[dns-operations] Dynamically updated root hints (was Re: FreeBSD and the slaving of the root zone)
Mark Andrews
Mark_Andrews at isc.org
Fri Aug 3 01:39:59 UTC 2007
> On Thu, 02 Aug 2007, Paul Vixie wrote:
> > clearly this isn't BIND specific, any full resolver that had
> > persistent malleable config storage could do this.
>
> The Microsoft DNS Server overwrites the on-disk hints file with the
> results of a successful priming query (or, at least, it used to the
> last version I checked). As long as you take some obvious
> precautions, this sounds like a great idea to me. (I like your idea
> of requiring the same response multiple times before committing it to
> disk.) The server could also clearly rename the previous file as a
> backup (and perhaps even keep two or three previous files), just so
> the change wasn't completely irreversible.
>
> Here's my vote to put this feature in BIND!
>
> Matt
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
For the Internet, as it now stands, signing root-servers.net
and validating the addresses would be enough as the only
changes are to addresses not nameserver names.
Signing the root would be better still for the general case.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations
mailing list