From 5996164becccae8f92a0d7f74cb1be83809d6116 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik@redhat.com>
Date: Aug 18 2017 13:25:22 +0000
Subject: Skip always failing kr.com, update root IPs (#1482939)


---

diff --git a/dnssec-trigger-0.13-hints-update.patch b/dnssec-trigger-0.13-hints-update.patch
new file mode 100644
index 0000000..349105b
--- /dev/null
+++ b/dnssec-trigger-0.13-hints-update.patch
@@ -0,0 +1,49 @@
+From fab878a1eba7221c718b74b47ac74fc67066ee57 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Fri, 18 Aug 2017 12:04:14 +0200
+Subject: [PATCH 2/2] Update root servers IPs
+
+---
+ riggerd/probe.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/riggerd/probe.c b/riggerd/probe.c
+index a443d5f..262e618 100644
+--- a/riggerd/probe.c
++++ b/riggerd/probe.c
+@@ -176,7 +176,7 @@ get_random_auth_ip4(void)
+ 		"192.203.230.10", /* e */
+ 		"192.5.5.241", /* f */
+ 		"192.112.36.4", /* g */
+-		"128.63.2.53", /* h */
++		"198.97.190.53", /* h */
+ 		"192.36.148.17", /* i */
+ 		"192.58.128.30", /* j */
+ 		"193.0.14.129", /* k */
+@@ -193,17 +193,20 @@ get_random_auth_ip6(void)
+ 	/* list of root servers */
+ 	const char* choices[] = {
+ 		"2001:503:ba3e::2:30", /* a */
++		"2001:500:200::b", /* b */
+ 		"2001:500:2::c", /* c */
+ 		"2001:500:2d::d", /* d */
++		"2001:500:a8::e", /* e */
+ 		"2001:500:2f::f", /* f */
+-		"2001:500:1::803f:235", /* h */
++		"2001:500:12::d0d", /* g */
++		"2001:500:1::53", /* h */
+ 		"2001:7fe::53", /* i */
+ 		"2001:503:c27::2:30", /* j */
+ 		"2001:7fd::1", /* k */
+-		"2001:500:3::42", /* l */
++		"2001:500:9f::42", /* l */
+ 		"2001:dc3::35" /* m */
+ 	};
+-	return choices[ ldns_get_random() % 10 ];
++	return choices[ ldns_get_random() % 13 ];
+ }
+ 
+ static const char* get_random_tcp80_ip4(struct cfg* cfg)
+-- 
+2.9.5
+
diff --git a/dnssec-trigger-0.13-remove-kr.com-probe.patch b/dnssec-trigger-0.13-remove-kr.com-probe.patch
new file mode 100644
index 0000000..a3eec65
--- /dev/null
+++ b/dnssec-trigger-0.13-remove-kr.com-probe.patch
@@ -0,0 +1,27 @@
+From 3ad04ca4b4080e314b9ea05c577e8bfe5e88804f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Fri, 18 Aug 2017 12:00:20 +0200
+Subject: [PATCH 1/2] Remove kr.com because of DNSSEC failures
+
+---
+ riggerd/probe.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/riggerd/probe.c b/riggerd/probe.c
+index dcd83dd..a443d5f 100644
+--- a/riggerd/probe.c
++++ b/riggerd/probe.c
+@@ -156,8 +156,8 @@ get_random_dest(void)
+ static const char*
+ get_random_nsec3_dest(void)
+ {
+-	const char* choices[] = { "_probe.us.com.", "_probe.uk.com.", "_probe.kr.com.", "_probe.uk.net." };
+-	return choices[ ldns_get_random() % 4 ];
++	const char* choices[] = { "_probe.us.com.", "_probe.uk.com.", "_probe.uk.net." };
++	return choices[ ldns_get_random() % 3 ];
+ }
+ 
+ /** the NSEC3 qtype to elicit it (a nodata answer) */
+-- 
+2.9.5
+
diff --git a/dnssec-trigger.spec b/dnssec-trigger.spec
index 941806a..c666f9b 100644
--- a/dnssec-trigger.spec
+++ b/dnssec-trigger.spec
@@ -5,7 +5,7 @@
 Summary: Tool for dynamic reconfiguration of validating resolver Unbound
 Name: dnssec-trigger
 Version: 0.13
-Release: 5%{?svn_snapshot:.%{svn_snapshot}svn}%{?dist}
+Release: 6%{?svn_snapshot:.%{svn_snapshot}svn}%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/
 
@@ -22,6 +22,8 @@ Source3: dnssec-trigger-workstation.conf
 # Patches
 # https://github.com/oerdnj/dnssec-trigger/commit/2fcc4bce2043149074bcf09fcb8ee3a0c7bc2348
 Patch0:  dnssec-trigger-0.13-openssl-1.1.0-fixup.patch
+Patch1:  dnssec-trigger-0.13-remove-kr.com-probe.patch
+Patch2:  dnssec-trigger-0.13-hints-update.patch
 
 # to obsolete the version in which the panel was in main package
 Obsoletes: %{name} < 0.12-22
@@ -79,6 +81,8 @@ some user input is needed, the panel creates a dialog window.
 sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zones=no/" dnssec.conf
 
 %patch0 -p1 -b .openssl-110-fixup
+%patch1 -p1
+%patch2 -p1
 
 %build
 %configure  \
@@ -183,6 +187,9 @@ rm -rf ${RPM_BUILD_ROOT}
 
 
 %changelog
+* Fri Aug 18 2017 Petr Menšík <pemensik@redhat.com> - 0.13-6
+- Skip always failing kr.com, update root IPs (#1482939)
+
 * Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.13-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild