# Purpose This package contains some data needed by recursive DNS resolvers to use the global DNS infrastructure: - root.hints: the IP addresses of the root name servers - root.key: the root zone DNSSEC trust anchor(s) as DNSKEY records - root.ds: the root zone DNSSEC trust anchor(s) as DS records # Freshness While this data should be kept current, and this package will do so on supported Debian releases, it is usually not critical if it is not. Resolvers continuously refresh the root name servers list, ensuring functionality as long as some IPs in root.hints remain valid. Given that these IPs change rarely, the possibility of all becoming outdated is not a major concern. As long a resolver was initially installed when one of the trust anchors in this package was valid, it can securely fetch future trust anchors using the RFC 5011 mechanism. # Upgrades The package will be backported as needed to supported Debian releases and becomes automatically available with other system updates. The current binary package can also be manually installed on unsupported Debian releases, since it does not depend on any other package. # The source package The dns-root-data source package contains: - the root zone DNSSEC trust anchors (root-anchors.xml), downloaded from https://data.iana.org/root-anchors/ and verified using an ICANN public key (icannbundle.pem) - the root hints file (root.hints), downloaded from https://www.iana.org/domains/root/files and verified using a Verisign public key (registry-admin.key) When the binary package is built, these files are verified again and then the DS and DNSKEY resource records for the root zone Key Signing Key are extracted from root-anchors.xml. The data in the source package can be updated by the maintainer by using the get_orig_source target of debian/rules.
Generated by dwww version 1.14 on Mon Apr 7 11:15:39 CEST 2025.