Various trust anchors

diff --git a/anchors/ca/cacert.org.pem.zst b/anchors/ca/cacert.org.pem.zst
new file mode 100644 (file)
index 0000000..14ba424
Binary files /dev/null and b/anchors/ca/cacert.org.pem.zst differ

diff --git a/anchors/ca/gogetssl.pem.zst b/anchors/ca/gogetssl.pem.zst
new file mode 100644 (file)
index 0000000..63082df
Binary files /dev/null and b/anchors/ca/gogetssl.pem.zst differ

diff --git a/anchors/ca/lets_encrypt-ecdsa.pem.zst b/anchors/ca/lets_encrypt-ecdsa.pem.zst
new file mode 100644 (file)
index 0000000..03732f3
Binary files /dev/null and b/anchors/ca/lets_encrypt-ecdsa.pem.zst differ

diff --git a/anchors/ca/lets_encrypt-rsa.pem.zst b/anchors/ca/lets_encrypt-rsa.pem.zst
new file mode 100644 (file)
index 0000000..0da1391
Binary files /dev/null and b/anchors/ca/lets_encrypt-rsa.pem.zst differ

diff --git a/anchors/dns/@ b/anchors/dns/@
new file mode 100644 (file)
index 0000000..24c808f
--- /dev/null
+++ b/anchors/dns/@
@@ -0,0 +1,26 @@
+198.41.0.4
+2001:503:ba3e::2:30
+199.9.14.201
+2001:500:200::b
+192.33.4.12
+2001:500:2::c
+199.7.91.13
+2001:500:2d::d
+192.203.230.10
+2001:500:a8::e
+192.5.5.241
+2001:500:2f::f
+192.112.36.4
+2001:500:12::d0d
+198.97.190.53
+2001:500:1::53
+192.36.148.17
+2001:7fe::53
+192.58.128.30
+2001:503:c27::2:30
+193.0.14.129
+2001:7fd::1
+199.7.83.42
+2001:500:9f::42
+202.12.27.33
+2001:dc3::35

diff --git a/anchors/dns/@.do b/anchors/dns/@.do
new file mode 100644 (file)
index 0000000..248c5f5
--- /dev/null
+++ b/anchors/dns/@.do
@@ -0,0 +1,6 @@
+redo-ifchange root-servers.net.zone
+perl -lane 'print $F[$#F] if $F[3] =~ /^AA?/' < root-servers.net.zone |
+while read addr ; do
+    [ "${addr#*:}" = "$addr" ] && echo $addr ||
+        sipcalc $addr | perl -lane 'print $F[$#F] if /^Compressed address/'
+done

diff --git a/anchors/dns/root-servers.net.zone.do b/anchors/dns/root-servers.net.zone.do
new file mode 100644 (file)
index 0000000..c47e01c
--- /dev/null
+++ b/anchors/dns/root-servers.net.zone.do
@@ -0,0 +1,5 @@
+wget -O $3.gz https://www.internic.net/zones/root-servers.net.zone.gz
+wget -O $3.gz.sig https://www.internic.net/zones/root-servers.net.zone.gz.sig
+gpg --keyring ~/keyrings/mein.kbx --verify $3.gz.sig
+rm $3.gz.sig
+gunzip $3.gz

diff --git a/anchors/dnssec/default.do b/anchors/dnssec/default.do
new file mode 100644 (file)
index 0000000..e7b619d
--- /dev/null
+++ b/anchors/dnssec/default.do
@@ -0,0 +1 @@
+wget -O $3 http://data.iana.org/root-anchors/$1

diff --git a/anchors/dnssec/root.key b/anchors/dnssec/root.key
new file mode 100644 (file)
index 0000000..864400c
--- /dev/null
+++ b/anchors/dnssec/root.key
@@ -0,0 +1 @@
+.      172800  IN      DNSKEY  257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1628844974 ;;Fri Aug 13 11:56:14 2021

diff --git a/anchors/dnssec/root.key.do b/anchors/dnssec/root.key.do
new file mode 100644 (file)
index 0000000..e4cf108
--- /dev/null
+++ b/anchors/dnssec/root.key.do
@@ -0,0 +1,2 @@
+redo-ifchange icannbundle.pem root-anchors.p7s root-anchors.xml
+unbound-anchor -a $3 -c icannbundle.pem -x root-anchors.xml -s root-anchors.p7s