I don't like "automatic" updates.
... thus the mail when the file is updated and the restart a few
days later. For my example, the named.root FTP/HTTP/AXFR server
would have to be at least as secure as a root server, but would
not have to be more secure.
If people want to review the downloads first, sure, it's a good
idea. Change the shell script to not move the file and just
complain to the admin instead:
Mail -s "New Internet root DNS nameservers" hostmaster<<EOF
The list of root nameservers in `pwd`/named.root is newer
than your current root.cache file. Please run the following on
`hostname` after reviewing the contents of the new root server
mv named.root root.cache
DNS cron on `hostname`
The administrator would get around to installing it eventually.
For the PC or Mac servers, I'd want a PCN-style update:
A new root nameserver list has been downloaded.
Would you like to install it now?
o Review it and give me an option to install it.
o No, not now, try me later.
The idea is to make sure periodic downloads are encouraged from the
start and to make sure there is a DNS-known place (whose name is not
attached to SRI-NIC.ARPA, NIC.DDN.MIL, or FTP.RS.INTERNIC.NET) where
sites can get root server information as long as Internet DNS lives.
IMHO, it's better than promoting laziness by making sure that the
root nameserver addresses are always the same. (What about IPV6? IPVn?)
My shell script was just an example. Implementation may vary.