Auto Root Zone Updates?
Alan J Rosenthal
flaps at dgp.toronto.edu
Sat Oct 14 03:54:55 UTC 2000
"Jason Williams" <hizzow at cfl.rr.com> writes:
>there is a script that uses Dig to get the latest Zone info
>from internic. My problem is this, I'm getting timeouts from Internic. The
>script runs fine, my connectivity is fine, so i'm assuming that Internic has
>shut off that type service (why I don't know)
Root servers must not allow zone transfers. RFC 2010, section 2.10.
>Is there another way to
>Automaticly update the root Zone file without going through the FTP server?
The root.hints file is not the root zone. It is not even the list of the
root servers. It is a list of *some* of the root servers, enough so that
when bind starts up, it can manage to find at least one of them. It then
asks that root server for the list of all of the root servers and ignores
the root.hints file from then on.
You can get a list of all the current root servers in a format suitable for
the root.hints file from ftp://rs.internic.net/domain/named.root
This does NOT need to be updated daily, or monthly... or even ANNUALLY.
I think that updating it every ten years would suffice. I'm serious about
this. In the last ten years, the changes have been only the adding of about
two more root servers (and the changing of all their alleged hostnames to
?.root-servers.net, but that's not too important). You can operate just
fine without that additional information in your hints file, so long as you
can contact *one* of them based on the hints. Then it gets the whole list.
So just make yourself a note to revisit this issue in the year 2010. Well,
the pace might pick up a little in the next ten years compared to the last
ten, but probably not much, and really you'd be fine now with a root.hints
file from even earlier than 1990 I think. (the earliest I can find at the
moment is from 1994 so I can't state that authoritatively unfortunately)
I'm assuming I'm going to change nameserver hosts about every ten years, so
as long as I always grab the current file when setting up a *new* name server
host, I'll be fine. If I happen to know that something's changed recently,
I might grab the new hints file on a whim. But generally, it hasn't changed.
More information about the bind-users
mailing list