Am 02.10.2016 um 20:32 schrieb Per olof Ljungmark:
On 2016-10-02 19:22, Nico CARTRON wrote:
Hi Per,
On 2 Oct 2016, at 19:07, Per olof Ljungmark <p...@intersonic.se> wrote:
[...]
Just use the "hint" type configuration. This is just fine for most users.
The interesting thing is why FreeBSD includes the recommendation in the
default named.conf if that is not good, and I thought it would be
interesting to know why.
I just checked one of my FreeBSD servers and couldn't find this
section/recommendation.
If I'm not mistaken the default named.conf does include hints and also RFC1918
in-addr.arpa, not more.
The default is the hints file yes, but the default (named.conf.sample)
file does have the following lines, at least with 9.10 and it uses the
word "advantages" for the alternative config which obviously does not
work in all cases. It adds "Use with caution" though.
well, indepenent what some comments pretend with our without warnings -
*never* ever slave a zone where don't know the admin on the other side
in person because there is no guarantee that tomorrow a transfer is
allowed even if it's today
hence the "this method requires more monitoring"
that means: if you can't monitor or even don't know how to monitor and
don't fully understand leave your fingers from it
// The traditional root hints mechanism. Use this, OR the slave zones below.
zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
/* Slaving the following zones from the root name servers has some
significant advantages:
1. Faster local resolution for your users
2. No spurious traffic will be sent from your network to the roots
3. Greater resilience to any potential root server failure/DDoS
On the other hand, this method requires more monitoring than the
hints file to be sure that an unexpected failure mode has not
incapacitated your server. Name servers that are serving a lot
of clients will benefit more from this approach than individual
hosts. Use with caution.
To use this mechanism, uncomment the entries below, and comment
the hint zone above.
As documented at http://dns.icann.org/services/axfr/ these zones:
"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
are available for AXFR from these servers on IPv4 and IPv6:
xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
