Re: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints

Alberto Colosi alcol at hotmail.com
Sat Sep 9 17:07:34 UTC 2017


why to write here on the list ?

simply is a problem rom your script (file overwrite) or nist file could be dirty.


I hate automatic update special each day specia for roots inside dns (they change one time every twenty years ... if is a change).


I don't kno nist file, I ever used internic for my dns where installed inside IBM Corporate or inside clients site.


With internic file ever I found fine. Have you simply tried to stop named , put a good root file , clean logs and start named again ?.


If all go fine the hole is inside your home, if not , nist file have some chars dirty or your transfer go in a wrong way.


Even try other sources like internic ... all root files should , HAVE TO BE the same if you want dns to work fine, so all sources SHOULD/COULD be fine.


>From my side, let a sugestion, leave CENTOS (forget that exist) and use ubuntu or BETTER fedora core (server) and use last ISC BIND from source (I ever compiled my daemons as like BIND from myself with options and libs as needed and even you can anser mor quick to a vulnerability issue).


As last, don't use beta or RC in a production enviroment.


ITC Security and NetWork Architect and Admin / Engineer

ITC Senior Specialist





________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Stefan Sticht <stefan at sticht.net>
Sent: Saturday, September 9, 2017 6:43 PM
To: bind-users at lists.isc.org
Subject: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints

Hi,

since a couple of weeks i repeatedly see this in all my nameserver logs:

Sep  8 12:12:56 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
Sep  8 12:13:03 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:84::b) missing from hints
Sep  8 12:13:03 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
Sep  8 12:13:07 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:84::b) missing from hints
Sep  8 12:13:07 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
Sep  8 12:13:11 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:84::b) missing from hints
Sep  8 12:13:11 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints

I have two views named internal and external. Only the internal view has this problem. Both views use

         zone "." IN {
                 type hint;
                 file "named.ca";
         };

I update the hints file daily.

All nameservers use bind, some the standard bind on CentOS 6, some the one on Centos7.

  BIND 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4
  BIND 9.9.4-RedHat-9.9.4-50.el7_3.1

Anyone an idea?

Thanks!

Stefan


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170909/3d9225e1/attachment.html>


More information about the bind-users mailing list