Reindl Harald h.reindl at
Sun Oct 2 18:41:38 UTC 2016

Am 02.10.2016 um 20:32 schrieb Per olof Ljungmark:
> On 2016-10-02 19:22, Nico CARTRON wrote:
>> Hi Per,
>>> On 2 Oct 2016, at 19:07, Per olof Ljungmark <peo at> wrote:
>>> [...]
>>>> Just use the "hint" type configuration. This is just fine for most users.
>>> The interesting thing is why FreeBSD includes the recommendation in the
>>> default named.conf if that is not good, and I thought it would be
>>> interesting to know why.
>> I just checked one of my FreeBSD servers and couldn't find this section/recommendation.
>> If I'm not mistaken the default named.conf does include hints and also RFC1918, not more.
> The default is the hints file yes, but the default (named.conf.sample)
> file does have the following lines, at least with 9.10 and it uses the
> word "advantages" for the alternative config which obviously does not
> work in all cases. It adds "Use with caution" though.

well, indepenent what some comments pretend with our without warnings - 
*never* ever slave a zone where don't know the admin on the other side 
in person because there is no guarantee that tomorrow a transfer is 
allowed even if it's today

hence the "this method requires more monitoring"

that means: if you can't monitor or even don't know how to monitor and 
don't fully understand leave your fingers from it

> // The traditional root hints mechanism. Use this, OR the slave zones below.
> zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
> /*      Slaving the following zones from the root name servers has some
>         significant advantages:
>         1. Faster local resolution for your users
>         2. No spurious traffic will be sent from your network to the roots
>         3. Greater resilience to any potential root server failure/DDoS
>         On the other hand, this method requires more monitoring than the
>         hints file to be sure that an unexpected failure mode has not
>         incapacitated your server.  Name servers that are serving a lot
>         of clients will benefit more from this approach than individual
>         hosts.  Use with caution.
>         To use this mechanism, uncomment the entries below, and comment
>         the hint zone above.
>         As documented at these zones:
>         "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
>         are available for AXFR from these servers on IPv4 and IPv6:

More information about the bind-users mailing list