Nick, Greg, Thank you both, don't deal with that level of detail very often but I love having a clue as to the underpinnings of things. The root priming process is exactly the sort of thing you'd hope a service like this did, and it does!
Thanks, Brian From: bind-users <bind-users-boun...@lists.isc.org> On Behalf Of Greg Choules via bind-users Sent: Tuesday, December 10, 2024 2:57 AM To: Nick Tait <n...@tait.net.nz> Cc: bind-users@lists.isc.org Subject: Re: forwarding non-domain queries ATTENTION: This email came from an external source. Do not open attachments or click on links from unknown senders or unexpected emails. Hi Nick. True, they do, but very infrequently. Here are the ones I could find from recent history: b-root 2023-11-27 i-root 2016-03-23 h-root 2015-12-01 d-root 2013-01-03 l-root 2007-11-01 Despite those changes, each release of BIND (and other resolvers, I believe) contains the current set, whatever they are, and one of the first things a resolver does when it starts receiving queries is to update the set of roots in a process known as root priming. So, genuinely private networks aside, there is no reason to maintain your own hints file and therefore hint zone. Cheers, Greg On Tue, 10 Dec 2024 at 07:26, Nick Tait via bind-users <bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>> wrote: On 10/12/2024 12:25, Greg Choules via bind-users wrote: > Actually you don't need it anyway, even if you are doing recursion, as > Internet root hints have been built into BIND for many years. The only > reason you would need a hint zone is to define custom roots for a > private network that is *completely* isolated from the Internet. Your > corporate network does not meet that criterion because your corporate > DNS servers will be answering names from the Internet. Therefore, lose > the hint zone. The only consideration here is that every so often a change might be made to the root DNS servers, and based on past experience it has taken many months for the compiled-in list of root servers within BIND to be updated, which results in warnings being logged by BIND. Having a hint file allows you to update that file - either manually or by upgrading a distro package (e.g. "dns-root-data" on Ubuntu) - to eliminate those warnings. Nick. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> https://lists.isc.org/mailman/listinfo/bind-users
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
