Re: #860064 dnsmasq will not start after dns-root-data upgrade

[Christoph Martin <martin@uni-mainz.de>]

tags 860064 +stretch
tags 860064 +jessie
thanks

Am 01.07.2018 um 15:38 schrieb Adam D. Barratt:
> On Sun, 2018-07-01 at 11:38 +0000, Martin, Christoph wrote:
>> dns-root-data had an update a week before. the file with the dns root
>> keys was updated. at least the format has changed.
> 
> To re-iterate, no such change has happened recently in stretch.
> 
> I understand that the update in jessie may have introduced such a
> change, but at this stage there's unfortunately nothing that either the
> security or release teams can do about that, as jessie is EOL and has
> moved to the LTS team.

The file /usr/share/dns/root.ds was changed in both jessie and stretch
with the update at june 24th:

# ls -l /tmp/usr/share/dns/root.ds /usr/share/dns/root.ds
-rw-r--r-- 1 root root  83 Aug 24  2017 /tmp/usr/share/dns/root.ds
-rw-r--r-- 1 root root 180 Dec  8  2017 /usr/share/dns/root.ds

# diff -u /tmp/usr/share/dns/root.ds /usr/share/dns/root.ds
--- /tmp/usr/share/dns/root.ds  2017-08-24 11:37:46.000000000 +0200
+++ /usr/share/dns/root.ds      2017-12-08 07:31:40.000000000 +0100
@@ -1 +1,2 @@
-. IN DS 19036 8 2
49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+.      172800  IN      DS      19036 8 2
49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
+.      172800  IN      DS      20326 8 2
e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d

So both jessie and stretch are affected und should get an update of
/etc/init.d/dnsmasq .

The following patch fixes it:

# diff -u /etc/init.d/dnsmasq~ /etc/init.d/dnsmasq
--- /etc/init.d/dnsmasq~        2015-05-05 11:17:08.000000000 +0200
+++ /etc/init.d/dnsmasq 2018-06-25 10:04:05.138221809 +0200
@@ -111,7 +111,8 @@
 ROOT_DS="/usr/share/dns/root.ds"

 if [ -f $ROOT_DS ]; then
-   DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e s/". IN DS "/--trust-anchor=.,/
-e s/" "/,/g $ROOT_DS | tr '\n' ' '`"
+#   DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e s/". IN DS "/--trust-anchor=.,/
-e s/" "/,/g $ROOT_DS | tr '\n' ' '`"
+   DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e
s/".*\sIN\sDS\s"/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS | tr '\n' ' '`"
 fi

 start()



-- 
============================================================================
Christoph Martin, Leiter Unix-Systeme
Zentrum für Datenverarbeitung, Uni-Mainz, Germany
 Anselm Franz von Bentzel-Weg 12, 55128 Mainz
 Telefon: +49(6131)3926337
 Instant-Messaging: Jabber/XMPP: martin@jabber.uni-mainz.de

begin:vcard
fn:Christoph Martin
n:Martin;Christoph
org;quoted-printable;quoted-printable:Johannes Gutenberg-Universit=C3=A4t Mainz;Zentrum f=C3=BCr Datenverarbeitung
adr:;;Anselm Franz von Bentzel-Weg 12;Mainz;Rheinland-Pfalz;55128;Germany
email;internet:martin@uni-mainz.de
title:Leiter Unix-Systeme
tel;work:+49-6131-3926337
tel;fax:+49-6131-3926407
tel;cell:+49-179-7952652
x-mozilla-html:FALSE
version:2.1
end:vcard

Attachment: signature.asc
Description: OpenPGP digital signature