Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 25 Oct 2012 17:04:58 GMT
From:      Damien Fleuriot <dam@my.gd>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   conf/173077: BIND slaves root and arpa zones on wrong servers
Message-ID:  <201210251704.q9PH4wn2058247@red.freebsd.org>
Resent-Message-ID: <201210251710.q9PHA1St084391@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         173077
>Category:       conf
>Synopsis:       BIND slaves root and arpa zones on wrong servers
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 25 17:10:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Damien Fleuriot
>Release:        10.0-CURRENT
>Organization:
hi-media
>Environment:
FreeBSD nas.my.gd 10.0-CURRENT FreeBSD 10.0-CURRENT #3 r239974: Sat Sep  1 18:10:16 UTC 2012     root@nas.my.gd:/usr/obj/data/freebsd/src/head/sys/DAM  amd64
>Description:
>From /etc/namedb/named.conf , when using the Slaving mechanism for the root and arpa zones, BIND slaves from F.ROOT-SERVERS.NET.

The commentary lines however recommend using ICANN's XFR servers at:
xfr.lax.dns.icann.org.
xfr.cjr.dns.icann.org.


Is using F an oversight ?

We've had problems at work when our /etc/namedb/slave/root.slave and arpa.slave zones expired after the F root server denied AXFRs from our IPs for over a week.

Moving to ICANN's XFR servers solves our problem.

>How-To-Repeat:

>Fix:
Patch attached to use ICANN's XFR servers instead of F.ROOT-SERVERS.NET

Patch attached with submission follows:

--- named.conf	2012-09-01 11:43:31.689334254 +0000
+++ named.conf.fixed	2012-10-25 18:53:00.175330638 +0000
@@ -102,7 +102,8 @@
 	type slave;
 	file "/etc/namedb/slave/root.slave";
 	masters {
-		192.5.5.241;	// F.ROOT-SERVERS.NET.
+		192.0.32.140;	// xfr.lax.dns.icann.org.
+		192.0.47.140;	// xfr.cjr.dns.icann.org.
 	};
 	notify no;
 };
@@ -110,7 +111,8 @@
 	type slave;
 	file "/etc/namedb/slave/arpa.slave";
 	masters {
-		192.5.5.241;	// F.ROOT-SERVERS.NET.
+		192.0.32.140;	// xfr.lax.dns.icann.org.
+		192.0.47.140;	// xfr.cjr.dns.icann.org.
 	};
 	notify no;
 };


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210251704.q9PH4wn2058247>