Date: Thu, 02 Aug 2007 03:14:38 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: FreeBSD Current <freebsd-current@freebsd.org>, FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: default dns config change causing major poolpah Message-ID: <46B1AE8E.8030307@FreeBSD.org> In-Reply-To: <200708020135.l721Zm2s026224@apollo.backplane.com> References: <200708020114.l721EMvl095981@drugs.dv.isc.org> <200708020135.l721Zm2s026224@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Dillon wrote:
> I generally recommend using our 'getroot' script to download an actual
> root.zone file instead of using a hints file (and I guess AXFR is supposed
> to replace both concepts).
Yes to AXFR replacing both, but ...
> It has always seemed to me that actually
> downloading a physical root zone file once a week is the most reliable
> solution.
This is a really bad idea. The root zone changes slowly, but it often
changes more than once a week. Add to that the more-rapid deployment
of new TLDs nowadays and the occasional complete reprovisioning of an
existing TLD, and one week is too long to go between updates.
> I've never trusted using a hints file... not for at least a decade,
I'm not sure how the hints file could fail, it's a pretty simple
mechanism. But you're better off using hints (which go years between
updates, and you only need one good server to get your cache primed
anyway) OR AXFR, which will keep itself up to date automatically.
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46B1AE8E.8030307>