Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root Zone Changed

Posted by ryuzaki0 on from the verisign-causing-instability-as-usual dept.

An anonymous reader writes "The day before yesterday the root zone was silently changed for the first time in 5 years. The change was to J.ROOT-SERVERS.NET that is now managed by Verisign. The usual sites don't breathe a word about this change however as one would expect for such a change to be properly announced. An interesing sidenote is this thread on the IETF discussion list." the_proton writes "The server j.root-servers.net has changed IP address to 192.58.128.30. The new root zone hints can be grabbed from ftp://rs.internic.net/domain/named.root or ftp://ftp.internic.net/domain/named.root. The new zone serial number is 2002110501."

6 of 298 comments (clear)

  1. Why should we care? by Disoriented · · Score: 4, Interesting

    Maybe someone could explain to us newbies how this affects the operation of the Internet.

  2. Don't panic - and there is no conspiricy by karl.auerbach · · Score: 5, Interesting

    This move is "a good thing".

    The J server shared a broadcast domain (i.e. it was on the same Ethernet) as the A root server. That's was clearly sub-optimal.

    So this move is good in that it creates a small bit of physical separation and a bit larger amount of net-topological separation between the J and A root servers.

    I hear that the old server will continue in operation for an indefinite period - so there is no need to rush out and update your "hints" file for your DNS resolvers - you can do it at your leasure and you probably won't notice even if you forget to do it.

    (Even if the old server is turned off - as long as a bogus server doesn't replace it, when DNS resolvers that are using the old hints file come up and look for a root zone definition, they will simply bypass the non-responsive absent server and try the other hints.)

    But there is another issue - A change in the "hints" is always a nuisance. And since we are incurring this nuisance, I wonder why we did not use this as an opportunity to redress the imbalance of root server placement - there are few root servers in Europe and Asia, and rather than simply moving the J server from one side of Herndon, Virginia to another, why wasn't it moved to Europe of Asia?

  3. Apparently there was also a change today by Kj0n · · Score: 3, Interesting

    Since when I look up the SOA record for the root domain, it gives a serial number of 2002110700 instead of 2002220501.

  4. DDOS by dirvish · · Score: 3, Interesting

    Does this have to do with the DDOS attacks that happened a couple weeks ago? Why else would they not make an announcement? OTOH, the perpetrators of the attacks wouldn't be fooled for long by a name change.

    --
    FoundNews.com - get paid to blog.,
  5. Re:Hoax! by Junta · · Score: 3, Interesting

    If that was intended as a joke, it sucked.

    If not, it is stupid.

    The IP addresses that are reserved for private use are:

    10.0.0.0/8 (10.x.x.x)
    192.168.0.0/16 (192.*168*.x.x)
    172.16.0.0/12 (172.16-31.x.x)

    Quite frankly, I'm not sure why 99.9% of the network administrators gravitate towards 192.168.1.0/24 as their private network address... Even I chose 192.168.123.0/24 as my network, so I'm partially guilty....

    If it is going to always stay a private network, why not just use the full class B? If trying to plan for communications with other private networks in the class B range, why pick something so common?

    I personally have started using 10.(random).(random).0/24 when setting up class C networks. When *really* limited use, I constrict it to /26 or so. This way the chances are low that any private network I want to set up a tunnel with will conflict with my address space...

    Of course I have yet to see 172.16.0.0/12 used by anyone, it's just too damn weird. What's the point? Some routers can't even handle non class a/b/c addresses... But saying you used the class B and a half private network should earn points on some scale..

    --
    XML is like violence. If it doesn't solve the problem, use more.
  6. That's quite simple by BrunoC · · Score: 3, Interesting

    Just a few points here: - I don't think there's a conspiracy here. J is moving and that's it. ICANN does not have to go "stop the presses! J ROOT SERVER is moving". They just have to release the new hints file. There's no need to panic, as someone posted before. - The 13 root servers were attacked, A (hosted by Verisign at undisclosed location ) survived the attack and J didn't. Why not move J to a safer place? - Improving the security of the root servers is a *good* thing, not a bad one. The root servers network is a sensitive one, and everything done there must be done very carefully, especially after the DDoS. - Go get some sleep, the root servers around the world will grant you the right to translate IP addresses :)