Debian package: use dns-root-data.
diff --git a/debian/changelog b/debian/changelog
index 9e69c2d..6d0c62e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
dnsmasq (2.72-1) unstable; urgency=low
* New upstream.
+ * If dns-root-data package is installed, use it to set the DNSSEC
+ trust anchor(s). Recommend dns-root-data. (closes: #760460)
-- Simon Kelley <simon@thekelleys.org.uk> Fri, 20 May 2014 21:01:11 +0000
diff --git a/debian/control b/debian/control
index e7f2080..641f5cc 100644
--- a/debian/control
+++ b/debian/control
@@ -28,6 +28,7 @@
Depends: adduser, ${shlibs:Depends}
Breaks: dnsmasq (<< 2.63-1~)
Replaces: dnsmasq (<< 2.63-1~)
+Recommends: dns-root-data
Description: Small caching DNS proxy and DHCP/TFTP server
This package contains the dnsmasq executable and documentation, but
not the infrastructure required to run it as a system daemon. For
diff --git a/debian/init b/debian/init
index 808c6c1..f4df909 100644
--- a/debian/init
+++ b/debian/init
@@ -104,6 +104,16 @@
DNSMASQ_OPTS="$DNSMASQ_OPTS --local-service"
+# If the dns-root-data package is installed, then the trust anchors will be
+# available in $ROOT_DS, in BIND zone-file format. Reformat as dnsmasq
+# --trust-anchor options.
+
+ROOT_DS="/usr/share/dns/root.ds"
+
+if [ -f $ROOT_DS ]; then
+ DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e s/". IN DS "/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS | tr '\n' ' '`"
+fi
+
start()
{
# Return