Hacker News new | ask | show | jobs
by LinuxBender 995 days ago
Edit: my bad you said you talk to the root servers directly. Not sure how to delete comments

It's still a valid question. You are right, one has to bootstrap the root servers. There are a few ways to do this. Assuming one had working DNS server at some point in the past they can

    dig @e.root-servers.net +nocookie +tries=4 +retry=4 +time=8 . ns | grep -Ev "^;|^$" > /etc/unbound/named_hints.tmp # sanity check this
and then do sanity checks on the output prior to loading it as hints in Unbound DNS. The 3K or so root servers are Anycast IP addresses and rarely change so this file will not be stagnant for a very long time thus making thumb drives a valid way to store and transfer this file.
1 comments
icedchai 994 days ago
Why not use the root.hints file available for this purpose? https://www.iana.org/domains/root/files

Generally it is already included with most DNS servers, such as BIND.

link
LinuxBender 994 days ago
That is useful for the initial bootstrapping but should be updated or at least validated a few times a year. If package maintainers are updating it a few times a year that works too.
link
icedchai 994 days ago
Root DNS server IP's do change. However, the old ones stay active for years. Updating your root.hints a few times a year is absolutely not necessary.
link