added to the default root keys in unbound-anchor. The content can be inspected with `unbound-anchor -l`. --- doc/Changelog | 5 +++++ smallapp/unbound-anchor.c | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index 15919c46c..aba7407d7 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,8 @@ +25 July 2024: Wouter + - Add root key 38696 from 2024 for DNSSEC validation. It is added + to the default root keys in unbound-anchor. The content can be + inspected with `unbound-anchor -l`. + 23 July 2024: Yorgos - Fix #1106: ratelimit-below-domain logs the wrong FROM address. - Cleanup ede.tdir test. diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c index aa39dcf0d..bd4a121f7 100644 --- a/smallapp/unbound-anchor.c +++ b/smallapp/unbound-anchor.c @@ -183,7 +183,9 @@ static const char DS_TRUST_ANCHOR[] = /* The anchors must start on a new line with ". IN DS and end with \n"[;] * because the makedist script greps on the source here */ /* anchor 20326 is from 2017 */ -". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n"; +". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n" + /* anchor 38696 is from 2024 */ +". IN DS 38696 8 2 683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16\n"; /** verbosity for this application */ static int verb = 0;