From 11ed077671ba1b81d39fa0906dc6fd3d6c7630be Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 3 Apr 2011 17:32:20 +0200
Subject: [PATCH] umn forwarders break dnssec

They don't give us NSEC records for missing DS records,
e.g:

| weasel@saens:~$ dig @128.101.101.101 debian.com  -t ds +dnssec
|
| ; <<>> DiG 9.7.3 <<>> @128.101.101.101 debian.com -t ds +dnssec
| ; (1 server found)
| ;; global options: +cmd
| ;; Got answer:
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13955
| ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
|
| ;; OPT PSEUDOSECTION:
| ; EDNS: version: 0, flags: do; udp: 4096
| ;; QUESTION SECTION:
| ;debian.com.                    IN      DS
|
| ;; AUTHORITY SECTION:
| com.                    527     IN      SOA     a.gtld-servers.net. nstld.verisign-grs.com. 1301844372 1800 900 604800 86400
| com.                    527     IN      RRSIG   SOA 8 1 900 20110410152612 20110403141612 1793 com. JFEZa5Kb5xJyibTSX4YySdz8fY53Vftd1VswlmEMJSkMyUIqq2zYWJm6 zvpK1y4RjE9Abv7vo5X8GcMuOg4TO31Pf6rAdloqYvcqZyFtu7DBoxYF A1lpz0w5Ru9stynHe4sNTk2xnbODzbZlW5DmUpPV4b1MjbxLgXkCyuLs H6o=
|
| ;; Query time: 1 msec
| ;; SERVER: 128.101.101.101#53(128.101.101.101)
| ;; WHEN: Sun Apr  3 15:32:58 2011
| ;; MSG SIZE  rcvd: 275

(no NSEC3 records)
---
 modules/debian-org/misc/hoster.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/debian-org/misc/hoster.yaml b/modules/debian-org/misc/hoster.yaml
index 706101b24..b595ae1b3 100644
--- a/modules/debian-org/misc/hoster.yaml
+++ b/modules/debian-org/misc/hoster.yaml
@@ -161,6 +161,7 @@ ugent:
 umn:
   netrange:
     - 128.101.240.212
+  nameservers_break_dnssec: true
   nameservers: [128.101.101.101, 134.84.84.84]
 utwente:
   netrange:
-- 
2.20.1