Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 02 Aug 2007 13:49:39 -0700
From:      Doug Barton <dougb@FreeBSD.org>
To:        freebsd-current@FreeBSD.ORG,  freebsd-stable@FreeBSD.ORG,  Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Subject:   Re: named.conf restored to hint zone for the root by default
Message-ID:  <46B24363.2040903@FreeBSD.org>
In-Reply-To: <200708022042.l72Kglpk047695@lurza.secnetix.de>
References:  <200708022042.l72Kglpk047695@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help 

Oliver Fromme wrote:
> Hi,
> 
> Just for the record, I like the current solution, i.e. default
> being a "hint" zone, and slave zones being commented out, ready to
> be used for those who know what they're doing.

Thanks.

> However, I noticed that the "refresh" interval of the root zone is
> 1800, i.e. it would be fetched every 30 minutes,

No, refresh is how often the master servers are checked for serial
number changes. It's only fetched when the serial is updated.

> even though the zone seems to be updated at most once per day.

The serial is updated twice a day whether there are content changes to
the zone or not. Whether this is a good practice or not is an open
question.

In the odd chance that a change is introduced which is found to be
"bad" for some reason, the zone can be updated more frequently than
twice a day. This hasn't happened very often, but it has happened.

This is why what's suggested below is not a good idea either.

hth,

Doug

Eygene Ryabinkin wrote:
> Doug, good day.
> 
> Thu, Aug 02, 2007 at 03:14:38AM -0700, Doug Barton wrote:
>> Matthew Dillon wrote:
>>> It has always seemed to me that actually downloading a physical
>>> root zone file once a week is the most reliable
>>> solution.
>> This is a really bad idea. The root zone changes slowly, but it
>> often changes more than once a week. Add to that the more-rapid
>> deployment of new TLDs nowadays and the occasional complete
>> reprovisioning of an existing TLD, and one week is too long to go
>> between updates.
> 
> But if one will pull the root zone via FTP/HTTP at the zone's 
> refresh rate or so -- will it be still a bad idea, compared to the
> AXFR method?


-- 

    This .signature sanitized for your protection

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46B24363.2040903>