[CentOS] Bind - built in root hints?
Robert Moskowitz
rgm at htt-consult.com
Thu Feb 14 18:02:31 UTC 2013
On 02/14/2013 12:47 PM, Reindl Harald wrote:
>
> Am 14.02.2013 18:37, schrieb Robert Moskowitz:
>> On 02/14/2013 12:29 PM, Paul Heinlein wrote:
>>> On Thu, 14 Feb 2013, Robert Moskowitz wrote:
>>>
>>>> Over on the bind-users at lists.isc.org list, I am in a discussion about
>>>> building the named.zone file, as Centos 6.3 does not provide it. It
>>>> DOES provide a named.ca which is already old (wrt AAAA records) compared
>>>> to the named.zone provided by internic.
>>>>
>>>> A few contributors have stated that now the hints are built into bind
>>>> and you can see this with:
>>>>
>>>> strings /usr/local/sbin/named | grep A.ROOT-SERVERS.NET
>>>>
>>>> Well it looks like Centos has it at /usr/sbin/named and there are no
>>>> such strings in there. Oh, these hints come from "lib/dns/rootns.c in
>>>> the source code tree".
>>>>
>>>> So are the hints built in here?
>>> See /var/named/named.ca (also visible in /var/named/chroot/var/named).
>> Yes. I know about that. But as I said, the discussion is that this is
>> no longer needed as the hints are now built into bind if no explicit
>> hint is provided. I am asking if the above stub is included in the
>> Redhat/Centos build. It does not seem so.
> and even if - how would this be updated without the need
> for a security fix since otherwise there are no updates
> in RHEL
I asked this on the bind-users list, as AAAA records are slowly being
added to each root, and got back:
"No need to worry. They are only hints, and named uses them to get the
current list of root name servers at startup. Even if they are 15 years
out of date it will still work, because the root name servers do not
change very often."
So take that with whatever size of salt grain you prefer.
>
> ftp://ftp.internic.net/domain/named.cache and update
> /var/named/chroot/var/named/named.ca with it is the
> way to go
What I am doing. But so far something is not set right, as I am not
getting responses back, but I think I know why and it is a grrr moment.
More information about the CentOS
mailing list