Date: Mon, 27 Jan 2003 10:30:01 +1100 From: Mark.Andrews@isc.org To: Marc Schneiders <marc@schneiders.org> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: 4.7-R-p3: j.root-servers.net Message-ID: <200301262330.h0QNU1EN056421@drugs.dv.isc.org> In-Reply-To: Your message of "Sun, 26 Jan 2003 23:48:00 BST." <20030126224956.K27492-100000@voo.doo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sun, 26 Jan 2003, at 14:08 [=GMT+0100], Hanspeter Roth wrote:
> > On Jan 25 at 14:25, Kevin Oberman spoke:
> > > > Date: Sat, 25 Jan 2003 23:17:25 +0100
> > > > From: Hanspeter Roth <hampi@rootshell.be>
>
> > > If you want to get a new version at any time, just issue the command:
> > > dig ns . @b.root-servers.net. > /etc/named/named.root (or wherever
> > > your named.conf tells it to look
> ).
> >
> > Ok. I'll create a job as I have to update the instance in
> > /var/named/namedb anyway.
>
> A more permanent solution is to run secondary for root. This has
> several advantages. One being speed. The root data will be on your
> machine and automatically refreshed every 30 minutes (only when there
> are changes, so no useless traffic) by AXFR. If there is another DDoS
> attack on the root-servers, you won't suffer from it, for you have the
> data yourself. And they don't change much.
>
> To do this replace in named.conf:
>
> zone "." {
> type hint;
> file "named.root";
> };
>
> by this:
>
> zone "." {
type slave;
> file "named.root";
> masters {
> 128.9.0.107; 192.33.4.12; 192.5.5.241};
> };
>
> The 3 IP numbers are from b, c, and f.root-servers.net, which do allow
> an AXFR of the root-zone. The other root-servers don't.
>
> If you care for alternative, extra domains, you replace the IP
> numbers indicated by ORSC root-servers (that allow AXFR) and you put
> in:
>
> zone "." {
> type slave;
> file "named.root";
> masters {
> 199.166.29.2; 213.196.2.97; 199.166.24.12; 195.206.104.13;
> 204.57.55.100};
> };
>
> --
> [11] You must really read this.
> http://logoff.org/
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
If you have to do this then please, please, please specify
"notify no;". The root servers don't need millions of
additional notify requests.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301262330.h0QNU1EN056421>