On 6/2/23 11:12 AM, Dave Knight wrote:
commented out the root hints file in /etc/bind/named.conf.default-zones
run named with debugging output enabled and tcpdump running, it primes itself
and validates the priming response at startup
BIND does not "prime itself." That would be impossible. It has a
compiled-in version of root hints that it falls back on if it cannot
find one on the file system.
Regarding your assertion that you can validate the priming query with
DNSSEC, all you can validate is the NS set. The host records cannot be
validated because root-servers.net is not signed.
Doug
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
