Hi,
On 2016-10-02 19:22, Nico CARTRON wrote:
> Hi Per,
>
>> On 2 Oct 2016, at 19:07, Per olof Ljungmark <p...@intersonic.se> wrote:
>>
>> [...]
>>
>>> Just use the "hint" type configuration. This is just fine for most users.
>>
>> The interesting thing is why FreeBSD includes the recommendation in the
>> default named.conf if that is not good, and I thought it would be
>> interesting to know why.
>
> I just checked one of my FreeBSD servers and couldn't find this
> section/recommendation.
> If I'm not mistaken the default named.conf does include hints and also
> RFC1918 in-addr.arpa, not more.
The default is the hints file yes, but the default (named.conf.sample)
file does have the following lines, at least with 9.10 and it uses the
word "advantages" for the alternative config which obviously does not
work in all cases. It adds "Use with caution" though.
<snip>
// The traditional root hints mechanism. Use this, OR the slave zones below.
zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
/* Slaving the following zones from the root name servers has some
significant advantages:
1. Faster local resolution for your users
2. No spurious traffic will be sent from your network to the roots
3. Greater resilience to any potential root server failure/DDoS
On the other hand, this method requires more monitoring than the
hints file to be sure that an unexpected failure mode has not
incapacitated your server. Name servers that are serving a lot
of clients will benefit more from this approach than individual
hosts. Use with caution.
To use this mechanism, uncomment the entries below, and comment
the hint zone above.
As documented at http://dns.icann.org/services/axfr/ these zones:
"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
are available for AXFR from these servers on IPv4 and IPv6:
xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
*/
/*
zone "." {
type slave;
file "/usr/local/etc/namedb/slave/root.slave";
masters {
192.5.5.241; // F.ROOT-SERVERS.NET.
};
notify no;
};
zone "arpa" {
type slave;
file "/usr/local/etc/namedb/slave/arpa.slave";
masters {
192.5.5.241; // F.ROOT-SERVERS.NET.
};
notify no;
};
*/
/* Serving the following zones locally will prevent any queries
for these zones leaving your network and going to the root
name servers. This has two significant advantages:
1. Faster local resolution for your users
2. No spurious traffic will be sent from your network to the roots
*/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
