On 12/24/23 18:09, David C. Rankin wrote:
On 12/23/23 13:09, Marc Chamberlin via openSUSE Users wrote:
Hi OpenSuSE,  Can any expert on named (bind) tell me why I am getting the following warnings whenever I restart my named.service, and how to fix?

Operating System: openSUSE Leap 15.4
KDE Plasma Version: 5.24.4
KDE Frameworks Version: 5.90.0
Qt Version: 5.15.2
Kernel Version: 5.14.21-150400.24.100-default (64-bit)
Graphics Platform: X11
Processors: 12 × Intel® Xeon® CPU E5-1650 v3 @ 3.50GHz
Memory: 62.7 GiB of RAM
Graphics Processor: Quadro K420/PCIe/SSE2

Dec 23 10:46:39 quasar named[29164]: 23-Dec-2023 10:46:39.150 general: warning: checkhints: view external: b.root-servers.net/A (170.247.170.2) missing from hints
Dec 23 10:46:39 quasar named[29164]: 23-Dec-2023 10:46:39.150 general: warning: checkhints: view external: b.root-servers.net/A (199.9.14.201) extra record in hints
Dec 23 10:46:39 quasar named[29164]: 23-Dec-2023 10:46:39.150 general: warning: checkhints: view external: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
Dec 23 10:46:39 quasar named[29164]: 23-Dec-2023 10:46:39.150 general: warning: checkhints: view external: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
Dec 23 10:46:39 quasar named[29164]: 23-Dec-2023 10:46:39.526 general: warning: checkhints: view internal: b.root-servers.net/A (170.247.170.2) missing from hints
Dec 23 10:46:39 quasar named[29164]: 23-Dec-2023 10:46:39.526 general: warning: checkhints: view internal: b.root-servers.net/A (199.9.14.201) extra record in hints
Dec 23 10:46:39 quasar named[29164]: 23-Dec-2023 10:46:39.526 general: warning: checkhints: view internal: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
Dec 23 10:46:39 quasar named[29164]: 23-Dec-2023 10:46:39.526 general: warning: checkhints: view internal: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints


    Thanks as always, in advance, for helping me solve this puzzle... Marc...


That is because several years ago, bind dropped the requirement for a root.hint file (or named.ca) and provides a compiled-in set of addresses. See: https://bind9.readthedocs.io/en/stable/reference.html under "type hint". All newer versions of bind no longer need it, but can use it if you provide one. In the past you had to provide root.hint that contained, e.g.

.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; FORMERLY C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
<snip>

That file was eliminated from being included in many distro packages for that reason. I haven't checked openSUSE lately, but Arch no longer provides one. Basically, when named runs now, it is smart enough to figure out what the root servers are an caches the information.

You can generate a new cashe file if your build requires it with, e.g.

dig +bufsize=1200 +norec NS . @a.root-servers.net > named.ca

It's probably been 10 years since it went away on Arch.

Thanks David, I regenerated the roots.hints file as you suggested and restarted named.service both with the new roots.hints file and without it. Didn't make any difference. Sigh...   Marc...
--
"The Truth is out there" - Spooky

--
_   _   .   .   .       .   .   .   _   _       .   _   _   _   _   .       .   .   .           _   .   .       .           .   _   _       .   _       _   _   .   .   .       .   _   _   .       _   .   .   _       .   _   _           _   _       .   _       .   _   .       _   .   _   .

Computers: the final frontier.
These are the voyages of the user Marc.
His mission: to explore strange new hardware.
To seek out new software and new applications.
To boldly go where no Marc has gone before!

(This email is digitally signed. My public key for sending encrypted email to me can be found at - https://keys.openpgp.org/search?q=marc@domesweetdome.us.com or just ask me for it and I will send it to you as an attachment. If you don't understand, no worries, just ignore it and/or ask me to explain it further.)