root.hind or named.hint file update
/dev/rob0
rob0 at gmx.co.uk
Fri Sep 23 13:18:13 UTC 2016
On Fri, Sep 23, 2016 at 02:31:51PM +0200,
Matus UHLAR - fantomas wrote:
> >Pol Hallen wrote:
> >>
> >>is it recommend put a cron script for auto-update root.hind
> >>and named.hint db?
>
> On 23.09.16 12:54, Tony Finch wrote:
> >No, it's best not to have a hints file and just use the one
> >built in to BIND.
I agree.
> i would not say that... it's better to use builtin hints file
> than having outdated hints file.
>
> But if someone does care about hints file, it's better to have
> current version, when the builtin one is older.
Seem that all of Pol's posts lately are about trying to fix problems
which do not exist, and this one is solidly there.
The fact is, outdated hints (whatever the source, built-in or from
hints file) will not yet cause a problem. You could look back to the
1990s, find a hint file from then, use that now, and you WILL find
active root servers.
Once you find the root, the hints file is no longer used. When your
cached root NS RRset expires, named will go to the known root servers
to refresh that NS RRset.
In theory, someone could put up a counterfeit root nameserver on an
IP address formerly used by a real root server, but in practice I
doubt this will happen. Furthermore, DNSSEC validation defeats an
attack of that nature.
Pol, if you are interested in knowing how named uses hints, there's
a fairly recent article on the ISC KB which goes into detail.[1] My
personal recommendation, however, is that if you wish to learn more
about how DNS works, consult a book such as the Cricket book.
[1] Sorry, I am too lazy this morning to look it up for you.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the bind-users
mailing list