Description
Users of your software that enable DNSSEC will not be able to validate DNS after October the 11th 2018.
Your repository contains a DNSSECSupport.c file without the new DNSSEC trust-anchors:
char *digest2 = "49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5";
dig = ConvertDigest(digest2, 2, &diglen);
AddTrustAnchor(m, (const domainname *)"\000", 19036, 8, 2, diglen, dig);
It should also include:
char *digest3 = "E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D";
dig = ConvertDigest(digest3, 2, &diglen);
AddTrustAnchor(m, (const domainname *)"\000", 20326, 8, 2, diglen, dig);
More information can be found at: https://www.icann.org/resources/pages/ksk-rollover
Please don’t hesitate to get in touch.
Warmly,
Roy Arends
ICANN