default dns config change causing major poolpah

Matthew Dillon dillon at
Thu Aug 2 01:35:48 UTC 2007

    The vast majority of machine installations just slave their dns off
    of another machine, and because of that I do not think it is particularly
    odious to require some level of skill for those who actually want to set
    up their own server.

    To that end what I do on DragonFly is simply supply a README file in
    /etc/namedb along with a few helper scripts describing how to do it in
    a fairly painless manner.  If a user cannot understand the README then
    he has no business setting up a DNS server anyhow.  Distributions need to
    be fairly sensitive to doing anything that might accidently (through lack
    of understanding) cause an overload of critical internet resources.

    I generally recommend using our 'getroot' script to download an actual file instead of using a hints file (and I guess AXFR is supposed
    to replace both concepts).  It has always seemed to me that actually
    downloading a physical root zone file once a week is the most reliable

    I've never trusted using a hints file... not for at least a decade,
    and I probably wouldn't trust AXFR for the same reason.  Probably my
    mistrust is due to the massive problems I had using a hints file long
    ago and I'm sure it works better these days, but I've never found any
    reason to switch back from an actual

    I've enclosed the getroot script we ship below.  In anycase, it seems
    to me that there is no good reason to try to automate dns services as
    a distribution default in the manner being described.  Just my


#!/bin/tcsh -f
# If you are running named and using as a master, the
# file should be updated periodicly from
# $DragonFly: src/etc/namedb/getroot,v 1.2 2005/02/24 21:58:20 dillon Exp $

cd /etc/namedb
umask 027

set hostname = ''
set remfile = domain/
set locfile =
set path = ( /bin /usr/bin /sbin /usr/sbin )

fetch ftp://${hostname}:/${remfile}
if ( $status != 0) then
    rm -f ${locfile}
    echo "Download failed"
    gunzip < ${locfile} >
    if ( $status == 0 ) then
	rm -f ${locfile}
	if ( -f ) then
	    mv -f
	chmod 644
	mv -f
	echo "Download succeeded, restarting named"
	rndc reload
	sleep 1
	rndc status
	echo "Download failed: gunzip returned an error"
	rm -f ${locfile}

More information about the freebsd-stable mailing list