Date: Tue, 28 Jan 2003 19:52:49 +1100 From: Mark.Andrews@isc.org To: Doug Barton <DougB@FreeBSD.ORG> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: 4.7-R-p3: j.root-servers.net Message-ID: <200301280852.h0S8qnEN061773@drugs.dv.isc.org> In-Reply-To: Your message of "Tue, 28 Jan 2003 00:01:05 -0800." <20030127232009.D11130@12-234-22-23.pyvrag.nggov.pbz>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sat, 25 Jan 2003, Hanspeter Roth wrote: > > > Hello, > > > > I have installed 4.7-RELEASE-p3. > > /etc/namedb/named.root has the following version > > $FreeBSD: src/etc/namedb/named.root,v 1.9 1999/09/13 17:09:08 peter Exp $ > > > > This has an obsolete j.root-servers.net. > > I think I've executed mergemaster. > > Are such changes not reflected when sticking with RELENG_4_7? > > Your final question was already answered. I think that given all the heat > this subject has generated, a little light is in order. > > 1. The root zone had not changed for _years_ before this change. The root zone changes about every two weeks (or was that twice weekly?). Anyway it is reasonably frequently but not daily. By changes I mean changes other than serial number. The serial number changes twice daily. The root servers however have not changed in years prior to J changing address. > 2. The old j.root will continue to answer for a long time. And it will be unusable for anything else for a long time after it stops answering which will be years down the track. > 3. Your name server only needs ONE valid root server in the hints file > when it starts, since updating its internal view of the root zone is one > of the first things it does. > > 4. When your server does update its . zone, the NS records are cached > for 6 days, and the A records are cached for 5w6d16h (almost 6 weeks). > > 5. When you boot BIND 8.3.[34], it tells you if your hints file is out of > date once it's updated its cache. That reminds me I need to code the that check in BIND 9. > Given this information, all the fuss about "regularly" updating your hints > file is fairly pointless. > > As for making your local resolver a slave for the root zone, that > suggestion has some merit, but not because of anything having to do with > the root.hints file. Most resolvers are only ever going to query a few > TLD's, and most TLD NS records are cached for 2 days, or more. > > IF you're going to slave the root zone, make sure to do something like > this: > > zone "." { > type slave; > file "slave/root.slave"; > masters { > 128.9.0.107; // B.ROOT-SERVERS.NET. > 192.33.4.12; // C.ROOT-SERVERS.NET. > 192.5.5.241; // F.ROOT-SERVERS.NET. > }; > notify no; > }; > > Take special note of the 'notify no;' statement. When a name server first > starts up, by default it sends out notifies for all its zones. This would > be a bad thing in this case. Also, try not to have all of the resolvers on > your network slave the zone. It would be better to have one server do it, > then slave it to the rest from there. > > Hope this helps, > > Doug > > -- > > If it's moving, encrypt it. If it's not moving, encrypt > it till it moves, then encrypt it some more. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301280852.h0S8qnEN061773>