I don't like "automatic" updates.
... thus the mail when the file is updated and the restart a few days later. For my example, the named.root FTP/HTTP/AXFR server would have to be at least as secure as a root server, but would not have to be more secure. If people want to review the downloads first, sure, it's a good idea. Change the shell script to not move the file and just complain to the admin instead: Mail -s "New Internet root DNS nameservers" hostmaster<<EOF The list of root nameservers in `pwd`/named.root is newer than your current root.cache file. Please run the following on `hostname` after reviewing the contents of the new root server list: cd `pwd` mv named.root root.cache Sincerely, DNS cron on `hostname` EOF The administrator would get around to installing it eventually. For the PC or Mac servers, I'd want a PCN-style update: A new root nameserver list has been downloaded. Would you like to install it now? o Yes o Review it and give me an option to install it. o No, not now, try me later. The idea is to make sure periodic downloads are encouraged from the start and to make sure there is a DNS-known place (whose name is not attached to SRI-NIC.ARPA, NIC.DDN.MIL, or FTP.RS.INTERNIC.NET) where sites can get root server information as long as Internet DNS lives. IMHO, it's better than promoting laziness by making sure that the root nameserver addresses are always the same. (What about IPV6? IPVn?) My shell script was just an example. Implementation may vary. -- Eric Ziegast