-6

I've checked the /etc/bind/db.root text file and all the root name server IPs are current (I've checked the IPs one by one). So BIND9 reads this file and knows how to find root servers.

The output of dig . ns command shows me this. Why I can't see in the output the actual IP addresses? Is that normal?

;; ANSWER SECTION:
. 13309 IN NS i.root-servers.net.
. 13309 IN NS e.root-servers.net.
. 13309 IN NS g.root-servers.net.
. 13309 IN NS d.root-servers.net.
. 13309 IN NS b.root-servers.net.
. 13309 IN NS a.root-servers.net.
. 13309 IN NS m.root-servers.net.
. 13309 IN NS l.root-servers.net.
. 13309 IN NS k.root-servers.net.
. 13309 IN NS j.root-servers.net.
. 13309 IN NS f.root-servers.net.
. 13309 IN NS c.root-servers.net.
. 13309 IN NS h.root-servers.net.

Then why some people include this in their configuration files?

zone "." {
  type hint;
  file "root.hints";
};

OR:

zone "." {
  type hint;
  file "db.root";
};
womble
  • 95,029
  • 29
  • 173
  • 228
Gregory
  • 121
  • 3
  • 9

2 Answers2

5

You don't see the IPs in the answer section of your dig command because the IPs of the root servers aren't part of the authoritative answer to the query you provided. If you ask one of the root servers the same question, you'll get an answer that includes the IP addresses of the root servers in the "additional" section of the response, but that's because that information is "in bailiwick" for that question. When you ask your local recursive resolver for that info, it's out of bailiwick, and so you don't get that info.

As to why people include a root hints file, it's because without that, the DNS server wouldn't know where to start looking. Since it's a "hint" type zone, the contents never get used to answer a query, but merely to provide the resolver with some internal information to "bootstrap" itself. As soon as more up-to-date information is received from the root servers themselves, the resolver forgets what was in the hint zone and uses the updated information instead.

womble
  • 95,029
  • 29
  • 173
  • 228
  • Thanks for your reply! But I still don't get it... Then why when I was using my ISP's DNS server, the output of the same command yielded also the IP's? What command I should use querying my DNS server to get the IP's? And, finally, if you're saying that without that hint type zone the server won't know how to find root servers, then how come my DNS server does find them now? – Gregory Oct 26 '15 at 06:46
  • 1. I don't know, ask your ISP. 2. I don't know, ask your DNS server. – womble Oct 26 '15 at 23:36
1

BIND9 has default root hints compiled into it, that are used in the absence of a specific configuration directive.

On start up, BIND will then send a "priming query" to the root name servers to replace the loaded root hints with the current list (and will try other root servers if the one chosen doesn't respond).

The root name servers do return the IP list because the list is necessary "glue" for that query. Some recursive servers may return it, others may not. [I've just checked, and one of mine does, but another doesn't - I didn't figure out why yet]

Alnitak
  • 20,901
  • 3
  • 48
  • 81