Over on the bind-users at lists.isc.org list, I am in a discussion about building the named.zone file, as Centos 6.3 does not provide it. It DOES provide a named.ca which is already old (wrt AAAA records) compared to the named.zone provided by internic. A few contributors have stated that now the hints are built into bind and you can see this with: strings /usr/local/sbin/named | grep A.ROOT-SERVERS.NET Well it looks like Centos has it at /usr/sbin/named and there are no such strings in there. Oh, these hints come from "lib/dns/rootns.c in the source code tree". So are the hints built in here?
On Thu, 14 Feb 2013, Robert Moskowitz wrote:> Over on the bind-users at lists.isc.org list, I am in a discussion about > building the named.zone file, as Centos 6.3 does not provide it. It > DOES provide a named.ca which is already old (wrt AAAA records) compared > to the named.zone provided by internic. > > A few contributors have stated that now the hints are built into bind > and you can see this with: > > strings /usr/local/sbin/named | grep A.ROOT-SERVERS.NET > > Well it looks like Centos has it at /usr/sbin/named and there are no > such strings in there. Oh, these hints come from "lib/dns/rootns.c in > the source code tree". > > So are the hints built in here?See /var/named/named.ca (also visible in /var/named/chroot/var/named). -- Paul Heinlein heinlein at madboa.com 45?38' N, 122?6' W
On 02/14/2013 12:29 PM, Paul Heinlein wrote:> On Thu, 14 Feb 2013, Robert Moskowitz wrote: > >> Over on the bind-users at lists.isc.org list, I am in a discussion about >> building the named.zone file, as Centos 6.3 does not provide it. It >> DOES provide a named.ca which is already old (wrt AAAA records) compared >> to the named.zone provided by internic. >> >> A few contributors have stated that now the hints are built into bind >> and you can see this with: >> >> strings /usr/local/sbin/named | grep A.ROOT-SERVERS.NET >> >> Well it looks like Centos has it at /usr/sbin/named and there are no >> such strings in there. Oh, these hints come from "lib/dns/rootns.c in >> the source code tree". >> >> So are the hints built in here? > > See /var/named/named.ca (also visible in /var/named/chroot/var/named).Yes. I know about that. But as I said, the discussion is that this is no longer needed as the hints are now built into bind if no explicit hint is provided. I am asking if the above stub is included in the Redhat/Centos build. It does not seem so.
On 02/14/2013 12:47 PM, Reindl Harald wrote:> > Am 14.02.2013 18:37, schrieb Robert Moskowitz: >> On 02/14/2013 12:29 PM, Paul Heinlein wrote: >>> On Thu, 14 Feb 2013, Robert Moskowitz wrote: >>> >>>> Over on the bind-users at lists.isc.org list, I am in a discussion about >>>> building the named.zone file, as Centos 6.3 does not provide it. It >>>> DOES provide a named.ca which is already old (wrt AAAA records) compared >>>> to the named.zone provided by internic. >>>> >>>> A few contributors have stated that now the hints are built into bind >>>> and you can see this with: >>>> >>>> strings /usr/local/sbin/named | grep A.ROOT-SERVERS.NET >>>> >>>> Well it looks like Centos has it at /usr/sbin/named and there are no >>>> such strings in there. Oh, these hints come from "lib/dns/rootns.c in >>>> the source code tree". >>>> >>>> So are the hints built in here? >>> See /var/named/named.ca (also visible in /var/named/chroot/var/named). >> Yes. I know about that. But as I said, the discussion is that this is >> no longer needed as the hints are now built into bind if no explicit >> hint is provided. I am asking if the above stub is included in the >> Redhat/Centos build. It does not seem so. > and even if - how would this be updated without the need > for a security fix since otherwise there are no updates > in RHELI asked this on the bind-users list, as AAAA records are slowly being added to each root, and got back: "No need to worry. They are only hints, and named uses them to get the current list of root name servers at startup. Even if they are 15 years out of date it will still work, because the root name servers do not change very often." So take that with whatever size of salt grain you prefer.> > ftp://ftp.internic.net/domain/named.cache and update > /var/named/chroot/var/named/named.ca with it is the > way to goWhat I am doing. But so far something is not set right, as I am not getting responses back, but I think I know why and it is a grrr moment.
On 02/14/2013 12:47 PM, Reindl Harald wrote:> > Am 14.02.2013 18:37, schrieb Robert Moskowitz: >> On 02/14/2013 12:29 PM, Paul Heinlein wrote: >>> On Thu, 14 Feb 2013, Robert Moskowitz wrote: >>> >>>> Over on the bind-users at lists.isc.org list, I am in a discussion about >>>> building the named.zone file, as Centos 6.3 does not provide it. It >>>> DOES provide a named.ca which is already old (wrt AAAA records) compared >>>> to the named.zone provided by internic. >>>> >>>> A few contributors have stated that now the hints are built into bind >>>> and you can see this with: >>>> >>>> strings /usr/local/sbin/named | grep A.ROOT-SERVERS.NET >>>> >>>> Well it looks like Centos has it at /usr/sbin/named and there are no >>>> such strings in there. Oh, these hints come from "lib/dns/rootns.c in >>>> the source code tree". >>>> >>>> So are the hints built in here? >>> See /var/named/named.ca (also visible in /var/named/chroot/var/named). >> Yes. I know about that. But as I said, the discussion is that this is >> no longer needed as the hints are now built into bind if no explicit >> hint is provided. I am asking if the above stub is included in the >> Redhat/Centos build. It does not seem so. > and even if - how would this be updated without the need > for a security fix since otherwise there are no updates > in RHELOh, I have checked and eventhough we are stuck at ver 9.8.2, we are current on security patches per the alerts listed by isc. So our 9.8.2 is NOT quite 9.8.2....> > ftp://ftp.internic.net/domain/named.cache and update > /var/named/chroot/var/named/named.ca with it is the > way to go >
On 14.02.2013 16:33, Robert Moskowitz wrote:> Over on the bind-users at lists.isc.org list, I am in a discussion about > building the named.zone file, as Centos 6.3 does not provide it. It > DOES provide a named.ca which is already old (wrt AAAA records) compared > to the named.zone provided by internic.Please check my bug report: https://bugzilla.redhat.com/show_bug.cgi?id=901741 Best regards, Morten
On 20.2.2013 02:20, John R Pierce wrote:> On 2/19/2013 4:35 PM, Bry8 Star wrote: >> they can do so bit easily if the old one is visible. > > whats not visible about /var/named/named.ca ? its even listed in > /etc/named.conf as the root zone.hmm, here as I understand this: A point was made by Robert that named.ca is not necessary at all and should be removed. https://lists.isc.org/pipermail/bind-users/2013-February/089740.html https://bugzilla.redhat.com/show_bug.cgi?id=901741 Bry8 said even if named.ca is not necessary it could be still useful for some so do not remove it from the rpm. -- Kind Regards, Markus Falb
On 02/19/2013 09:07 PM, Markus Falb wrote:> On 20.2.2013 02:20, John R Pierce wrote: >> On 2/19/2013 4:35 PM, Bry8 Star wrote: >>> they can do so bit easily if the old one is visible. >> whats not visible about /var/named/named.ca ? its even listed in >> /etc/named.conf as the root zone. > hmm, here as I understand this: > > A point was made by Robert that named.ca is not necessary at all and > should be removed. > > https://lists.isc.org/pipermail/bind-users/2013-February/089740.html > https://bugzilla.redhat.com/show_bug.cgi?id=901741 > > Bry8 said even if named.ca is not necessary it could be still useful for > some so do not remove it from the rpm.I would like to know the use case of its usefulness.