Univention Bugzilla – Bug 43590
/etc/bind/db.root is partially outdated
Last modified: 2021-10-26 10:38:03 CEST
The latest available bind9 package (4.1-4-errata/amd64/bind9_9.8.4.dfsg.P1-6+nmu2.126.201702061148_amd64.deb) contains a /etc/bind/db.root which is more than 4 years old and differs partially from named.cache available from ftp://ftp.internic.net/domain/
Any issues arising from that?
I am not sure if there are problems. There was one anecdotal report in http://forum.univention.de/viewtopic.php?f=48&t=6498. Beside some upper/lower case differences for IPv6-addresses and additional IPv6 addresses there is one mentionable thing: < H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 < H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 --- > H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 > H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
Ok, thanks for the report https://www.isc.org/blogs/h-root-will-change-its-addresses-on-1-december-2015-what-does-this-mean-for-you/
Still valid with UCS-4.3: 2016-02-17+01 << 2018-03-07+01
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.
On a Univention Corporate Server 4.4-8 errata1019 (Blumenthal) The Client reports: "..on the UCS system 4.4-8 / 1019 there is an incorrect /etc/bind/db.root which among other things causes these messages to show up in the logs: checkhints: b.root-servers.net/A (192.228.79.201) extra record in hints and checkhints: b.root-servers.net/A (199.9.14.201) missing from hints apart from the fact that requests are still mistakenly made to the old b.root-server.." Asking for /etc/bind/db.root, he delivers the following information: This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . <file>" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.cache ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: February 17, 2016 ; related version of root zone: 2016021701 See full file here: https://pastebin.knut.univention.de/3kR4wuTw#db.root%2520
This is mostly cosmetic. You can easily fix it by doing > wget -O/etc/bind/db.root https://www.internic.net/domain/named.root UCS-4.4 is based on Debian-9-Stretch, which is old²stable and will probably not receive updates. So don't wait for any work here; this bug will probably be just closed again as WONTFIX in some years.