From 218184dd17e68f3a13268b93ba07701a825429b8 Mon Sep 17 00:00:00 2001
From: Adam Tkac <atkac@redhat.com>
Date: Dec 02 2010 11:04:20 +0000
Subject: Added root zone DNS key. (Jan Gorig)


Signed-off-by: Adam Tkac <atkac@redhat.com>

---

diff --git a/bind.spec b/bind.spec
index 5d8d787..40e482c 100644
--- a/bind.spec
+++ b/bind.spec
@@ -21,7 +21,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.7.1
-Release:  2.%{PATCHVER}%{?dist}
+Release:  3.%{PATCHVER}%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -44,6 +44,7 @@ Source31: ldap2zone.1
 Source32: named-sdb.8
 Source33: zonetodb.1
 Source34: zone2sqlite.1
+Source35: named.root.key
 
 # Common patches
 Patch5:  bind-nonexec.patch
@@ -387,6 +388,8 @@ touch ${RPM_BUILD_ROOT}/etc/rndc.conf
 mkdir ${RPM_BUILD_ROOT}/etc/named
 install -m 644 bind.keys ${RPM_BUILD_ROOT}/etc/named.iscdlv.key
 
+install -m 644 %{SOURCE35} ${RPM_BUILD_ROOT}/etc/named.root.key
+
 install -m 644 %{SOURCE5}  ./rfc1912.txt
 install -m 644 %{SOURCE21} ./Copyright
 
@@ -541,6 +544,7 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_libdir}/bind
 %config(noreplace) %{_sysconfdir}/sysconfig/named
 %config(noreplace) %attr(-,root,named) %{_sysconfdir}/named.iscdlv.key
+%config(noreplace) %attr(-,root,named) %{_sysconfdir}/named.root.key
 %{_sysconfdir}/rc.d/init.d/named
 %{_sysconfdir}/NetworkManager/dispatcher.d/13-named
 %{_sbindir}/arpaname
@@ -684,6 +688,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Mon Nov 29 2010 Jan Görig <jgorig redhat com> 32:9.7.1-3.P2
+- added root zone DNS key
+
 * Mon Jul 19 2010 Adam Tkac <atkac redhat com> 32:9.7.1-2.P2
 - update to 9.7.1-P2 (CVE-2010-0213)
 
diff --git a/named.init b/named.init
index 1fe5dbd..0af938b 100755
--- a/named.init
+++ b/named.init
@@ -44,7 +44,7 @@ fi
 
 ROOTDIR_MOUNT='/etc/named /etc/pki/dnssec-keys /var/named /etc/named.conf
 /etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key
-/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key'
+/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /etc/named.root.key'
 
 mount_chroot_conf()
 {
diff --git a/named.root.key b/named.root.key
new file mode 100644
index 0000000..3ba6ba9
--- /dev/null
+++ b/named.root.key
@@ -0,0 +1,5 @@
+managed-keys {
+	# DNSKEY for the root zone.
+	# Updates are published on root-dnssec-announce@icann.org
+	. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=";
+};