root.ca
Mark Andrews
Mark_Andrews at isc.org
Thu Apr 10 23:11:00 UTC 2008
> On Apr 8 2008, Paul Vixie wrote:
>
> >Chris Buxton <cbuxton at menandmice.com> writes:
> >
> >> It would be nice if the name server did actually update the file with
> >> the resulting cached list of root servers, but it doesn't.
> >
> >when dnssec is eventually deployed, we will consider updating the file.
> >until then, the chance of getting flooded with spoofed-source responses
> >trying to guess our upstream query-id during boot time is just too high
> >(which is to say, it's epsilon zero and we need it to be real zero.)
>
> Hmmm... in some of my configurations, the hints file is deliberately
> in a directory that is not writable by the uid BIND runs as.
I suspect there would be a specific zone option to turn this on.
Mark
> --
> Chris Thompson
> Email: cet1 at cam.ac.uk
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list