[dns-operations] New addresses for b.root-servers.net

Doug Barton dougb at dougbarton.us
Sat Jun 3 05:22:01 UTC 2023


On 6/2/23 11:12 AM, Dave Knight wrote:
> commented out the root hints file in /etc/bind/named.conf.default-zones
> 
> run named with debugging output enabled and tcpdump running, it primes itself and validates the priming response at startup

BIND does not "prime itself." That would be impossible. It has a 
compiled-in version of root hints that it falls back on if it cannot 
find one on the file system.

Regarding your assertion that you can validate the priming query with 
DNSSEC, all you can validate is the NS set. The host records cannot be 
validated because root-servers.net is not signed.

Doug



More information about the dns-operations mailing list