Date: Wed, 1 Aug 2007 18:35:48 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: FreeBSD Current <freebsd-current@freebsd.org>, FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: default dns config change causing major poolpah Message-ID: <200708020135.l721Zm2s026224@apollo.backplane.com> References: <200708020114.l721EMvl095981@drugs.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
The vast majority of machine installations just slave their dns off of another machine, and because of that I do not think it is particularly odious to require some level of skill for those who actually want to set up their own server. To that end what I do on DragonFly is simply supply a README file in /etc/namedb along with a few helper scripts describing how to do it in a fairly painless manner. If a user cannot understand the README then he has no business setting up a DNS server anyhow. Distributions need to be fairly sensitive to doing anything that might accidently (through lack of understanding) cause an overload of critical internet resources. http://www.dragonflybsd.org/cvsweb/src/etc/namedb/ I generally recommend using our 'getroot' script to download an actual root.zone file instead of using a hints file (and I guess AXFR is supposed to replace both concepts). It has always seemed to me that actually downloading a physical root zone file once a week is the most reliable solution. I've never trusted using a hints file... not for at least a decade, and I probably wouldn't trust AXFR for the same reason. Probably my mistrust is due to the massive problems I had using a hints file long ago and I'm sure it works better these days, but I've never found any reason to switch back from an actual root.zone. I've enclosed the getroot script we ship below. In anycase, it seems to me that there is no good reason to try to automate dns services as a distribution default in the manner being described. Just my two-cents. -Matt #!/bin/tcsh -f # # If you are running named and using root.zone as a master, the root.zone # file should be updated periodicly from ftp.rs.internic.net. # # $DragonFly: src/etc/namedb/getroot,v 1.2 2005/02/24 21:58:20 dillon Exp $ cd /etc/namedb umask 027 set hostname = 'ftp.rs.internic.net' set remfile = domain/root.zone.gz set locfile = root.zone.gz set path = ( /bin /usr/bin /sbin /usr/sbin ) fetch ftp://${hostname}:/${remfile} if ( $status != 0) then rm -f ${locfile} echo "Download failed" else gunzip < ${locfile} > root.zone.new if ( $status == 0 ) then rm -f ${locfile} if ( -f root.zone ) then mv -f root.zone root.zone.bak endif chmod 644 root.zone.new mv -f root.zone.new root.zone echo "Download succeeded, restarting named" rndc reload sleep 1 rndc status else echo "Download failed: gunzip returned an error" rm -f ${locfile} endif endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708020135.l721Zm2s026224>