[dns-operations] New addresses for b.root-servers.net
Doug Barton
dougb at dougbarton.us
Sat Jun 3 05:22:01 UTC 2023
On 6/2/23 11:12 AM, Dave Knight wrote:
> commented out the root hints file in /etc/bind/named.conf.default-zones
>
> run named with debugging output enabled and tcpdump running, it primes itself and validates the priming response at startup
BIND does not "prime itself." That would be impossible. It has a
compiled-in version of root hints that it falls back on if it cannot
find one on the file system.
Regarding your assertion that you can validate the priming query with
DNSSEC, all you can validate is the NS set. The host records cannot be
validated because root-servers.net is not signed.
Doug
More information about the dns-operations
mailing list