Re: Bind - built in root hints?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 02/14/2013 12:47 PM, Reindl Harald wrote:
>
> Am 14.02.2013 18:37, schrieb Robert Moskowitz:
>> On 02/14/2013 12:29 PM, Paul Heinlein wrote:
>>> On Thu, 14 Feb 2013, Robert Moskowitz wrote:
>>>
>>>> Over on the bind-users@xxxxxxxxxxxxx list, I am in a discussion about
>>>> building the named.zone file, as Centos 6.3 does not provide it.  It
>>>> DOES provide a named.ca which is already old (wrt AAAA records) compared
>>>> to the named.zone provided by internic.
>>>>
>>>> A few contributors have stated that now the hints are built into bind
>>>> and you can see this with:
>>>>
>>>> strings /usr/local/sbin/named | grep A.ROOT-SERVERS.NET
>>>>
>>>> Well it looks like Centos has it at /usr/sbin/named and there are no
>>>> such strings in there.  Oh, these hints come from "lib/dns/rootns.c in
>>>> the source code tree".
>>>>
>>>> So are the hints built in here?
>>> See /var/named/named.ca (also visible in /var/named/chroot/var/named).
>> Yes.  I know about that. But as I said, the discussion is that this is
>> no longer needed as the hints are now built into bind if no explicit
>> hint is provided.  I am asking if the above stub is included in the
>> Redhat/Centos build.  It does not seem so.
> and even if - how would this be updated without the need
> for a security fix since otherwise there are no updates
> in RHEL

I asked this on the bind-users list, as AAAA records are slowly being 
added to each root, and got back:

"No need to worry. They are only hints, and named uses them to get the 
current list of root name servers at startup. Even if they are 15 years 
out of date it will still work, because the root name servers do not 
change very often."

So take that with whatever size of salt grain you prefer.

>
> ftp://ftp.internic.net/domain/named.cache and update
> /var/named/chroot/var/named/named.ca with it is the
> way to go

What I am doing.  But so far something is not set right, as I am not 
getting responses back, but I think I know why and it is a grrr moment.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux