Date: Tue, 28 Jan 2003 19:52:49 +1100 From: Mark.Andrews@isc.org To: Doug Barton <DougB@FreeBSD.ORG> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: 4.7-R-p3: j.root-servers.net Message-ID: <200301280852.h0S8qnEN061773@drugs.dv.isc.org> In-Reply-To: Your message of "Tue, 28 Jan 2003 00:01:05 -0800." <20030127232009.D11130@12-234-22-23.pyvrag.nggov.pbz>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sat, 25 Jan 2003, Hanspeter Roth wrote:
>
> > Hello,
> >
> > I have installed 4.7-RELEASE-p3.
> > /etc/namedb/named.root has the following version
> > $FreeBSD: src/etc/namedb/named.root,v 1.9 1999/09/13 17:09:08 peter Exp $
> >
> > This has an obsolete j.root-servers.net.
> > I think I've executed mergemaster.
> > Are such changes not reflected when sticking with RELENG_4_7?
>
> Your final question was already answered. I think that given all the heat
> this subject has generated, a little light is in order.
>
> 1. The root zone had not changed for _years_ before this change.
The root zone changes about every two weeks (or was that
twice weekly?). Anyway it is reasonably frequently but not
daily. By changes I mean changes other than serial number.
The serial number changes twice daily.
The root servers however have not changed in years prior to
J changing address.
> 2. The old j.root will continue to answer for a long time.
And it will be unusable for anything else for a long time after
it stops answering which will be years down the track.
> 3. Your name server only needs ONE valid root server in the hints file
> when it starts, since updating its internal view of the root zone is one
> of the first things it does.
>
> 4. When your server does update its . zone, the NS records are cached
> for 6 days, and the A records are cached for 5w6d16h (almost 6 weeks).
>
> 5. When you boot BIND 8.3.[34], it tells you if your hints file is out of
> date once it's updated its cache.
That reminds me I need to code the that check in BIND 9.
> Given this information, all the fuss about "regularly" updating your hints
> file is fairly pointless.
>
> As for making your local resolver a slave for the root zone, that
> suggestion has some merit, but not because of anything having to do with
> the root.hints file. Most resolvers are only ever going to query a few
> TLD's, and most TLD NS records are cached for 2 days, or more.
>
> IF you're going to slave the root zone, make sure to do something like
> this:
>
> zone "." {
> type slave;
> file "slave/root.slave";
> masters {
> 128.9.0.107; // B.ROOT-SERVERS.NET.
> 192.33.4.12; // C.ROOT-SERVERS.NET.
> 192.5.5.241; // F.ROOT-SERVERS.NET.
> };
> notify no;
> };
>
> Take special note of the 'notify no;' statement. When a name server first
> starts up, by default it sends out notifies for all its zones. This would
> be a bad thing in this case. Also, try not to have all of the resolvers on
> your network slave the zone. It would be better to have one server do it,
> then slave it to the rest from there.
>
> Hope this helps,
>
> Doug
>
> --
>
> If it's moving, encrypt it. If it's not moving, encrypt
> it till it moves, then encrypt it some more.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301280852.h0S8qnEN061773>