head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.4 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.2 pkgsrc-2012Q4-base:1.2; locks; strict; comment @# @; 1.2 date 2012.10.25.20.59.46; author he; state dead; branches; next 1.1; 1.1 date 2012.10.08.13.58.48; author he; state Exp; branches; next ; desc @@ 1.2 log @Update to sync with the ldns update to version 1.6.15. This changes the default trust anchor file from the dig-compatible value to a default of /usr/pkg/etc/unbound/root.key. Part of change log relevant to drill: * Configurable default trust anchor with --with-trust-anchor=FILE for drill, ldns-verify-zone and ldns-dane * bugfix #473: Dead code removal and resource leak fix in drill @ text @$NetBSD: patch-aa,v 1.1 2012/10/08 13:58:48 he Exp $ For compatibility with dig, if neither -k nor -D is specified, read /etc/trusted-key.key if it exists, and if successful, turn on DNSSEC handling. --- drill.c.orig 2012-01-20 10:18:41.000000000 +0000 +++ drill.c @@@@ -10,6 +10,8 @@@@ #include "drill.h" #include +#include + #ifdef HAVE_SSL #include #endif @@@@ -397,6 +399,25 @@@@ main(int argc, char *argv[]) argc -= optind; argv += optind; + /* + * If DNSSEC isn't enabled already, and /etc/trusted-key.key + * exists, try to read it and turn on DNSSEC handling if successful. + */ + { + struct stat sb; + + if (stat("/etc/trusted-key.key", &sb) == 0) { + if (qdnssec != true) { + status = read_key_file("/etc/trusted-key.key", key_list); + if (status != LDNS_STATUS_OK) { + error("Could not parse the key file /etc/trusted-key.key: %s", ldns_get_errorstr_by_id(status)); + } else { + qdnssec = true; /* enable that too */ + } + } + } + } + /* do a secure trace when requested */ if (PURPOSE == DRILL_TRACE && qdnssec) { #ifdef HAVE_SSL @ 1.1 log @Add a patch each to code and documentation so that drill probes for /etc/trusted-key.key, and uses that as a trust anchor if neither -D nor -k options were specified. This feature is borrowed from BIND's dig when it is compiled with SIGCHASE support. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @