From owner-freebsd-stable@FreeBSD.ORG Thu Aug 2 01:35:48 2007 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2B3D16A419; Thu, 2 Aug 2007 01:35:48 +0000 (UTC) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by mx1.freebsd.org (Postfix) with ESMTP id 768EE13C45E; Thu, 2 Aug 2007 01:35:48 +0000 (UTC) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.14.1/8.13.7) with ESMTP id l721ZmfC026225; Wed, 1 Aug 2007 18:35:48 -0700 (PDT) Received: (from dillon@localhost) by apollo.backplane.com (8.14.1/8.13.4/Submit) id l721Zm2s026224; Wed, 1 Aug 2007 18:35:48 -0700 (PDT) Date: Wed, 1 Aug 2007 18:35:48 -0700 (PDT) From: Matthew Dillon Message-Id: <200708020135.l721Zm2s026224@apollo.backplane.com> To: FreeBSD Current , FreeBSD Stable References: <200708020114.l721EMvl095981@drugs.dv.isc.org> Cc: Subject: Re: default dns config change causing major poolpah X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 01:35:48 -0000 The vast majority of machine installations just slave their dns off of another machine, and because of that I do not think it is particularly odious to require some level of skill for those who actually want to set up their own server. To that end what I do on DragonFly is simply supply a README file in /etc/namedb along with a few helper scripts describing how to do it in a fairly painless manner. If a user cannot understand the README then he has no business setting up a DNS server anyhow. Distributions need to be fairly sensitive to doing anything that might accidently (through lack of understanding) cause an overload of critical internet resources. http://www.dragonflybsd.org/cvsweb/src/etc/namedb/ I generally recommend using our 'getroot' script to download an actual root.zone file instead of using a hints file (and I guess AXFR is supposed to replace both concepts). It has always seemed to me that actually downloading a physical root zone file once a week is the most reliable solution. I've never trusted using a hints file... not for at least a decade, and I probably wouldn't trust AXFR for the same reason. Probably my mistrust is due to the massive problems I had using a hints file long ago and I'm sure it works better these days, but I've never found any reason to switch back from an actual root.zone. I've enclosed the getroot script we ship below. In anycase, it seems to me that there is no good reason to try to automate dns services as a distribution default in the manner being described. Just my two-cents. -Matt #!/bin/tcsh -f # # If you are running named and using root.zone as a master, the root.zone # file should be updated periodicly from ftp.rs.internic.net. # # $DragonFly: src/etc/namedb/getroot,v 1.2 2005/02/24 21:58:20 dillon Exp $ cd /etc/namedb umask 027 set hostname = 'ftp.rs.internic.net' set remfile = domain/root.zone.gz set locfile = root.zone.gz set path = ( /bin /usr/bin /sbin /usr/sbin ) fetch ftp://${hostname}:/${remfile} if ( $status != 0) then rm -f ${locfile} echo "Download failed" else gunzip < ${locfile} > root.zone.new if ( $status == 0 ) then rm -f ${locfile} if ( -f root.zone ) then mv -f root.zone root.zone.bak endif chmod 644 root.zone.new mv -f root.zone.new root.zone echo "Download succeeded, restarting named" rndc reload sleep 1 rndc status else echo "Download failed: gunzip returned an error" rm -f ${locfile} endif endif