≡ Menu

How Do I Update The Root Hints Data File for BIND Named Server?

Q. My local nameserver root zone file is outdated. It has no information about IPv6 and recently changed root server IP address. How do I update my root hints data file under Debian and Red Hat Bind 9 server?

A. Besides your local information, the nameserver also needs to know where the nameservers for the root zone are.

You can retrieve root zone file by visiting ftp://ftp.rs.internic.net. Login as anonymous user and get db.cache file from domain subdirectory.

Sample Old Outdated Root Hints File

; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944
 ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
 
 ;; QUESTION SECTION:
 ;.                              IN      NS
 
 ;; ANSWER SECTION:
 .                       518400  IN      NS      A.ROOT-SERVERS.NET.
 .                       518400  IN      NS      B.ROOT-SERVERS.NET.
 .                       518400  IN      NS      C.ROOT-SERVERS.NET.
 .                       518400  IN      NS      D.ROOT-SERVERS.NET.
 .                       518400  IN      NS      E.ROOT-SERVERS.NET.
 .                       518400  IN      NS      F.ROOT-SERVERS.NET.
 .                       518400  IN      NS      G.ROOT-SERVERS.NET.
 .                       518400  IN      NS      H.ROOT-SERVERS.NET.
 .                       518400  IN      NS      I.ROOT-SERVERS.NET.
 .                       518400  IN      NS      J.ROOT-SERVERS.NET.
 .                       518400  IN      NS      K.ROOT-SERVERS.NET.
 .                       518400  IN      NS      L.ROOT-SERVERS.NET.
 .                       518400  IN      NS      M.ROOT-SERVERS.NET.
 
 ;; ADDITIONAL SECTION:
 A.ROOT-SERVERS.NET.     3600000 IN      A       198.41.0.4
 B.ROOT-SERVERS.NET.     3600000 IN      A       192.228.79.201
 C.ROOT-SERVERS.NET.     3600000 IN      A       192.33.4.12
 D.ROOT-SERVERS.NET.     3600000 IN      A       128.8.10.90
 E.ROOT-SERVERS.NET.     3600000 IN      A       192.203.230.10
 F.ROOT-SERVERS.NET.     3600000 IN      A       192.5.5.241
 G.ROOT-SERVERS.NET.     3600000 IN      A       192.112.36.4
 H.ROOT-SERVERS.NET.     3600000 IN      A       128.63.2.53
 I.ROOT-SERVERS.NET.     3600000 IN      A       192.36.148.17
 J.ROOT-SERVERS.NET.     3600000 IN      A       192.58.128.30
 K.ROOT-SERVERS.NET.     3600000 IN      A       193.0.14.129
 L.ROOT-SERVERS.NET.     3600000 IN      A       198.32.64.12
 M.ROOT-SERVERS.NET.     3600000 IN      A       202.12.27.33
 
 ;; Query time: 81 msec
 ;; SERVER: 198.41.0.4#53(a.root-servers.net.)
 ;; WHEN: Sun Feb  1 11:27:14 2004
 ;; MSG SIZE  rcvd: 436

Use wget command to retrieve file and store to /etc/bind/db.root (Debian / Ubuntu Linux), enter:
# wget --user=ftp --password=ftp ftp://ftp.rs.internic.net/domain/db.cache -O /etc/bind/db.root
Under Red Hat / CentOS / Fedora Linux, default location is /var/named/named.root, enter:
# wget --user=ftp --password=ftp ftp://ftp.rs.internic.net/domain/db.cache -O /var/named/named.root
Reload rndc to update information, enter:
# rndc reload
Another option is run dig command to fetch information:
# dig +bufsize=1200 +norec NS . @a.root-servers.net > /var/named/named.root

The root zone's nameservers change over time, don't assume this list is current. Always download a new version of db.cache once or twice year is sufficient. You can also schedule cron jon to update file. The best place to get update about this file is bind-users mailing list.

Sample updated root hints data file

;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  "
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/db.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    Feb 04, 2008
;       related version of root zone:   2008020400
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
;
; formerly NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; formerly C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; formerly TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
;
; formerly NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; formerly NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
;
; formerly NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803f:235
;
; formerly NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
;
; operated by VeriSign, Inc.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
;
; operated by RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
;
; operated by ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
;
; operated by WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
; End of File
Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 4 comments… add one }

Leave a Comment