Re: Problems with named default configuration in 6-STABLE
- From: Volker <volker@xxxxxxxxxx>
- Date: Tue, 17 Jul 2007 10:52:43 +0200
On 07/17/07 10:05, Heiko Wundram (Beenic) wrote:
On Tuesday 17 July 2007 10:00:43 Volker wrote:
hmm... the root servers should not allow public AXFR. As I've verified
using:
<snip>
Just like you did:
[modelnine@phoenix ~]$ dig -t AXFR @k.root-servers.net . | head -30
; <<>> DiG 9.3.4 <<>> -t AXFR @k.root-servers.net .
; (1 server found)
;; global options: printcmd
. 86400 IN SOA a.root-servers.net.
nstld.verisign-grs.com. 2007071601 1800 900 604800 86400
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
ac. 172800 IN NS a.nic.ac.
ac. 172800 IN NS a.ns13.net.
ac. 172800 IN NS b.nic.ac.
ac. 172800 IN NS b.nic.io.
ac. 172800 IN NS b.nic.sh.
ac. 172800 IN NS b.ns13.net.
ac. 172800 IN NS ns1.communitydns.net.
ac. 172800 IN NS ns3.icb.co.uk.
a.nic.ac. 172800 IN A 64.251.31.177
b.nic.ac. 172800 IN A 217.160.203.158
ad. 172800 IN NS ad.ns.nic.es.
ad. 172800 IN NS ns3.nic.fr.
[modelnine@phoenix ~]$
The head is necessary, as the output is far, far longer than that. As
k.root-servers.net was one of the servers he put in as masters for the root
zone, I should presume that his setup works fine.
Not every root server seems to be happy with transfering zone files:
%dig @a.root-servers.net axfr . | head
; <<>> DiG 9.3.3 <<>> @a.root-servers.net axfr .
; (1 server found)
;; global options: printcmd
; Transfer failed.
%dig @b.root-servers.net axfr . | head
; <<>> DiG 9.3.3 <<>> @b.root-servers.net axfr .
; (1 server found)
;; global options: printcmd
. 86400 IN SOA A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2007071601 1800 900 604800 86400
. 518400 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
. 518400 IN NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
. 518400 IN NS C.ROOT-SERVERS.NET.
b.root-servers.net transfers the zone, but a.root-servers.net refuses.
I remember some years back there has been an attack against some root
servers and the conclusion was to deny zone transfers for them. I
thought all root servers are denying zone transfers generally but some
seem to still (or again) let it pass.
The following servers are refusing zone transfers:
a
d
e
h
i
j
l
m
Relying on a zone transfer doesn't seem to be reliable to me as more
than half of the root servers doesn't reply to AXFR requests.
Volker
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Problems with named default configuration in 6-STABLE
- From: Heiko Wundram (Beenic)
- Re: Problems with named default configuration in 6-STABLE
- References:
- Problems with named default configuration in 6-STABLE
- From: Michael Nottebrock
- Re: Problems with named default configuration in 6-STABLE
- From: Heiko Wundram (Beenic)
- Re: Problems with named default configuration in 6-STABLE
- From: Volker
- Re: Problems with named default configuration in 6-STABLE
- From: Heiko Wundram (Beenic)
- Problems with named default configuration in 6-STABLE
- Prev by Date: Re: Problems with named default configuration in 6-STABLE
- Next by Date: Re: Problems with named default configuration in 6-STABLE
- Previous by thread: Re: Problems with named default configuration in 6-STABLE
- Next by thread: Re: Problems with named default configuration in 6-STABLE
- Index(es):
Relevant Pages
|
