<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr">
<p>why to write here on the list ?</p>
<p>simply is a problem rom your script (file overwrite) or nist file could be dirty.
<br>
</p>
<p><br>
</p>
<p>I hate automatic update special each day specia for roots inside dns (they change one time every twenty years ... if is a change).</p>
<p><br>
</p>
<p>I don't kno nist file, I ever used internic for my dns where installed inside IBM Corporate or inside clients site.</p>
<p><br>
</p>
<p>With internic file ever I found fine. Have you simply tried to stop named , put a good root file , clean logs and start named again ?.</p>
<p><br>
</p>
<p>If all go fine the hole is inside your home, if not , nist file have some chars dirty or your transfer go in a wrong way.</p>
<p><br>
</p>
<p>Even try other sources like internic ... all root files should , HAVE TO BE the same if you want dns to work fine, so all sources SHOULD/COULD be fine.</p>
<p><br>
</p>
<p><b><span style="color: rgb(255, 0, 0);">From my side, let a sugestion, leave CENTOS (forget that exist) and use ubuntu or BETTER fedora core (server) and use last ISC BIND from source (I ever compiled my daemons as like BIND from myself with options and
libs as needed and even you can anser mor quick to a vulnerability issue).</span></b></p>
<p><br>
</p>
<p>As last, don't use beta or RC in a production enviroment.</p>
<p><br>
</p>
<p>ITC Security and NetWork Architect and Admin / Engineer</p>
<p>ITC Senior Specialist<br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" color="#000000" face="Calibri, sans-serif"><b>From:</b> bind-users <bind-users-bounces@lists.isc.org> on behalf of Stefan Sticht <stefan@sticht.net><br>
<b>Sent:</b> Saturday, September 9, 2017 6:43 PM<br>
<b>To:</b> bind-users@lists.isc.org<br>
<b>Subject:</b> checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints</font>
<div> </div>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">Hi,<br>
<br>
since a couple of weeks i repeatedly see this in all my nameserver logs:<br>
<br>
Sep 8 12:12:56 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints<br>
Sep 8 12:13:03 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:84::b) missing from hints<br>
Sep 8 12:13:03 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints<br>
Sep 8 12:13:07 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:84::b) missing from hints<br>
Sep 8 12:13:07 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints<br>
Sep 8 12:13:11 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:84::b) missing from hints<br>
Sep 8 12:13:11 ns-01 named[17926]: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints<br>
<br>
I have two views named internal and external. Only the internal view has this problem. Both views use<br>
<br>
zone "." IN {<br>
type hint;<br>
file "named.ca";<br>
};<br>
<br>
I update the hints file daily.<br>
<br>
All nameservers use bind, some the standard bind on CentOS 6, some the one on Centos7.<br>
<br>
BIND 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4<br>
BIND 9.9.4-RedHat-9.9.4-50.el7_3.1<br>
<br>
Anyone an idea?<br>
<br>
Thanks!<br>
<br>
Stefan<br>
<br>
<br>
</div>
</span></font></div>
</div>
</body>
</html>