Date: Sun, 16 Apr 2017 09:29:33 -0400 From: George Mitchell <george+freebsd@m5p.com> To: Thomas Steen Rasmussen <thomas@gibfest.dk>, ports@freebsd.org Cc: mat@freebsd.org, Kevin Oberman <rkoberman@gmail.com> Subject: Re: default named.conf in bind ports and slaving from f-root Message-ID: <44960392-52ad-f484-8ffa-7decf847a5ad@m5p.com> In-Reply-To: <d8685cf9-4a42-6faf-5195-dd97d35b9c4a@gibfest.dk> References: <85573e9f-c0e7-1e30-6f95-2fec13e0ac26@gibfest.dk> <db0f672e-d457-0e9b-cdb7-40576db8aaac@m5p.com> <d8685cf9-4a42-6faf-5195-dd97d35b9c4a@gibfest.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--eBB7VrX2PL37Nel0RVJgASK0w4RhH8VPG
Content-Type: multipart/mixed; boundary="sJHpGTtNUSwn16rnTGIGN6DE0XXRPs6nO";
protected-headers="v1"
From: George Mitchell <george+freebsd@m5p.com>
To: Thomas Steen Rasmussen <thomas@gibfest.dk>, ports@freebsd.org
Cc: mat@freebsd.org, Kevin Oberman <rkoberman@gmail.com>
Message-ID: <44960392-52ad-f484-8ffa-7decf847a5ad@m5p.com>
Subject: Re: default named.conf in bind ports and slaving from f-root
References: <85573e9f-c0e7-1e30-6f95-2fec13e0ac26@gibfest.dk>
<db0f672e-d457-0e9b-cdb7-40576db8aaac@m5p.com>
<d8685cf9-4a42-6faf-5195-dd97d35b9c4a@gibfest.dk>
In-Reply-To: <d8685cf9-4a42-6faf-5195-dd97d35b9c4a@gibfest.dk>
--sJHpGTtNUSwn16rnTGIGN6DE0XXRPs6nO
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 04/16/17 05:30, Thomas Steen Rasmussen wrote:
> On 04/16/2017 04:02 AM, George Mitchell wrote:
>> On 04/14/17 08:37, Thomas Steen Rasmussen wrote:
>>> Hello,
>>>
>>> Cloudflare deployed a bunch (74 apparently) of new f-root dns
>>> servers, which do not permit AXFR like the other f-root instances
>>> do.
>>> [...]
>>> A good alternative could be to change named.conf to use
>>> lax.xfr.dns.icann.org and iad.xfr.dns.icann.org as
>>> described in [2]. My named.conf now looks like this:
>>> [...]
>> Does this issue affect me if I use type "hint" for zone "." like this:=
>>
>> zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
>>
>> -- George
>>
> Hello,
>=20
> Someone else already responded, but for the record: No,
> it does not. Slaving the root zone is an alternative to using
> the hints file. The advantage is that the data is always
> uptodate. The disadvantage is stuff like this, obviously.
> [...]
Thank you, Kevin and Thomas, for confirming what I already
suspected was the case. -- George
--sJHpGTtNUSwn16rnTGIGN6DE0XXRPs6nO--
--eBB7VrX2PL37Nel0RVJgASK0w4RhH8VPG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENdM4ZHktsJW5kKZXwRES3m+p4fkFAljzccMACgkQwRES3m+p
4fl+PxAAjdMAbfJWKgoNECJPUCH6zep4hzSWVBrMeYHwVVlqCr/DZ5/IMx3cIXnl
M79xkhbof7iCINd9eKpeNYlcQ9j+cQZizAR1ErtftGvHL3EcLGkxEExH1VlWvppK
MACPMtdxRdQZMmcDNRaz2TXFpVj+fggh1ix2vh0afrCx1FmZL7ni9Y8wmQXSlTGL
NzEQ6n2mi2BSm4vAEc6rvWnhdOudo6GhbooyX1n6qR/mWqQ1opLwQgB7J7BzKobL
Z0oIfF/uybbxACCUMJEQg/pMA2l/QNlIeFMJo+Wt6fYa63THzBMhHNLRhxS31SQO
y83JLxFde82PauRiecncBnRE6XB6QkbwpdpAowo4pH/1owjTXKipjjWr6pZhN6YX
FpQfOE2OowKZGo+/8S6YSdg26CZFLSfsbQ1YAWyYrhcF8u5WZSYAK/b4FvR5ynyV
pO9kj28pup0qDO0Z1hphkXXSlhdSpW0VxhwwVN/+h34LNLFNX9tDROWYH0S3LQiu
186w2bZptNQXLKJ8wdwao3Rr1FUlHT8y3naark45tvLAZibGO1/84JexsH/fNGhV
Hq6Z6PKS8LgtlIFXM88KNT50xZR4+WDs7QUlUhK2Tx4NSTcQ+j8vaOUo+/ZdF5Lc
9xlenlmQGz7r0DpYFvoQ6sc6TG5cdbMZzGZzHJRe6i/p7CQDtzE=
=6sdp
-----END PGP SIGNATURE-----
--eBB7VrX2PL37Nel0RVJgASK0w4RhH8VPG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44960392-52ad-f484-8ffa-7decf847a5ad>