Re: Re: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
Timothe Litt
litt at acm.org
Sun Sep 10 13:16:42 UTC 2017
The most sensible thing to do is ignore the message, and keep named
reasonably up-to-date.
I used to maintain a local hints file with a script that periodically
downloads and updates it (from internic or the DNS), reconfiguring named
when it changes. It works well - but it's really not worth the effort.
I've switched to just using the built-in hints.
The hints are only used to locate a root server ("root priming"); as the
message indicates, once any one is found, named will query it for the
current servers/addresses and check for consistency. It uses the query
results; the multiple hints provide redundancy for the initial query -
but you don't need all 13 (26) to be correct. The only reason to worry
is if most of the hint addresses go stale at once - which would be
unprecedented in the history of the DNS.
Note that when root server addresses go stale, the convention is that
the old address is kept in service for some time after the change, so
there's plenty of time for clients to catch up with no impact. For B
root, the plan is at least 6 months.
(https://b.root-servers.org/news/2017/06/01/new-ipv6.html)
There does seem to be an issue where if cache memory size is small &
root references rare, the root server records are evicted - causing the
hints to be re-fetched and the messages repeated. Arguably, named
should treat these as more precious than other records when doing cache
evictions.
But they're just informational messages. You should run a reasonably
current version of named for security and performance. As long as you
do, the built-in hints will be perfectly adequate. Even if you don't,
the hint addresses from a decade ago are adequate to bootstrap named.
The only good reason to have private hints is if you have an alternate
DNS universe - which is highly discouraged.
For more detail, see
https://kb.isc.org/article/AA-01309/0/Root-hints-a-collection-of-operational-and-configuration-FAQs.html
Bottom line is that these messages are a nuisance & in almost all cases
the most effective use of your time is to ignore them... The effort of
maintaining a private copy of the root hints isn't worthwhile.
Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
On 09-Sep-17 23:14, Stefan Sticht wrote:
> Hi,
>
> thanks for all the suggestions.
>
> I have no forwarders configured.
> I started downloading and using the hints file from ftp://FTP.INTERNIC.NET/domain/named.cache shortly after I noticed the problem.
>
> # grep B.ROOT /var/named/named.ca
> . 3600000 NS B.ROOT-SERVERS.NET.
> B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
> B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
>
> I wouldn’t expect a problem with my hints file.
>
> Thanks,
> Stefan
> .org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list