From owner-freebsd-security@FreeBSD.ORG  Mon Jul  9 20:58:43 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])
	by hub.freebsd.org (Postfix) with ESMTP id 2E3841065674
	for <freebsd-security@freebsd.org>;
	Mon,  9 Jul 2012 20:58:43 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36])
	by mx2.freebsd.org (Postfix) with ESMTP id 256A1203CF0;
	Mon,  9 Jul 2012 20:56:14 +0000 (UTC)
Message-ID: <4FFB456D.8010609@FreeBSD.org>
Date: Mon, 09 Jul 2012 13:56:13 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (X11; FreeBSD i386;
	rv:13.0) Gecko/20120624 Thunderbird/13.0.1
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
References: <CA+QLa9B-Dm-=hQCrbEgyfO4sKZ5aG72_PEFF9nLhyoy4GRCGrA@mail.gmail.com>
	<4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no>
	<89AB703D-E075-4AAC-AC1B-B358CC4E4E7F@lists.zabbadoz.net>
	<4FF8C3A1.9080805@FreeBSD.org>
	<0AFE3C4A-22DB-4134-949F-4D05BBFC4C6C@lists.zabbadoz.net>
	<4FF8CA35.7040209@FreeBSD.org> <4FF8D89B.1030308@bluerosetech.com>
	<4FF95365.7010605@FreeBSD.org>
	<20473.50867.199081.295841@hergotha.csail.mit.edu>
	<201207090449.q694nW9C094754@chronos.org.uk>
	<86y5mtm4yn.fsf@ds4.des.no>
In-Reply-To: <86y5mtm4yn.fsf@ds4.des.no>
X-Enigmail-Version: 1.4.2
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Cc: freebsd-security@freebsd.org, Matt Dawson <matt@chronos.org.uk>
Subject: Re: Replacing BIND with unbound
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2012 20:58:43 -0000

On 07/09/2012 06:36, Dag-Erling Smørgrav wrote:
> Matt Dawson <matt@chronos.org.uk> writes:
>> TBH, even having the root zone in base is a bit daft.
> 
> The root zone we ship is a hint used to bootstrap named.  Without it,
> named is a brick, unless all you want is an authoritative-only
> nameserver. 

The hints file is not actually the root zone, it's a list of name
servers and IP addresses. Without it, named would still be able to
bootstrap since they long ago included that information in the source.

> All named does with that hint file is use it to locate a
> root server from which it can obtain a fresh copy of the root zone.

This is accurate, and it's worth pointing out that you only need to
reach one working server to bootstrap, and the change rate for the
existing server addresses is anywhere from years to decades.

hth,

Doug

-- 

    This .signature sanitized for your protection