DNS - slaving the root zone

Terrence Koeman terrence at mediamonks.net
Sun Feb 19 18:39:53 UTC 2012

On Sun, 19 Feb 2012 at 01:14:47, Doug Barton wrote:

> On 02/18/2012 03:23, Damien Fleuriot wrote:
>> On 2/18/12 12:57 AM, Doug Barton wrote:
>>> To clarify, almost universally the opposition to the idea centers
>>> around the problems of users who enable this method, and then don't
>>> notice if something changes/breaks, resulting in a stale zone (or
>>> zones, depending on what you choose to slave). I have always
>>> acknowledged that this is a valid concern, just not one that I think
>>> overwhelms the virtues of doing the slaving in the first place.
>> Could you elaborate on the "something changes/breaks, admin doesn't
>> notice, results in a stale zone" bit ?
> Most commonly whatever auth. server the user is axfr'ing from suddenly
> stops offering that ability.

I'm just done converting from named.root to slaving the root, I checked which servers allow axfr (at least for me...) and added them all as masters. Multiple masters would substantially decrease the risk of stale zones, yes? I have attached the relevant portion of my config, maybe it's useful.

Also, I was wondering, now that I slave . and arpa, is it still beneficial to retain the 'empty zones' that fall within those or are they redundant? 

I figure they are, as the comments say 'Serving the following zones locally will prevent any queries for these zones leaving your network and going to the root name servers.' and now my server *is* the root as far as it knows.


T. Koeman, MTh/BSc/BPsy; Technical Monk

MediaMonks B.V. (www.mediamonks.com)
Please quote relevant replies in correspondence.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: named.conf
Type: application/octet-stream
Size: 12181 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20120219/c71872b9/named.obj

More information about the freebsd-questions mailing list