[dns-operations] Dynamically updated root hints (was Re: FreeBSD and the slaving of the root zone)
Mark_Andrews at isc.org
Fri Aug 3 01:39:59 UTC 2007
> On Thu, 02 Aug 2007, Paul Vixie wrote:
> > clearly this isn't BIND specific, any full resolver that had
> > persistent malleable config storage could do this.
> The Microsoft DNS Server overwrites the on-disk hints file with the
> results of a successful priming query (or, at least, it used to the
> last version I checked). As long as you take some obvious
> precautions, this sounds like a great idea to me. (I like your idea
> of requiring the same response multiple times before committing it to
> disk.) The server could also clearly rename the previous file as a
> backup (and perhaps even keep two or three previous files), just so
> the change wasn't completely irreversible.
> Here's my vote to put this feature in BIND!
> dns-operations mailing list
> dns-operations at lists.oarci.net
For the Internet, as it now stands, signing root-servers.net
and validating the addresses would be enough as the only
changes are to addresses not nameserver names.
Signing the root would be better still for the general case.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations