From: Sergey Matveev Date: Fri, 13 Aug 2021 09:08:25 +0000 (+0300) Subject: Various trust anchors X-Git-Url: http://www.git.stargrave.org/?p=dotfiles.git;a=commitdiff_plain;h=3a2b61ae440b2d8913ccb5258ce56ba6c4f78d92 Various trust anchors --- diff --git a/anchors/ca/cacert.org.pem.zst b/anchors/ca/cacert.org.pem.zst new file mode 100644 index 0000000..14ba424 Binary files /dev/null and b/anchors/ca/cacert.org.pem.zst differ diff --git a/anchors/ca/gogetssl.pem.zst b/anchors/ca/gogetssl.pem.zst new file mode 100644 index 0000000..63082df Binary files /dev/null and b/anchors/ca/gogetssl.pem.zst differ diff --git a/anchors/ca/lets_encrypt-ecdsa.pem.zst b/anchors/ca/lets_encrypt-ecdsa.pem.zst new file mode 100644 index 0000000..03732f3 Binary files /dev/null and b/anchors/ca/lets_encrypt-ecdsa.pem.zst differ diff --git a/anchors/ca/lets_encrypt-rsa.pem.zst b/anchors/ca/lets_encrypt-rsa.pem.zst new file mode 100644 index 0000000..0da1391 Binary files /dev/null and b/anchors/ca/lets_encrypt-rsa.pem.zst differ diff --git a/anchors/dns/@ b/anchors/dns/@ new file mode 100644 index 0000000..24c808f --- /dev/null +++ b/anchors/dns/@ @@ -0,0 +1,26 @@ +198.41.0.4 +2001:503:ba3e::2:30 +199.9.14.201 +2001:500:200::b +192.33.4.12 +2001:500:2::c +199.7.91.13 +2001:500:2d::d +192.203.230.10 +2001:500:a8::e +192.5.5.241 +2001:500:2f::f +192.112.36.4 +2001:500:12::d0d +198.97.190.53 +2001:500:1::53 +192.36.148.17 +2001:7fe::53 +192.58.128.30 +2001:503:c27::2:30 +193.0.14.129 +2001:7fd::1 +199.7.83.42 +2001:500:9f::42 +202.12.27.33 +2001:dc3::35 diff --git a/anchors/dns/@.do b/anchors/dns/@.do new file mode 100644 index 0000000..248c5f5 --- /dev/null +++ b/anchors/dns/@.do @@ -0,0 +1,6 @@ +redo-ifchange root-servers.net.zone +perl -lane 'print $F[$#F] if $F[3] =~ /^AA?/' < root-servers.net.zone | +while read addr ; do + [ "${addr#*:}" = "$addr" ] && echo $addr || + sipcalc $addr | perl -lane 'print $F[$#F] if /^Compressed address/' +done diff --git a/anchors/dns/root-servers.net.zone.do b/anchors/dns/root-servers.net.zone.do new file mode 100644 index 0000000..c47e01c --- /dev/null +++ b/anchors/dns/root-servers.net.zone.do @@ -0,0 +1,5 @@ +wget -O $3.gz https://www.internic.net/zones/root-servers.net.zone.gz +wget -O $3.gz.sig https://www.internic.net/zones/root-servers.net.zone.gz.sig +gpg --keyring ~/keyrings/mein.kbx --verify $3.gz.sig +rm $3.gz.sig +gunzip $3.gz diff --git a/anchors/dnssec/default.do b/anchors/dnssec/default.do new file mode 100644 index 0000000..e7b619d --- /dev/null +++ b/anchors/dnssec/default.do @@ -0,0 +1 @@ +wget -O $3 http://data.iana.org/root-anchors/$1 diff --git a/anchors/dnssec/root.key b/anchors/dnssec/root.key new file mode 100644 index 0000000..864400c --- /dev/null +++ b/anchors/dnssec/root.key @@ -0,0 +1 @@ +. 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1628844974 ;;Fri Aug 13 11:56:14 2021 diff --git a/anchors/dnssec/root.key.do b/anchors/dnssec/root.key.do new file mode 100644 index 0000000..e4cf108 --- /dev/null +++ b/anchors/dnssec/root.key.do @@ -0,0 +1,2 @@ +redo-ifchange icannbundle.pem root-anchors.p7s root-anchors.xml +unbound-anchor -a $3 -c icannbundle.pem -x root-anchors.xml -s root-anchors.p7s