[CentOS] Bind - built in root hints?

Thu Feb 14 18:07:12 UTC 2013
Robert Moskowitz <rgm at htt-consult.com>

On 02/14/2013 12:47 PM, Reindl Harald wrote:
>
> Am 14.02.2013 18:37, schrieb Robert Moskowitz:
>> On 02/14/2013 12:29 PM, Paul Heinlein wrote:
>>> On Thu, 14 Feb 2013, Robert Moskowitz wrote:
>>>
>>>> Over on the bind-users at lists.isc.org list, I am in a discussion about
>>>> building the named.zone file, as Centos 6.3 does not provide it.  It
>>>> DOES provide a named.ca which is already old (wrt AAAA records) compared
>>>> to the named.zone provided by internic.
>>>>
>>>> A few contributors have stated that now the hints are built into bind
>>>> and you can see this with:
>>>>
>>>> strings /usr/local/sbin/named | grep A.ROOT-SERVERS.NET
>>>>
>>>> Well it looks like Centos has it at /usr/sbin/named and there are no
>>>> such strings in there.  Oh, these hints come from "lib/dns/rootns.c in
>>>> the source code tree".
>>>>
>>>> So are the hints built in here?
>>> See /var/named/named.ca (also visible in /var/named/chroot/var/named).
>> Yes.  I know about that. But as I said, the discussion is that this is
>> no longer needed as the hints are now built into bind if no explicit
>> hint is provided.  I am asking if the above stub is included in the
>> Redhat/Centos build.  It does not seem so.
> and even if - how would this be updated without the need
> for a security fix since otherwise there are no updates
> in RHEL

Oh, I have checked and eventhough we are stuck at ver 9.8.2, we are 
current on security patches per the alerts listed by isc.  So our 9.8.2 
is NOT quite 9.8.2....

>
> ftp://ftp.internic.net/domain/named.cache and update
> /var/named/chroot/var/named/named.ca with it is the
> way to go
>