root.ca
Chris Thompson
cet1 at hermes.cam.ac.uk
Thu Apr 10 13:59:00 UTC 2008
On Apr 8 2008, Paul Vixie wrote:
>Chris Buxton <cbuxton at menandmice.com> writes:
>
>> It would be nice if the name server did actually update the file with
>> the resulting cached list of root servers, but it doesn't.
>
>when dnssec is eventually deployed, we will consider updating the file.
>until then, the chance of getting flooded with spoofed-source responses
>trying to guess our upstream query-id during boot time is just too high
>(which is to say, it's epsilon zero and we need it to be real zero.)
Hmmm... in some of my configurations, the hints file is deliberately
in a directory that is not writable by the uid BIND runs as.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list