conf/173077: BIND slaves root and arpa zones on wrong servers
Damien Fleuriot
dam at my.gd
Thu Oct 25 17:10:01 UTC 2012
>Number: 173077
>Category: conf
>Synopsis: BIND slaves root and arpa zones on wrong servers
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Oct 25 17:10:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Damien Fleuriot
>Release: 10.0-CURRENT
>Organization:
hi-media
>Environment:
FreeBSD nas.my.gd 10.0-CURRENT FreeBSD 10.0-CURRENT #3 r239974: Sat Sep 1 18:10:16 UTC 2012 root at nas.my.gd:/usr/obj/data/freebsd/src/head/sys/DAM amd64
>Description:
>From /etc/namedb/named.conf , when using the Slaving mechanism for the root and arpa zones, BIND slaves from F.ROOT-SERVERS.NET.
The commentary lines however recommend using ICANN's XFR servers at:
xfr.lax.dns.icann.org.
xfr.cjr.dns.icann.org.
Is using F an oversight ?
We've had problems at work when our /etc/namedb/slave/root.slave and arpa.slave zones expired after the F root server denied AXFRs from our IPs for over a week.
Moving to ICANN's XFR servers solves our problem.
>How-To-Repeat:
>Fix:
Patch attached to use ICANN's XFR servers instead of F.ROOT-SERVERS.NET
Patch attached with submission follows:
--- named.conf 2012-09-01 11:43:31.689334254 +0000
+++ named.conf.fixed 2012-10-25 18:53:00.175330638 +0000
@@ -102,7 +102,8 @@
type slave;
file "/etc/namedb/slave/root.slave";
masters {
- 192.5.5.241; // F.ROOT-SERVERS.NET.
+ 192.0.32.140; // xfr.lax.dns.icann.org.
+ 192.0.47.140; // xfr.cjr.dns.icann.org.
};
notify no;
};
@@ -110,7 +111,8 @@
type slave;
file "/etc/namedb/slave/arpa.slave";
masters {
- 192.5.5.241; // F.ROOT-SERVERS.NET.
+ 192.0.32.140; // xfr.lax.dns.icann.org.
+ 192.0.47.140; // xfr.cjr.dns.icann.org.
};
notify no;
};
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list