From 0bbbdd60ab054e7bbfc2b0d0604d1f7e15f0a229 Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Thu, 25 Jul 2024 11:35:31 +0200
Subject: [PATCH] recursor: add 38696 root anchor

fetched from https://www.iana.org/dnssec/files after their 2024-07-24 update
---
 pdns/recursordist/settings/table.py                   | 3 ++-
 pdns/recursordist/test-settings.cc                    | 2 +-
 pdns/root-dnssec.hh                                   | 5 +++--
 regression-tests.recursor-dnssec/test_TrustAnchors.py | 2 +-
 4 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/pdns/recursordist/settings/table.py b/pdns/recursordist/settings/table.py
index d1603ad0e00b..faabe5e4a2a1 100644
--- a/pdns/recursordist/settings/table.py
+++ b/pdns/recursordist/settings/table.py
@@ -3336,7 +3336,7 @@
         'name' : 'trustanchors',
         'section' : 'dnssec',
         'type' : LType.ListTrustAnchors,
-        'default' : '[{name: ., dsrecords: [\'20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d\']}]',
+        'default' : '[{name: ., dsrecords: [\'20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d\', \'38696 8 2 683d2d0acb8c9b712a1948b27f741219298d0a450d612c483af444a4c0fb2b16\']}]',
         'docdefault' : '''
 
 .. code-block:: yaml
@@ -3344,6 +3344,7 @@
    - name: .
      dsrecords:
      - 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
+     - 38696 8 2 683d2d0acb8c9b712a1948b27f741219298d0a450d612c483af444a4c0fb2b16
 
 ''',
         'help' : 'Sequence of trust anchors',
diff --git a/pdns/recursordist/test-settings.cc b/pdns/recursordist/test-settings.cc
index b617d90748d8..25b649df4f77 100644
--- a/pdns/recursordist/test-settings.cc
+++ b/pdns/recursordist/test-settings.cc
@@ -497,7 +497,7 @@ BOOST_AUTO_TEST_CASE(test_yaml_ta_merge)
   LuaConfigItems lua2;
   pdns::settings::rec::fromBridgeStructToLuaConfig(settings, lua2, proxyMapping);
   BOOST_CHECK_EQUAL(lua2.dsAnchors.size(), 2U);
-  BOOST_CHECK_EQUAL(lua2.dsAnchors[DNSName(".")].size(), 1U);
+  BOOST_CHECK_EQUAL(lua2.dsAnchors[DNSName(".")].size(), 2U);
   BOOST_CHECK_EQUAL(lua2.dsAnchors[DNSName("a")].size(), 2U);
 }
 
diff --git a/pdns/root-dnssec.hh b/pdns/root-dnssec.hh
index 1a193ffae08c..47beda38b77b 100644
--- a/pdns/root-dnssec.hh
+++ b/pdns/root-dnssec.hh
@@ -25,6 +25,7 @@
 #include <array>
 #include <string>
 
-static const std::array<std::string, 1> rootDSs = {
-  "20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d"
+static const std::array<std::string, 2> rootDSs = {
+  "20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d",
+  "38696 8 2 683d2d0acb8c9b712a1948b27f741219298d0a450d612c483af444a4c0fb2b16"
 };
diff --git a/regression-tests.recursor-dnssec/test_TrustAnchors.py b/regression-tests.recursor-dnssec/test_TrustAnchors.py
index 4d3211873d5f..83404416723a 100644
--- a/regression-tests.recursor-dnssec/test_TrustAnchors.py
+++ b/regression-tests.recursor-dnssec/test_TrustAnchors.py
@@ -22,7 +22,7 @@ class TrustAnchorsEnabledTest(RecursorTest):
     def testTrustanchorDotServer(self):
         expected = dns.rrset.from_text_list(
             'trustanchor.server.', 86400, dns.rdataclass.CH, 'TXT',
-            ['". 20326"', '"powerdns.com. 44030"'])
+            ['". 20326 38696"', '"powerdns.com. 44030"'])
         query = dns.message.make_query('trustanchor.server', 'TXT',
                                        dns.rdataclass.CH)
         result = self.sendUDPQuery(query)