Slashdot Mirror
Root Zone Changed
An anonymous reader writes "The day before yesterday the root zone was silently changed for the first time in 5 years. The change was to J.ROOT-SERVERS.NET that is now managed by Verisign. The usual sites don't breathe a word about this change however as one would expect for such a change to be properly announced. An interesing sidenote is this thread on the IETF discussion list." the_proton writes "The server j.root-servers.net has changed IP address to 192.58.128.30. The new root zone hints can be grabbed from ftp://rs.internic.net/domain/named.root or ftp://ftp.internic.net/domain/named.root.
The new zone serial number is 2002110501."
Maybe someone could explain to us newbies how this affects the operation of the Internet.
This move is "a good thing".
The J server shared a broadcast domain (i.e. it was on the same Ethernet) as the A root server. That's was clearly sub-optimal.
So this move is good in that it creates a small bit of physical separation and a bit larger amount of net-topological separation between the J and A root servers.
I hear that the old server will continue in operation for an indefinite period - so there is no need to rush out and update your "hints" file for your DNS resolvers - you can do it at your leasure and you probably won't notice even if you forget to do it.
(Even if the old server is turned off - as long as a bogus server doesn't replace it, when DNS resolvers that are using the old hints file come up and look for a root zone definition, they will simply bypass the non-responsive absent server and try the other hints.)
But there is another issue - A change in the "hints" is always a nuisance. And since we are incurring this nuisance, I wonder why we did not use this as an opportunity to redress the imbalance of root server placement - there are few root servers in Europe and Asia, and rather than simply moving the J server from one side of Herndon, Virginia to another, why wasn't it moved to Europe of Asia?
What exactly is a root zone?
Since when I look up the SOA record for the root domain, it gives a serial number of 2002110700 instead of 2002220501.
Does this have to do with the DDOS attacks that happened a couple weeks ago? Why else would they not make an announcement? OTOH, the perpetrators of the attacks wouldn't be fooled for long by a name change.
FoundNews.com - get paid to blog.,
Its not at all critical and there is a reason its called a "hint" file.
/. the ftp server,
When you start up bind, it will loads the hints file. when you do a dns query where it has to go to the root, it grabs one out of the hints and does a lookup while timimg how long that server took. Its then continues through the list using the one with the lowest time and it increments a running average so that it will retry all the roots over time. At some point during this process it will find out the serail number of the root zone isn't quite what it expected and then will ask the a root server for the list of root servers. If your bind has been running for weeks, months or years, it already has the new data. Its just the startup data that has one wrong entry -- if you've been running a recent zone file, I've seen servers that runing hint files that are close to a decade old.
If you don't want to
$ dig @a.ROOT-SERVERS.NET. . ns > root.hints
This would only be an urgent issue if they address of one of the root servers was assigned to a different group.
If that was intended as a joke, it sucked.
/26 or so. This way the chances are low that any private network I want to set up a tunnel with will conflict with my address space...
If not, it is stupid.
The IP addresses that are reserved for private use are:
10.0.0.0/8 (10.x.x.x)
192.168.0.0/16 (192.*168*.x.x)
172.16.0.0/12 (172.16-31.x.x)
Quite frankly, I'm not sure why 99.9% of the network administrators gravitate towards 192.168.1.0/24 as their private network address... Even I chose 192.168.123.0/24 as my network, so I'm partially guilty....
If it is going to always stay a private network, why not just use the full class B? If trying to plan for communications with other private networks in the class B range, why pick something so common?
I personally have started using 10.(random).(random).0/24 when setting up class C networks. When *really* limited use, I constrict it to
Of course I have yet to see 172.16.0.0/12 used by anyone, it's just too damn weird. What's the point? Some routers can't even handle non class a/b/c addresses... But saying you used the class B and a half private network should earn points on some scale..
XML is like violence. If it doesn't solve the problem, use more.
I just noticed that the new file is no longer available via gopher ;)
/domain/named.root
/domain/named.root
Old file:...
under anonymous FTP as
; file
; on server FTP.RS.INTERNIC.NET
; -OR- under Gopher at RS.INTERNIC.NET
; under menu InterNIC Registration Services (NSI)
; submenu InterNIC Registration Archives
; file named.root
New file:
; This file is made available by InterNIC
; under anonymous FTP as
; file
; on server FTP.INTERNIC.NET
Just a few points here: - I don't think there's a conspiracy here. J is moving and that's it. ICANN does not have to go "stop the presses! J ROOT SERVER is moving". They just have to release the new hints file. There's no need to panic, as someone posted before. - The 13 root servers were attacked, A (hosted by Verisign at undisclosed location ) survived the attack and J didn't. Why not move J to a safer place? - Improving the security of the root servers is a *good* thing, not a bad one. The root servers network is a sensitive one, and everything done there must be done very carefully, especially after the DDoS. - Go get some sleep, the root servers around the world will grant you the right to translate IP addresses :)