Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 16 Apr 2017 09:29:33 -0400
From:      George Mitchell <george+freebsd@m5p.com>
To:        Thomas Steen Rasmussen <thomas@gibfest.dk>, ports@freebsd.org
Cc:        mat@freebsd.org, Kevin Oberman <rkoberman@gmail.com>
Subject:   Re: default named.conf in bind ports and slaving from f-root
Message-ID:  <44960392-52ad-f484-8ffa-7decf847a5ad@m5p.com>
In-Reply-To: <d8685cf9-4a42-6faf-5195-dd97d35b9c4a@gibfest.dk>
References:  <85573e9f-c0e7-1e30-6f95-2fec13e0ac26@gibfest.dk> <db0f672e-d457-0e9b-cdb7-40576db8aaac@m5p.com> <d8685cf9-4a42-6faf-5195-dd97d35b9c4a@gibfest.dk>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--eBB7VrX2PL37Nel0RVJgASK0w4RhH8VPG
Content-Type: multipart/mixed; boundary="sJHpGTtNUSwn16rnTGIGN6DE0XXRPs6nO";
 protected-headers="v1"
From: George Mitchell <george+freebsd@m5p.com>
To: Thomas Steen Rasmussen <thomas@gibfest.dk>, ports@freebsd.org
Cc: mat@freebsd.org, Kevin Oberman <rkoberman@gmail.com>
Message-ID: <44960392-52ad-f484-8ffa-7decf847a5ad@m5p.com>
Subject: Re: default named.conf in bind ports and slaving from f-root
References: <85573e9f-c0e7-1e30-6f95-2fec13e0ac26@gibfest.dk>
 <db0f672e-d457-0e9b-cdb7-40576db8aaac@m5p.com>
 <d8685cf9-4a42-6faf-5195-dd97d35b9c4a@gibfest.dk>
In-Reply-To: <d8685cf9-4a42-6faf-5195-dd97d35b9c4a@gibfest.dk>

--sJHpGTtNUSwn16rnTGIGN6DE0XXRPs6nO
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 04/16/17 05:30, Thomas Steen Rasmussen wrote:
> On 04/16/2017 04:02 AM, George Mitchell wrote:
>> On 04/14/17 08:37, Thomas Steen Rasmussen wrote:
>>> Hello,
>>>
>>> Cloudflare deployed a bunch (74 apparently) of new f-root dns
>>> servers, which do not permit AXFR like the other f-root instances
>>> do.
>>> [...]
>>> A good alternative could be to change named.conf to use
>>> lax.xfr.dns.icann.org and iad.xfr.dns.icann.org as
>>> described in [2]. My named.conf now looks like this:
>>> [...]
>> Does this issue affect me if I use type "hint" for zone "." like this:=

>>
>> zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
>>
>> -- George
>>
> Hello,
>=20
> Someone else already responded, but for the record: No,
> it does not. Slaving the root zone is an alternative to using
> the hints file. The advantage is that the data is always
> uptodate. The disadvantage is stuff like this, obviously.
> [...]

Thank you, Kevin and Thomas, for confirming what I already
suspected was the case.                          -- George



--sJHpGTtNUSwn16rnTGIGN6DE0XXRPs6nO--

--eBB7VrX2PL37Nel0RVJgASK0w4RhH8VPG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENdM4ZHktsJW5kKZXwRES3m+p4fkFAljzccMACgkQwRES3m+p
4fl+PxAAjdMAbfJWKgoNECJPUCH6zep4hzSWVBrMeYHwVVlqCr/DZ5/IMx3cIXnl
M79xkhbof7iCINd9eKpeNYlcQ9j+cQZizAR1ErtftGvHL3EcLGkxEExH1VlWvppK
MACPMtdxRdQZMmcDNRaz2TXFpVj+fggh1ix2vh0afrCx1FmZL7ni9Y8wmQXSlTGL
NzEQ6n2mi2BSm4vAEc6rvWnhdOudo6GhbooyX1n6qR/mWqQ1opLwQgB7J7BzKobL
Z0oIfF/uybbxACCUMJEQg/pMA2l/QNlIeFMJo+Wt6fYa63THzBMhHNLRhxS31SQO
y83JLxFde82PauRiecncBnRE6XB6QkbwpdpAowo4pH/1owjTXKipjjWr6pZhN6YX
FpQfOE2OowKZGo+/8S6YSdg26CZFLSfsbQ1YAWyYrhcF8u5WZSYAK/b4FvR5ynyV
pO9kj28pup0qDO0Z1hphkXXSlhdSpW0VxhwwVN/+h34LNLFNX9tDROWYH0S3LQiu
186w2bZptNQXLKJ8wdwao3Rr1FUlHT8y3naark45tvLAZibGO1/84JexsH/fNGhV
Hq6Z6PKS8LgtlIFXM88KNT50xZR4+WDs7QUlUhK2Tx4NSTcQ+j8vaOUo+/ZdF5Lc
9xlenlmQGz7r0DpYFvoQ6sc6TG5cdbMZzGZzHJRe6i/p7CQDtzE=
=6sdp
-----END PGP SIGNATURE-----

--eBB7VrX2PL37Nel0RVJgASK0w4RhH8VPG--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44960392-52ad-f484-8ffa-7decf847a5ad>