From 39f05287801aa9ff6d4ccbd96f262b6bfdcd653c Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank@brehm-online.com>
Date: Mon, 18 Sep 2017 12:54:43 +0200
Subject: [PATCH] committing changes in /etc after apt run

Package changes:
-augeas-lenses 1.8.0-1 all
+augeas-lenses 1.8.0-1+deb9u1 all
-bind9 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64
-bind9-host 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64
-bind9utils 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64
+bind9 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64
+bind9-host 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64
+bind9utils 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64
-dnsutils 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64
+dnsutils 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64
-file 1:5.30-1 amd64
+file 1:5.30-1+deb9u1 amd64
-libaugeas0 1.8.0-1 amd64
+libaugeas0 1.8.0-1+deb9u1 amd64
-libbind9-140 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64
+libbind9-140 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64
-libdns-export162 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64
+libdns-export162 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64
-libdns162 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64
+libdns162 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64
-libgcrypt20 1.7.6-2+deb9u1 amd64
-libgd3 2.2.4-2+deb9u1 amd64
+libgcrypt20 1.7.6-2+deb9u2 amd64
+libgd3 2.2.4-2+deb9u2 amd64
-libirs141 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64
-libisc-export160 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64
-libisc160 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64
+libirs141 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64
+libisc-export160 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64
+libisc160 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64
-libisccc140 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64
+libisccc140 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64
-libisccfg140 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64
+libisccfg140 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64
-liblwres141 1:9.10.3.dfsg.P4-12.3+deb9u2 amd64
+liblwres141 1:9.10.3.dfsg.P4-12.3+deb9u3 amd64
-libmagic-mgc 1:5.30-1 amd64
-libmagic1 1:5.30-1 amd64
-libmariadbclient18 10.1.23-9+deb9u1 amd64
+libmagic-mgc 1:5.30-1+deb9u1 amd64
+libmagic1 1:5.30-1+deb9u1 amd64
+libmariadbclient18 10.1.26-0+deb9u1 amd64
-libxml2 2.9.4+dfsg1-2.2 amd64
+libxml2 2.9.4+dfsg1-2.2+deb9u1 amd64
-mariadb-client 10.1.23-9+deb9u1 all
+mariadb-client 10.1.26-0+deb9u1 all
-mariadb-client-10.1 10.1.23-9+deb9u1 amd64
-mariadb-client-core-10.1 10.1.23-9+deb9u1 amd64
-mariadb-common 10.1.23-9+deb9u1 all
+mariadb-client-10.1 10.1.26-0+deb9u1 amd64
+mariadb-client-core-10.1 10.1.26-0+deb9u1 amd64
+mariadb-common 10.1.26-0+deb9u1 all
-tcpdump 4.9.0-2 amd64
+tcpdump 4.9.2-1~deb9u1 amd64
---
 bind/bind.keys | 67 +++++++++++++++++++++++++++++++++-----------------
 1 file changed, 45 insertions(+), 22 deletions(-)

diff --git a/bind/bind.keys b/bind/bind.keys
index 068a8ce..db22d4b 100644
--- a/bind/bind.keys
+++ b/bind/bind.keys
@@ -1,4 +1,3 @@
-/* $Id: bind.keys,v 1.7 2011/01/03 23:45:07 each Exp $ */
 # The bind.keys file is used to override the built-in DNSSEC trust anchors
 # which are included as part of BIND 9.  As of the current release, the only
 # trust anchors it contains are those for the DNS root zone ("."), and for
@@ -15,32 +14,56 @@
 #
 # This file is NOT expected to be user-configured.
 #
-# These keys are current as of January 2011.  If any key fails to
+# These keys are current as of Feburary 2017.  If any key fails to
 # initialize correctly, it may have expired.  In that event you should
 # replace this file with a current version.  The latest version of
 # bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
 
 managed-keys {
-	# ISC DLV: See https://www.isc.org/solutions/dlv for details.
-        # NOTE: This key is activated by setting "dnssec-lookaside auto;"
-        # in named.conf.
-	dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
-		brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
-		1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
-		ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
-		Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
-		QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
-		TDN0YUuWrBNh";
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
 
-	# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
-	# for current trust anchor information.
-        # NOTE: This key is activated by setting "dnssec-validation auto;"
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
         # in named.conf.
-	. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
-		FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
-		bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
-		X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
-		W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
-		Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
-		QxA+Uk1ihz0=";
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
 };
-- 
2.39.5