Building a fresh named.root

Chris Buxton clists at buxtonfamily.us
Fri Feb 15 17:37:08 UTC 2013


On Feb 14, 2013, at 8:49 AM, Shawn Bakhtiar wrote:

> 
> Running bind rooted on FC 16 using the standard package.
> 
> The ca file is located in /var/named/chroot/var/named/named.ca
> 
> The hints are not built in. 
> [shawn at www ~]$ strings /usr/sbin/named | grep A.ROOT-SERVERS.NET
> returns nothing.

Yes they are. All versions of BIND since 9.3 or so have had the root hints built in. Even Red Hat's version. Unfortunately, Warren missed a trick of some sort -- I suspect that if you strip the binary, the 'strings' command won't find the values. But they're still there. Adam Tkac would not remove this from the Red Hat SRPM.

Root hints, as somebody pointed out, are just hints. There is no reason to focus on making sure they're 100% accurate. There's also no point in stripping the IPv6 addresses out of the root hints zone if you don't have IPv6 -- the real list will be fetched (by DNS query) from the servers in the hints file, including all of their IPv6 addresses.

If your DNS server doesn't have IPv6 connectivity, I have two comments for you:

- Why not? It's easy to get a tunnel, if nothing else is available.

- Start named with the -4 argument to prevent it from trying to contact IPv6 addresses.

Chris Buxton
BlueCat Networks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130215/faa269dc/attachment.html>


More information about the bind-users mailing list