dns-root-data

See README.Debian for general guidelines.

Salsa CI: only provides http/https outgoing access, direct DNS access is blocked, so the DEP8 “baseline” test can’t run. See autopkgtest to run it locally.

Manual testing with BIND:

dpkg -i dns-root-data_new_all.dpkg

apt install bind9 bind9-dnsutils
tail /var/log/syslog

# DNS
dig debian.org @127.0.0.1

# DNSSEC
delv debian.org
delv debian.org | grep 'fully validated'

dig debian.org +dnssec @127.0.0.1
dig DNSKEY debian.org @127.0.0.1
dig DS debian.org +trace @127.0.0.1

# Ensure that bind9 is actually using our data
service bind9 stop
mv /usr/share/dns /usr/share/dns.bak
mkdir /usr/share/dns/
touch /usr/share/dns/root.hints
service bind9 start
tail /var/log/syslog
delv debian.org  # SERVFAIL

Copyright (C) 2025 Sylvain Beucler