root hints

Joseph S D Yao jsdy at
Sat Jan 29 02:47:49 UTC 2011

On Fri, Jan 28, 2011 at 04:40:50PM +0800, pyh at wrote:
> Joseph S D Yao writes: 
> > Just because we don't need to, doesn't mean that it's a good practtice
> > not to.  And it's so easy to create one on a system where DNS is already
> > set up. 
> > 
> > 	dig ns . > root.hints 
> I disagree with this.
> Few files mean few risk for admin.
> How about the case when someone did "echo > root.hints" by mistake? 
> Regards.


We can agree to disagree.  I admit I prefer to have more control over
the configuration, and am uncomfortable with "invisible" parts of the
configuration.  I like those appliances best where I can log in the
maintenance port and see the whole configuration laid out before me.  It
helps with debugging, too.

As for "echo > root.hints", who leaves their configuration files
writable, or does it as the super-user?  That's bound to get you in
trouble.  Use configuration management software that leaves you with a
read-only file!

** Joe Yao				jsdy at - Joseph S. D. Yao

More information about the bind-users mailing list