From owner-freebsd-current@FreeBSD.ORG Thu Aug 2 20:49:44 2007 Return-Path: Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 57AB716A417 for ; Thu, 2 Aug 2007 20:49:44 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5]) by mx1.freebsd.org (Postfix) with SMTP id 1388813C480 for ; Thu, 2 Aug 2007 20:49:43 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 16441 invoked by uid 399); 2 Aug 2007 20:49:43 -0000 Received: from localhost (HELO ?192.168.0.4?) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTP; 2 Aug 2007 20:49:43 -0000 X-Originating-IP: 127.0.0.1 Message-ID: <46B24363.2040903@FreeBSD.org> Date: Thu, 02 Aug 2007 13:49:39 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: freebsd-current@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG, Eygene Ryabinkin References: <200708022042.l72Kglpk047695@lurza.secnetix.de> In-Reply-To: <200708022042.l72Kglpk047695@lurza.secnetix.de> X-Enigmail-Version: 0.95.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: named.conf restored to hint zone for the root by default X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 20:49:44 -0000 Oliver Fromme wrote: > Hi, > > Just for the record, I like the current solution, i.e. default > being a "hint" zone, and slave zones being commented out, ready to > be used for those who know what they're doing. Thanks. > However, I noticed that the "refresh" interval of the root zone is > 1800, i.e. it would be fetched every 30 minutes, No, refresh is how often the master servers are checked for serial number changes. It's only fetched when the serial is updated. > even though the zone seems to be updated at most once per day. The serial is updated twice a day whether there are content changes to the zone or not. Whether this is a good practice or not is an open question. In the odd chance that a change is introduced which is found to be "bad" for some reason, the zone can be updated more frequently than twice a day. This hasn't happened very often, but it has happened. This is why what's suggested below is not a good idea either. hth, Doug Eygene Ryabinkin wrote: > Doug, good day. > > Thu, Aug 02, 2007 at 03:14:38AM -0700, Doug Barton wrote: >> Matthew Dillon wrote: >>> It has always seemed to me that actually downloading a physical >>> root zone file once a week is the most reliable >>> solution. >> This is a really bad idea. The root zone changes slowly, but it >> often changes more than once a week. Add to that the more-rapid >> deployment of new TLDs nowadays and the occasional complete >> reprovisioning of an existing TLD, and one week is too long to go >> between updates. > > But if one will pull the root zone via FTP/HTTP at the zone's > refresh rate or so -- will it be still a bad idea, compared to the > AXFR method? -- This .signature sanitized for your protection