Date: Mon, 09 Jul 2012 13:56:13 -0700 From: Doug Barton <dougb@FreeBSD.org> To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org, Matt Dawson <matt@chronos.org.uk> Subject: Re: Replacing BIND with unbound Message-ID: <4FFB456D.8010609@FreeBSD.org> In-Reply-To: <86y5mtm4yn.fsf@ds4.des.no> References: <CA%2BQLa9B-Dm-=hQCrbEgyfO4sKZ5aG72_PEFF9nLhyoy4GRCGrA@mail.gmail.com> <4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no> <89AB703D-E075-4AAC-AC1B-B358CC4E4E7F@lists.zabbadoz.net> <4FF8C3A1.9080805@FreeBSD.org> <0AFE3C4A-22DB-4134-949F-4D05BBFC4C6C@lists.zabbadoz.net> <4FF8CA35.7040209@FreeBSD.org> <4FF8D89B.1030308@bluerosetech.com> <4FF95365.7010605@FreeBSD.org> <20473.50867.199081.295841@hergotha.csail.mit.edu> <201207090449.q694nW9C094754@chronos.org.uk> <86y5mtm4yn.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/09/2012 06:36, Dag-Erling Smørgrav wrote:
> Matt Dawson <matt@chronos.org.uk> writes:
>> TBH, even having the root zone in base is a bit daft.
>
> The root zone we ship is a hint used to bootstrap named. Without it,
> named is a brick, unless all you want is an authoritative-only
> nameserver.
The hints file is not actually the root zone, it's a list of name
servers and IP addresses. Without it, named would still be able to
bootstrap since they long ago included that information in the source.
> All named does with that hint file is use it to locate a
> root server from which it can obtain a fresh copy of the root zone.
This is accurate, and it's worth pointing out that you only need to
reach one working server to bootstrap, and the change rate for the
existing server addresses is anywhere from years to decades.
hth,
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FFB456D.8010609>