From owner-freebsd-stable Tue Jan 28 13:14: 8 2003 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E27537B401 for ; Tue, 28 Jan 2003 13:14:06 -0800 (PST) Received: from voo.doo.net (voo.doo.net [81.17.45.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6EEE43F9B for ; Tue, 28 Jan 2003 13:14:04 -0800 (PST) (envelope-from marc@schneiders.org) Received: from localhost (localhost [127.0.0.1]) by voo.doo.net (8.12.6/8.12.6) with ESMTP id h0SLDl6Z036822; Tue, 28 Jan 2003 22:13:49 +0100 (CET) (envelope-from marc@schneiders.org) Date: Tue, 28 Jan 2003 22:13:47 +0100 (CET) From: Marc Schneiders X-X-Sender: To: Matthew Dillon Cc: Subject: Re: 4.7-R-p3: j.root-servers.net In-Reply-To: <200301281857.h0SIvMtb028022@apollo.backplane.com> Message-ID: <20030128220523.E36760-100000@voo.doo.net> X-Preferred-email-to: marc@schneiders.org X-Other-email-to: marc@venster.nl X-Organization: Venster (Zeist - NL) X-URL: http://www.bijt.net/ X-SOA: A.ROOT-SERVERS.ORSC. X-OS: FreeBSD: The Power to Serve MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 28 Jan 2003, at 10:57 [=GMT-0800], Matthew Dillon wrote: > Ok, I'm thinking then that it's better to load it as a real zone > file. Why do it that way instead of allowing updates via a root > server? Because there is a feature in the DNS protocol called AXFR. It is implemented by most if not all nameserver programs out there. It works very well, with Bind in any case. It works automatically. It does not cause much traffic if the zone is unchanged. > Because in the last ten years I've had a number of problems > with individual root servers returning bad data. And did that cause any problems? Did your nameserver start to give out weird answers? Or did it keep the old data? > It doesn't happen > very often, but it does happen. I have never seen it, but that may not mean much. Sometimes a server is unavailable for AXFR. Then Bind tries again a bit later. You may the find files with weird extensions in your bind directory, like: heist-centrum.be.db.6W6v6z heist-centrum.be.db.vt3zUh henkepak.com.db.2vq0pU solidnetworks.org.db.FsG2hp henkepak.com.db.HxO78P All 0 bytes in size. > I've have never had problems with > the downloaded root.zone, and if I ever do at least I'll know that > it's the likely cause since I only download it once a week on sunday, > and I can review the current and prior zone files without having to > dump named. From my point of view as an administrator that's the more > secure approach. Assuming: 1. That you don't forget it; 2. That you make no mistakes. > In anycase, there are obviously many ways to keep an up-to-date root > zone, my methodology is only one out of that list. Naturally, but I prefer one that was invented for this purpose, AXFR, and does the job without me wasting time. Once every few months I clean up those empty temporary files of failed AXFRs. But that isn't even necessary. -- [08] We appreciate positive feedback. http://logoff.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message