Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root Zone Changed

Posted by ryuzaki0 on from the verisign-causing-instability-as-usual dept.

An anonymous reader writes "The day before yesterday the root zone was silently changed for the first time in 5 years. The change was to J.ROOT-SERVERS.NET that is now managed by Verisign. The usual sites don't breathe a word about this change however as one would expect for such a change to be properly announced. An interesing sidenote is this thread on the IETF discussion list." the_proton writes "The server j.root-servers.net has changed IP address to 192.58.128.30. The new root zone hints can be grabbed from ftp://rs.internic.net/domain/named.root or ftp://ftp.internic.net/domain/named.root. The new zone serial number is 2002110501."

14 of 298 comments (clear)

  1. a quick theory by cr@ckwhore · · Score: 5, Insightful

    Following the recent DOS attacks against the root servers, it wouldn't surprise me if this move is only a small part of a bigger story. I'm willing to bet that modifications are being made to the networking and security of the root servers that will better prepare the entire root system for future attacks. The move of J. is probably just the tip of the clandestine "ice berg".

    --
    Skiers and Riders -- http://www.snowjournal.com
  2. No. There are no black helicopters here. by Anonymous Coward · · Score: 1, Insightful

    My 'non-expert' understanding of this:

    1. This was discussed in multiple (appropriate) forums significantly before the change.

    2. This will be seemless to properly configured DNS.

    3. This was to move the server to a different subnet from it's 'mirror' for significantly improved reliability.

    Best!

  3. DON'T /. THE NAMED.ROOT FILES!!!! by PacketMaster · · Score: 3, Insightful

    Please don't /. the named.root files Don't click on it just because you're curious to see what they look like. People need to legitimately access those files to update their DNS servers and flooding the FTP with meaningless requests is highly counterproductive.

    Also, Slashdot editors, why even let those links get posted? Every person with a browser is clicking on those to see what they look like and making them inaccessable to people who need them. People who need to see them or access them know where they're at already and people who are that curious should exercise a little personal initiative and go find out where to get them. It's irresponsible on the part of /. to let this happen. Slashdotting a news site is one thing, but Slashdotting internic is a very different can.

    --

    Some people take their .sig way too seriously

    1. Re:DON'T /. THE NAMED.ROOT FILES!!!! by sys$manager · · Score: 3, Insightful

      Nobody needs to legitimately access those files to update their DNS servers. Everything will continue to work fine even if nobody could access those files. Even if you NEEDED to update your root hints file (which you don't), you can always lookup the NS records on another root server and output it to your hints file.

      Nice troll though, it went totally unnoticed until now.

    2. Re:DON'T /. THE NAMED.ROOT FILES!!!! by edA-qa · · Score: 3, Insightful

      Why shouldn't somebody look if they are curious? I often hear about problems resulting from people not knowing enough about computers and the internet, perhaps looking at these root files is a good thing -- certainly some people will just be confused, but others might actually be even more curious and try to figure out what they mean.

      Any extra bit of knowledge anybody has about the internet probably helps everybody in the long run.

      And in any case, since nobody needs this root file immediately, and since the /. effect disappears in a few days, there shouldn't be any concern. At very least, consider this a fair test of the system, we wouldn't want our root name servers running on anything not-up-to-the-job, would we?

    3. Re:DON'T /. THE NAMED.ROOT FILES!!!! by Phroggy · · Score: 3, Insightful

      People need to legitimately access those files to update their DNS servers and flooding the FTP with meaningless requests is highly counterproductive.

      No they don't. People need to type:
      dig @a.root-servers.net > root.hints
      and they'll get exactly the same thing. Much faster and easier, and you can't tell me we're going to slashdot a root nameserver by sending it a bunch of DNS queries like this - that's what root nameservers handle all day.

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  4. Re:This doesn't matter. Really. by Anonymous Coward · · Score: 2, Insightful

    My job involves looking at naked chicks all day. Why doesn't yours?
    Screw the IP change, anyone got more information on how to get a job like this?
  5. Re:Hoax! by Tony+Hoyle · · Score: 2, Insightful

    Score -1: Clueless....

    (hint: Read RFC1918 before posting)

  6. Instability? WTF? by alexjohns · · Score: 4, Insightful
    "verisign-causing-instability-as-usual dept."
    Michael Sims, you're a fucking idiot. You know nothing about the way the internet works. In no way, shape, or form does this cause any instability whatsoever. It improves stability, however slightly.

    You might want to stick to articles about politics or censorship or something. Technical issues don't appear to be your forté.

  7. Re:Why should we care? by Shagg · · Score: 4, Insightful

    Think of it like this:

    If you are looking for the phone number for a company you've never called before, you want to look in the Yellow Pages to find it. Now if your wife has moved the Yellow Pages to a different room in the house, you need to know where she put it. However, in this case it's more like there are 13 copies of the Yellow Pages in your home, and she's only moved one of them... so it's not too big of a deal. It's also not something you need to know unless you run a DNS server.

    --
    Unix is user friendly, it's just selective about who its friends are.
  8. While you're at it, move to OpenNIC by robbo · · Score: 2, Insightful

    If your DNS admin has some savvy, this link should work for you.
    If not, visit
    OpenNIC and then ask your DNS admin to support OpenNIC and erode ICANN's dictatorial regime.

    --
    So long, and thanks for all the Phish
  9. Re:Why should we care? by SacredNaCl · · Score: 5, Insightful

    I wonder if this has anything to do with the recent denial of service attacks against the root servers?

    Just speculating that maybe the attackers used a worm/trojan that was preset to attack them at the previous IP on certain dates? Similar to some things we have seen in the past...

    --
    Freedom is merely privilege extended unless enjoyed by one and all.
  10. Re:Hoax! by .smoke · · Score: 2, Insightful

    You are correct... The following are for private IP addresses (e.g. for NATing):

    10.0.0.0 - 10.255.255.255 (10/8 prefix)
    172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
    192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

    This is according to RFC 1918.

    B*B,
    -Smoke.

  11. I haven't been informed neither! So what? by MavEtJu · · Score: 3, Insightful

    The usual sites don't breathe a word about this change however as one would expect for such a change to be properly announced.

    The impact of this change is close to zero. The announcement is only necessary for people who distribute name-server software. Why?

    - Only the hints-file needs to be changed. The hints file bootstraps the DNS software on where it can find the .-zone. After that has been found, this data is not needed anymore.

    - There are still 12 other perfectly reachable servers in the hints-file. They give you all the information needed.

    - On the old IP address, a server will keep running for a while.

    - Unless you're working for an ISP, you don't need this information. The majority of the internet (windows users) don't have to change anything, they just run use their ISPs nameservers. The majority of the minority of the internet also use the nameservers of the ISP. Only a relative small group run their own servers.

    So dear anonymous writer, don't be afraid, the internet is not going to break because of this. No reason for panic, all is fine.

    --
    bash$ :(){ :|:&};: