default dns config change causing major poolpah

Doug Barton dougb at
Thu Aug 2 10:14:41 UTC 2007

Matthew Dillon wrote:

>     I generally recommend using our 'getroot' script to download an actual
> file instead of using a hints file (and I guess AXFR is supposed
>     to replace both concepts). 

Yes to AXFR replacing both, but ...

> It has always seemed to me that actually
>     downloading a physical root zone file once a week is the most reliable
>     solution.

This is a really bad idea. The root zone changes slowly, but it often
changes more than once a week. Add to that the more-rapid deployment
of new TLDs nowadays and the occasional complete reprovisioning of an
existing TLD, and one week is too long to go between updates.

>     I've never trusted using a hints file... not for at least a decade,

I'm not sure how the hints file could fail, it's a pretty simple
mechanism. But you're better off using hints (which go years between
updates, and you only need one good server to get your cache primed
anyway) OR AXFR, which will keep itself up to date automatically.



    This .signature sanitized for your protection

More information about the freebsd-stable mailing list