[dns-operations] New addresses for b.root-servers.net
Dave Knight
dave at knig.ht
Sat Jun 3 18:03:04 UTC 2023
> On Jun 3, 2023, at 1:22 AM, Doug Barton <dougb at dougbarton.us> wrote:
>
> On 6/2/23 11:12 AM, Dave Knight wrote:
>> commented out the root hints file in /etc/bind/named.conf.default-zones
>> run named with debugging output enabled and tcpdump running, it primes itself and validates the priming response at startup
>
> BIND does not "prime itself." That would be impossible. It has a compiled-in version of root hints that it falls back on if it cannot find one on the file system.
Said exactly that in my initial post in the thread.
> Regarding your assertion that you can validate the priming query with DNSSEC,
I suggested that we validate the priming response, we don't validate queries with DNSSEC.
> all you can validate is the NS set. The host records cannot be validated because root-servers.net is not signed.
Good point!
They're still used to replace what was provided in the root.hints after the priming response is received though.
dave
More information about the dns-operations
mailing list