[Unbound-users] Validating the root: translation of ICANN XML file
Hauke Lampe
lampe at hauke-lampe.de
Tue Jul 20 11:27:34 UTC 2010
On 07/18/2010 12:01 AM, Stephane Bortzmeyer wrote:
>> you should add the -o option to wget, otherwise you may have asecurity risk
That should be "-O". In older versions of wget (1.10.2/Debian Etch),
this option does not works together with "-nc". The empty output file is
created first, therefore "-nc" never downloads anything.
Another thing I noticed is that newer wget always sets a downloaded
file's mtime to the timestamp received in the headers, with no apparent
way to disable it.
> Fixed on my local copy as well. Apart from that, does it work for you?
It does work for me. I attached a modified version that also outputs
"root-anchors.mkey" with the key wrapped in BIND's "managed-keys" clause.
Thanks Stéphane. With your Makefile and XSLT, it's very easy to verify
and convert the root anchors from IANA for use with Unbound an BIND.
root-anchors.txt for unbound and "(auto-)trust-anchor-file".
root-anchors.mkey for RFC5011 mangement with BIND.
root-anchors.dnskey for static "trusted-keys" configuration.
Hauke
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Makefile
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20100720/0fa5e52f/attachment-0003.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20100720/0fa5e52f/attachment-0003.bin>
-------------- next part --------------
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the Unbound-users
mailing list