Date: Tue, 28 Jan 2003 22:13:47 +0100 (CET) From: Marc Schneiders <marc@schneiders.org> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: <freebsd-stable@FreeBSD.ORG> Subject: Re: 4.7-R-p3: j.root-servers.net Message-ID: <20030128220523.E36760-100000@voo.doo.net> In-Reply-To: <200301281857.h0SIvMtb028022@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 28 Jan 2003, at 10:57 [=GMT-0800], Matthew Dillon wrote: > Ok, I'm thinking then that it's better to load it as a real zone > file. Why do it that way instead of allowing updates via a root > server? Because there is a feature in the DNS protocol called AXFR. It is implemented by most if not all nameserver programs out there. It works very well, with Bind in any case. It works automatically. It does not cause much traffic if the zone is unchanged. > Because in the last ten years I've had a number of problems > with individual root servers returning bad data. And did that cause any problems? Did your nameserver start to give out weird answers? Or did it keep the old data? > It doesn't happen > very often, but it does happen. I have never seen it, but that may not mean much. Sometimes a server is unavailable for AXFR. Then Bind tries again a bit later. You may the find files with weird extensions in your bind directory, like: heist-centrum.be.db.6W6v6z heist-centrum.be.db.vt3zUh henkepak.com.db.2vq0pU solidnetworks.org.db.FsG2hp henkepak.com.db.HxO78P All 0 bytes in size. > I've have never had problems with > the downloaded root.zone, and if I ever do at least I'll know that > it's the likely cause since I only download it once a week on sunday, > and I can review the current and prior zone files without having to > dump named. From my point of view as an administrator that's the more > secure approach. Assuming: 1. That you don't forget it; 2. That you make no mistakes. > In anycase, there are obviously many ways to keep an up-to-date root > zone, my methodology is only one out of that list. Naturally, but I prefer one that was invented for this purpose, AXFR, and does the job without me wasting time. Once every few months I clean up those empty temporary files of failed AXFRs. But that isn't even necessary. -- [08] We appreciate positive feedback. http://logoff.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030128220523.E36760-100000>