Root Hints On BIND DNS Servers
DNS is the resolution protocol for the interwebz. Basically, when your browser does a lookup for a URL it asks your configured DNS server to tell him what IP address the content lives at…but how does your DNS server know where to look for this information?
The Root servers, of course. What are they you ask?
A root name server is a name server for the root zone of the Domain Name System of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD). The root name servers are a critical part of the Internet infrastructure because they are the first step in translating (resolving) human readable host names into IP addresses that are used in communication between Internet hosts.
At least, that’s what wikipedia says about it.
So how do you know who the Root servers are…via root hints! The root hints file is a small file in your DNS server that stores the root zone server to IP address mapping. This way your server can query by IP address.
A good rule of thumb is to keep your root hints updated every 6 months or so. I started running into intermittent DNS issues and in the process I discovered mine were about 6 years out of date!!!!!!!!
Since I run centos with BIND the easiest thing to do is run this simple command via ssh:
1 | dig +bufsize=1200 +norec NS . @a.root-servers.net > /var/named/named.ca && service named restart |
This pulls the root servers, dumps them to the root hint file “named.ca” and then restarts bind. You can verify what the root hint file is by checking your named.conf file in /etc/named.com:
I’m lazy and used webmin to schedule the cron job to run every 6 months:
If this was helpful or you happen to have any similar war stories, drop me a line in the comments section.