subject:"root.hind or named.hint file update"

RE: root.hind or named.hint file update

2016-09-24 Thread Michael Hare

Agreed, using outdated built in hints and diligent logging does cause a minor 
annoyance (minor as it can be filtered after verifying the incident), so there 
is merit in updating even if automatic updates might not make sense.  For 
example, an unfiltered log from a production resolver of ours would like to say 
the following :)

21-Sep-2016 00:01:02.859 general: warning: checkhints: l.root-servers.net/ 
(2001:500:9f::42) missing from hints
21-Sep-2016 00:01:02.859 general: warning: checkhints: l.root-servers.net/ 
(2001:500:3::42) extra record in hints
21-Sep-2016 00:01:03.580 general: warning: checkhints: l.root-servers.net/ 
(2001:500:9f::42) missing from hints
21-Sep-2016 00:01:03.580 general: warning: checkhints: l.root-servers.net/ 
(2001:500:3::42) extra record in hints
21-Sep-2016 00:01:05.102 general: warning: checkhints: l.root-servers.net/ 
(2001:500:9f::42) missing from hints
21-Sep-2016 00:01:05.102 general: warning: checkhints: l.root-servers.net/ 
(2001:500:3::42) extra record in hints
21-Sep-2016 00:01:05.174 general: warning: checkhints: l.root-servers.net/ 
(2001:500:9f::42) missing from hints
21-Sep-2016 00:01:05.174 general: warning: checkhints: l.root-servers.net/ 
(2001:500:3::42) extra record in hints
21-Sep-2016 00:01:06.087 general: warning: checkhints: l.root-servers.net/ 
(2001:500:9f::42) missing from hints

-Michael

-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus 
UHLAR - fantomas
Sent: Friday, September 23, 2016 7:32 AM
To: bind-users@lists.isc.org
Subject: Re: root.hind or named.hint file update

>Pol Hallen <bin...@fuckaround.org> wrote:
>>
>> is it recommend put a cron script for auto-update root.hind and named.hint 
>> db?

On 23.09.16 12:54, Tony Finch wrote:
>No, it's best not to have a hints file and just use the one built in to BIND.

i would not say that... it's better to use builtin hints file than having
outdated hints file.

But if someone does care about hints file, it's better to have current
version, when the builtin one is older.


-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: root.hind or named.hint file update

2016-09-23 Thread /dev/rob0

On Fri, Sep 23, 2016 at 02:31:51PM +0200,
   Matus UHLAR - fantomas wrote:
> >Pol Hallen wrote:
> >>
> >>is it recommend put a cron script for auto-update root.hind
> >>and named.hint db?
> 
> On 23.09.16 12:54, Tony Finch wrote:
> >No, it's best not to have a hints file and just use the one
> >built in to BIND.

I agree.

> i would not say that... it's better to use builtin hints file 
> than having outdated hints file.
> 
> But if someone does care about hints file, it's better to have 
> current version, when the builtin one is older.

Seem that all of Pol's posts lately are about trying to fix problems 
which do not exist, and this one is solidly there.

The fact is, outdated hints (whatever the source, built-in or from 
hints file) will not yet cause a problem.  You could look back to the 
1990s, find a hint file from then, use that now, and you WILL find 
active root servers.

Once you find the root, the hints file is no longer used.  When your 
cached root NS RRset expires, named will go to the known root servers 
to refresh that NS RRset.

In theory, someone could put up a counterfeit root nameserver on an 
IP address formerly used by a real root server, but in practice I 
doubt this will happen.  Furthermore, DNSSEC validation defeats an 
attack of that nature.

Pol, if you are interested in knowing how named uses hints, there's
a fairly recent article on the ISC KB which goes into detail.[1]  My 
personal recommendation, however, is that if you wish to learn more 
about how DNS works, consult a book such as the Cricket book.

[1] Sorry, I am too lazy this morning to look it up for you.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: root.hind or named.hint file update

2016-09-23 Thread Matus UHLAR - fantomas


Pol Hallen  wrote:


is it recommend put a cron script for auto-update root.hind and named.hint db?


On 23.09.16 12:54, Tony Finch wrote:

No, it's best not to have a hints file and just use the one built in to BIND.


i would not say that... it's better to use builtin hints file than having
outdated hints file.

But if someone does care about hints file, it's better to have current
version, when the builtin one is older.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: root.hind or named.hint file update

2016-09-23 Thread Tony Finch

Pol Hallen  wrote:
>
> is it recommend put a cron script for auto-update root.hind and named.hint db?

No, it's best not to have a hints file and just use the one built in to BIND.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Southeast Fitzroy: Southerly 4 or 5, increasing 6 to gale 8. Moderate or
rough, occasionally very rough later. Rain later. Good, becoming poor later.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

root.hind or named.hint file update

2016-09-23 Thread Pol Hallen


Hello all :-)

is it recommend put a cron script for auto-update root.hind and 
named.hint db?


wget --user=ftp --password=ftp ftp://ftp.rs.internic.net/domain/db.cache 
-O /etc/bind/db.root

dig +bufsize=1200 +norec NS . @a.root-servers.net > /var/named/named.root

using debian there isn't any cron script

thanks!

Pol
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: root.hind or named.hint file update

Re: root.hind or named.hint file update

Re: root.hind or named.hint file update

Re: root.hind or named.hint file update

root.hind or named.hint file update

5 matches

Site Navigation

Mail list logo

Footer information