mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-22 10:10:06 +00:00
1d761cb453
3741. [func] "delve" (domain entity lookup and validation engine): A new tool with dig-like semantics for performing DNS lookups, with internal DNSSEC validation, using the same resolver and validator logic as named. This allows easy validation of DNSSEC data in environments with untrustworthy resolvers, and assists with troubleshooting of DNSSEC problems. (Note: not yet available on win32.) [RT #32406]
100 lines
5.0 KiB
C
100 lines
5.0 KiB
C
/*
|
|
* Generated by bindkeys.pl 1.7 2011/01/04 23:47:13 tbox Exp
|
|
* From bind.keys 1.7 2011/01/03 23:45:07 each Exp
|
|
*/
|
|
#define TRUSTED_KEYS "\
|
|
# The bind.keys file is used to override the built-in DNSSEC trust anchors\n\
|
|
# which are included as part of BIND 9. As of the current release, the only\n\
|
|
# trust anchors it contains are those for the DNS root zone (\".\"), and for\n\
|
|
# the ISC DNSSEC Lookaside Validation zone (\"dlv.isc.org\"). Trust anchors\n\
|
|
# for any other zones MUST be configured elsewhere; if they are configured\n\
|
|
# here, they will not be recognized or used by named.\n\
|
|
#\n\
|
|
# The built-in trust anchors are provided for convenience of configuration.\n\
|
|
# They are not activated within named.conf unless specifically switched on.\n\
|
|
# To use the built-in root key, set \"dnssec-validation auto;\" in\n\
|
|
# named.conf options. To use the built-in DLV key, set\n\
|
|
# \"dnssec-lookaside auto;\". Without these options being set,\n\
|
|
# the keys in this file are ignored.\n\
|
|
#\n\
|
|
# This file is NOT expected to be user-configured.\n\
|
|
#\n\
|
|
# These keys are current as of January 2011. If any key fails to\n\
|
|
# initialize correctly, it may have expired. In that event you should\n\
|
|
# replace this file with a current version. The latest version of\n\
|
|
# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.\n\
|
|
\n\
|
|
trusted-keys {\n\
|
|
# ISC DLV: See https://www.isc.org/solutions/dlv for details.\n\
|
|
# NOTE: This key is activated by setting \"dnssec-lookaside auto;\"\n\
|
|
# in named.conf.\n\
|
|
dlv.isc.org. 257 3 5 \"BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2\n\
|
|
brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+\n\
|
|
1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5\n\
|
|
ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk\n\
|
|
Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM\n\
|
|
QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt\n\
|
|
TDN0YUuWrBNh\";\n\
|
|
\n\
|
|
# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml\n\
|
|
# for current trust anchor information.\n\
|
|
# NOTE: This key is activated by setting \"dnssec-validation auto;\"\n\
|
|
# in named.conf.\n\
|
|
. 257 3 8 \"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF\n\
|
|
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX\n\
|
|
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD\n\
|
|
X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz\n\
|
|
W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS\n\
|
|
Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq\n\
|
|
QxA+Uk1ihz0=\";\n\
|
|
};\n\
|
|
"
|
|
|
|
#define MANAGED_KEYS "\
|
|
# The bind.keys file is used to override the built-in DNSSEC trust anchors\n\
|
|
# which are included as part of BIND 9. As of the current release, the only\n\
|
|
# trust anchors it contains are those for the DNS root zone (\".\"), and for\n\
|
|
# the ISC DNSSEC Lookaside Validation zone (\"dlv.isc.org\"). Trust anchors\n\
|
|
# for any other zones MUST be configured elsewhere; if they are configured\n\
|
|
# here, they will not be recognized or used by named.\n\
|
|
#\n\
|
|
# The built-in trust anchors are provided for convenience of configuration.\n\
|
|
# They are not activated within named.conf unless specifically switched on.\n\
|
|
# To use the built-in root key, set \"dnssec-validation auto;\" in\n\
|
|
# named.conf options. To use the built-in DLV key, set\n\
|
|
# \"dnssec-lookaside auto;\". Without these options being set,\n\
|
|
# the keys in this file are ignored.\n\
|
|
#\n\
|
|
# This file is NOT expected to be user-configured.\n\
|
|
#\n\
|
|
# These keys are current as of January 2011. If any key fails to\n\
|
|
# initialize correctly, it may have expired. In that event you should\n\
|
|
# replace this file with a current version. The latest version of\n\
|
|
# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.\n\
|
|
\n\
|
|
managed-keys {\n\
|
|
# ISC DLV: See https://www.isc.org/solutions/dlv for details.\n\
|
|
# NOTE: This key is activated by setting \"dnssec-lookaside auto;\"\n\
|
|
# in named.conf.\n\
|
|
dlv.isc.org. initial-key 257 3 5 \"BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2\n\
|
|
brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+\n\
|
|
1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5\n\
|
|
ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk\n\
|
|
Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM\n\
|
|
QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt\n\
|
|
TDN0YUuWrBNh\";\n\
|
|
\n\
|
|
# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml\n\
|
|
# for current trust anchor information.\n\
|
|
# NOTE: This key is activated by setting \"dnssec-validation auto;\"\n\
|
|
# in named.conf.\n\
|
|
. initial-key 257 3 8 \"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF\n\
|
|
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX\n\
|
|
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD\n\
|
|
X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz\n\
|
|
W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS\n\
|
|
Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq\n\
|
|
QxA+Uk1ihz0=\";\n\
|
|
};\n\
|
|
"
|