Bind8 does every 4sec a DNS-lookup

Alan J Rosenthal flaps at dgp.toronto.edu
Fri Jun 23 14:18:39 UTC 2000 

Barry Margolin <barmar at genuity.net> writes:
>Christian Birkmeier  <Christian.Birkmeier at at.siemens.de> wrote:
>>I already downloades the newest
>>root.hint file from rs.internic.net. Why does my ns wants the current
>>list of root servers?
>
>Because it has no way of knowing that your file is up to date.  That's why
>it's called "hints".

But in some situations the name server operator does know that the file is up
to date.  And it seems that there's no way to tell bind this!  Is there a way?
Obviously this is not something you'd want to do as general practice, but it
seems it does have its uses.

Consider the lookup of www.example.com.  The full discovery chain is [1]:
- find (or know) the address of a root server
- use a root server to find the address of a com server
- use a com server to find the address of an example.com server
- use an example.com server to find the 'A' record for www.example.com.

The first step is unlike all the others.  The list of root servers is not a
zone served by any server.  So you can't simply make your own name server
authoritative for it.  You can make your own name server authoritative
for the root zone, but this is a maintenance headache as you point out,
the root zone is non-trivial.  The list of all root servers is pretty small
and considerably more stable -- the only change in a decade or two has been
the addition of just two or three new entries, no IP address changes at all.

So, is there a way to tell bind that the list of root servers is
authoritative, not just a hint, without making your server authoritative
for the root zone?  You still make it contact the root servers for root zone
information, just not for the establishment of the list of all root servers.

It occurs to me also that the syntax for the hints clause in named.conf
is inconsistent.  It says that the file "named.root" is hints for the root
zone, but really it's hints for the list of servers *for* the root zone,
not the *contents* of the specified zone as with all other "zone" clauses.

--
[1] yes, I know that the full query is presented at each server lookup and
indeed that some of the root servers are also com servers so they'll skip you
a query... but I wanted to write it in the way which shows the possible full
list of steps and shows how different the first step is from the rest.

More information about the bind-users mailing list