Updating root zone file bind
// // Do not forget to include the reverse lookup zone!
As documented at these zones: "." (the root), ARPA, IN-ADDR. Ask // your network administrator for the IP address of the responsible // master name server. It is always good idea to read CERT's security advisories and to subscribe to the Free BSD security notifications mailing list to stay up to date with the current Internet and Free BSD security issues.
I started running into intermittent DNS issues and in the process I discovered mine were about 6 years out of date!!!!!!!!
Since I run centos with BIND the easiest thing to do is run this simple command via ssh: This pulls the root servers, dumps them to the root hint file “named.ca” and then restarts bind.
Unlike the other configuration files in this example, this file is maintained by someone other than you.
The folks at Inter NIC make it available via ftp: ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; ; This file is made available by Inter NIC ; under anonymous FTP as ; file /domain/; on server FTP.
// This is named after the first bytes of the IP address, in reverse // order, with ". // // If you are going to set up an authoritative server, make sure you // understand the hairy details of how DNS works. zone "." ; /* Slaving the following zones from the root name servers has some significant advantages: 1. No spurious traffic will be sent from your network to the roots 3. When changing a key it is best to include the new key into the zone, while still signing with the old one, and then move over to using the new key to sign. (DNSKEY keytag: 19036 alg: 8 flags: 257) ;; Chase successful// $Free BSD$ // // Refer to the named.conf(5) and named(8) man pages, and the documentation // in /usr/share/doc/bind9 for more details. IN A 192.168.1.1 ; Machine Names localhost IN A 127.0.0.1 ns1 IN A 192.168.1.2 ns2 IN A 192.168.1.3 mx IN A 192.168.1.4 mail IN A 192.168.1.5 ; Aliases www IN CNAME $TTL 3600 1.168.192. A zone is signed using cryptographic keys which must be generated. The preferred method however is to have a strong well-protected Key Signing Key ( part of the file name is a five digit key ID. This is especially important when having more than one key in a zone. It is possible to make a script and a cron job to do this. Be sure to keep private keys confidential, as with all cryptographic keys.The root name servers are a critical part of the Internet infrastructure because they are the first step in translating (resolving) human readable host names into IP addresses that are used in communication between Internet hosts. So how do you know who the Root servers are…via root hints!The root hints file is a small file in your DNS server that stores the root zone server to IP address mapping. A good rule of thumb is to keep your root hints updated every 6 months or so.