(address . guix-patches@gnu.org)(name . Leo Nikkilä)(address . hello@lnikki.la)
The default DNSSEC trust anchors for knot-resolver are currently
disabled through a build phase, but configured when you use the default
kresd.conf file provided by Guix.
If you write your own configuration, you might expect kresd to have
DNSSEC enabled by default since this is what upstream does [1]. On Guix,
DNSSEC is disabled unless you provide the same custom path in your own
configuration and install the file into the appropriate location.
This set updates the package to be built with the correct path as the
default, and the service to use that path and install the default trust
anchors at activation time when missing.
Leo Nikkilä (2):
gnu: knot-resolver: Re-enable default DNSSEC trust anchors.
services: knot-resolver: Use default DNSSEC trust anchors.
gnu/packages/dns.scm | 20 +++++++++++++-------
gnu/services/dns.scm | 17 +++++++++++++----
2 files changed, 26 insertions(+), 11 deletions(-)
base-commit: 9072f27f5d3514be22c6af208f2ad56ef4e112f4
--
2.41.0