default dns config change causing major poolpah
Matthew Dillon
dillon at apollo.backplane.com
Thu Aug 2 01:35:48 UTC 2007
The vast majority of machine installations just slave their dns off
of another machine, and because of that I do not think it is particularly
odious to require some level of skill for those who actually want to set
up their own server.
To that end what I do on DragonFly is simply supply a README file in
/etc/namedb along with a few helper scripts describing how to do it in
a fairly painless manner. If a user cannot understand the README then
he has no business setting up a DNS server anyhow. Distributions need to
be fairly sensitive to doing anything that might accidently (through lack
of understanding) cause an overload of critical internet resources.
http://www.dragonflybsd.org/cvsweb/src/etc/namedb/
I generally recommend using our 'getroot' script to download an actual
root.zone file instead of using a hints file (and I guess AXFR is supposed
to replace both concepts). It has always seemed to me that actually
downloading a physical root zone file once a week is the most reliable
solution.
I've never trusted using a hints file... not for at least a decade,
and I probably wouldn't trust AXFR for the same reason. Probably my
mistrust is due to the massive problems I had using a hints file long
ago and I'm sure it works better these days, but I've never found any
reason to switch back from an actual root.zone.
I've enclosed the getroot script we ship below. In anycase, it seems
to me that there is no good reason to try to automate dns services as
a distribution default in the manner being described. Just my
two-cents.
-Matt
#!/bin/tcsh -f
#
# If you are running named and using root.zone as a master, the root.zone
# file should be updated periodicly from ftp.rs.internic.net.
#
# $DragonFly: src/etc/namedb/getroot,v 1.2 2005/02/24 21:58:20 dillon Exp $
cd /etc/namedb
umask 027
set hostname = 'ftp.rs.internic.net'
set remfile = domain/root.zone.gz
set locfile = root.zone.gz
set path = ( /bin /usr/bin /sbin /usr/sbin )
fetch ftp://${hostname}:/${remfile}
if ( $status != 0) then
rm -f ${locfile}
echo "Download failed"
else
gunzip < ${locfile} > root.zone.new
if ( $status == 0 ) then
rm -f ${locfile}
if ( -f root.zone ) then
mv -f root.zone root.zone.bak
endif
chmod 644 root.zone.new
mv -f root.zone.new root.zone
echo "Download succeeded, restarting named"
rndc reload
sleep 1
rndc status
else
echo "Download failed: gunzip returned an error"
rm -f ${locfile}
endif
endif
More information about the freebsd-current
mailing list