On 02/14/2013 12:47 PM, Reindl Harald wrote:
Am 14.02.2013 18:37, schrieb Robert Moskowitz:
On 02/14/2013 12:29 PM, Paul Heinlein wrote:
On Thu, 14 Feb 2013, Robert Moskowitz wrote:
Over on the bind-users@lists.isc.org list, I am in a discussion about building the named.zone file, as Centos 6.3 does not provide it. It DOES provide a named.ca which is already old (wrt AAAA records) compared to the named.zone provided by internic.
A few contributors have stated that now the hints are built into bind and you can see this with:
strings /usr/local/sbin/named | grep A.ROOT-SERVERS.NET
Well it looks like Centos has it at /usr/sbin/named and there are no such strings in there. Oh, these hints come from "lib/dns/rootns.c in the source code tree".
So are the hints built in here?
See /var/named/named.ca (also visible in /var/named/chroot/var/named).
Yes. I know about that. But as I said, the discussion is that this is no longer needed as the hints are now built into bind if no explicit hint is provided. I am asking if the above stub is included in the Redhat/Centos build. It does not seem so.
and even if - how would this be updated without the need for a security fix since otherwise there are no updates in RHEL
I asked this on the bind-users list, as AAAA records are slowly being added to each root, and got back:
"No need to worry. They are only hints, and named uses them to get the current list of root name servers at startup. Even if they are 15 years out of date it will still work, because the root name servers do not change very often."
So take that with whatever size of salt grain you prefer.
ftp://ftp.internic.net/domain/named.cache and update /var/named/chroot/var/named/named.ca with it is the way to go
What I am doing. But so far something is not set right, as I am not getting responses back, but I think I know why and it is a grrr moment.