Root Zone Changed

An anonymous reader writes "The day before yesterday the root zone was silently changed for the first time in 5 years. The change was to J.ROOT-SERVERS.NET that is now managed by Verisign. The usual sites don't breathe a word about this change however as one would expect for such a change to be properly announced. An interesing sidenote is this thread on the IETF discussion list." the_proton writes "The server j.root-servers.net has changed IP address to 192.58.128.30. The new root zone hints can be grabbed from ftp://rs.internic.net/domain/named.root or ftp://ftp.internic.net/domain/named.root. The new zone serial number is 2002110501."

Why should we care?

[Disoriented]

Maybe someone could explain to us newbies how this affects the operation of the Internet.

Re:Why should we care?

[LinuxOnHal]

Without getting extremely technical with it, this mostly affects your ISP. If your ISP does not update their root zone files, when you attempt to resolve a website, your ISP has one less server for it to resolve the root server for and CC top level domains, as well as .com, .org, .net, etc.

Re:Why should we care?

[nelsonal]

The root servers are the master list of domain names for the Internet. The computers still use IP addresses to talk, but us Humans prefer remembering slashdot.org to 66.35.250.150. In meatspace terms, I think this is along the lines of a construction company changing the composition of their concrete for use on the Highway system, you might not notice the change as a user, but it could be a bad decision.
All I want to know is if Sun is back to being the . in .com? :)

Re:Why should we care?

[a+(+h+3+r+0+n]

The root zones are where are all top-level DNS queries start. Think of the internet domain system as one giant honkin' tree. The root servers at the top manage domain information for the top level zones, and they pass off queries down the tree until the query hits an authoritative DNS server for the domain in question.

This affects administrators of DNS servers, because in the DNS config is a list of the IP addresses where these root servers can be found.

Why should you care? You probably don't. It doesn't affect you directly. That is, unless all the root servers mysteriously die one day. That would make surfing for your pr0n a thing of near impossibility. :)

Re:Why should we care?

[KieranElby]

> Maybe someone could explain to us newbies how this affects the operation of the Internet.

Ok.

Here's the usual (much simplified) explanation for how DNS (that is, maping hostnames to IP addresses) works:

Let's assume we want to connect to www.slashdot.org. We need to know it's IP address in order to do this.

What we do is:

1) Ask one of the 13 root servers which server handles .org domains.

2) Ask that server which server handles the slashdot.org domain.

3)Ask that server which server handles the www.slashdot.org zone.

However, this begs the question:

"Where do the root servers get their info. from?"

Well, as of yesterday they're getting it from 192.58.128.30.

To some extent, 192.58.128.30 is now the most important address on the internet since it is the highest authority for the rather important business of looking up addresses.

Re:Why should we care?

[spinlocked]

All I want to know is if Sun is back to being the . in .com

I think Sun's marketing department finally realised that's not a good thing to be :)

Re:Why should we care?

Not exactly. The question is actually "how do we find the root servers to ask them who handles .org" aka, "how do we find out who handles '.'".

The answer is to keep a list of the 13 root servers' IPs on disk, in a file called (appropriately enough) "root.hints".

J is *one* of the root servers, and it has changed its IP. Therefore at some point people should update their root.hints files to reflect this change.

There's no hurry, because the other 12 haven't moved, and over time the update will tend to happen without any special help as you upgrade your DNS install, etc.

Re:Why should we care?

[Shagg]

Think of it like this:

If you are looking for the phone number for a company you've never called before, you want to look in the Yellow Pages to find it. Now if your wife has moved the Yellow Pages to a different room in the house, you need to know where she put it. However, in this case it's more like there are 13 copies of the Yellow Pages in your home, and she's only moved one of them... so it's not too big of a deal. It's also not something you need to know unless you run a DNS server.

Re:Why should we care?

[SacredNaCl]

I wonder if this has anything to do with the recent denial of service attacks against the root servers?

Just speculating that maybe the attackers used a worm/trojan that was preset to attack them at the previous IP on certain dates? Similar to some things we have seen in the past...

Re:Why should we care?

[Strog]

A.ROOT-SERVERS.NET is considered the ultimate authority in DNS. It is also called "dot" and used to be a healthy Sun box. So they really were the "dot" in .com in a sense and that's what made it so funny. That box was replaced with an IBM box and now IBM could say they are the "dot" in .com.

Link here

Re:Why should we care?

[br0ck]

I think your suspicion has been confirmed by a this recent New Scientist article. It says one of the Versign root servers was actually moved to a new location so that two servers wouldn't be relying on the same infrastructure. It does not mention the IP change, but it seems to make sense.

Re:Why should we care?

[Alsee]

Now if your wife has moved the Yellow Pages to a different room in the house, you need to know where she put it. However, in this case it's more like there are 13 copies of the Yellow Pages in your home, and she's only moved one of them... so it's not too big of a deal.

I don't give a damn about the Yellow Pages, I just wish she'd stop leaving the frigg'n cordless phone burried in a pile of freshly folded laundry.

-

Thanks Micheal, you're gonna /.

[Hairy_Potter]

the internet. Don't every one go J.ROOT-NET.NET now.

Re:Thanks Micheal, you're gonna /.

[br0ck]

Oddly, the reply to the NANOG post about the change encourages people to hold off on downloding the hints file to prevent Slashdotting internic.net since. The reply claims that the update is not at all critical.

bah.

[grub]

Whenever I go near a "root zone" I end up getting pepper sprayed and charged with sexual assault.

It was announced on NANOG.....

[dannyp]

....the day before. See the message. Granted not much warning, but it wasn't silent.

Re:It was announced on NANOG.....

[l1_wulf]

As it has been pointed out further down (for those of us that sort by score), this is truly a non-event and makes no significant impact on the typical /. reader. I will not take credit for the following information, but will quote someone that I think summed up the situation enough to hopefully keep the average Joe from /.ing any of the links posted in the article above. ccandreva posted

This is not a change that needs to be done immediately. For one thing, there are 13 (A - M) root servers. As long as your name server can contact one of them, it will download the latest list at start-up, so your root file can be fairly out of date, and still be fine when running. Also, the announcement says that the server will respond on both IP addresses "for the forseeable future".

Essentially, unless you know specifically that you are directly affected by this change, and can explain in detail why exactly you need this information right now, there is no need to /. any of the links above. If you run a linux box and keep your builds rather current, then I can assure you that there is no need to update. Think about it, the last change was 5 years ago, there should not be a major rush to update for the majority of us.

Verisign? Does that mean

[myowntrueself]

that we are going to need Microsoft passport to make changes to DNS now?

Re:Verisign? Does that mean

[TheCeltic]

Not unless at least one of the Root servers changes from being UNIX based... Come now.. can you imagine the size of the windows cluster needed to offer a stable Root server? It would fill a warehouse!

Re:Verisign? Does that mean

[rizzo]

For whatever subliminal reason I thought you typed "whorehouse" instead of "warehouse". Offtopic, but I thought I'd share. ;)

a quick theory

[cr@ckwhore]

Following the recent DOS attacks against the root servers, it wouldn't surprise me if this move is only a small part of a bigger story. I'm willing to bet that modifications are being made to the networking and security of the root servers that will better prepare the entire root system for future attacks. The move of J. is probably just the tip of the clandestine "ice berg".

Re:a quick theory

[bugpit]

See the CNET article, Key Internet server moved for security, tho Verisign claims that the timing was coincidental.

Re:protocols?

IANA made the decision and they are the appropriate authority to do such things.

This doesn't matter. Really.

[toastyman]

To quote Sean Donelan's post on NANOG:

Since its been 5 years since the hints/cache boot file has changed,
it may be useful to remind people an immediate change to your
local configuration files is not required. You don't need to
slashdot internic.net tomorrow morning trying to download the file.

As long as 1 listed IP address responds with the current list of root
servers, the server doesn't even need to be a root server itself, your
name server should figure out who are the current roots. In the 1980's
and 1990's when the hints/cache file changed regularly, some people when
years without updating it. Or only updated it when they upgraded their
name server code.

Don't Panic.

To sum up: You don't need to change anything. As long as one of the 13 servers in your hints/cache file responds, your name server will download the updated list on startup. You only have to worry if you've put off updating it so long that all 13 servers have changed IP's. Pretty unlikely, since that would be a hints file that's more than 10 years old at least. (You're not running Linux, anyway...)

And no, this isn't verisign-causing-instability-as-usual. They're actually trying to help it. Before this change, both a.root-servers.net and j.root-servers.net were in the same /24 and in the same BGP annoucement. They're moving things around a bit(presumably) to increase reliability and redundancy.

Anyone that cares...

[pirodude]

Anyone that cares and needs to know about it was properly notified. There was a post to NANOG 3 days ago about it:

*****PLEASE NOTE*****
This is an important Informational Message to the internet community:

November 5, 2002, the IP address for J.root-servers.net will
change in the authoritative NS set for "dot". The change will
be reflected in zone serial # 2002110501.

The new set of servers authoritative for "dot" will be:
A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4
H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53
C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12
G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4
F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241
B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107
J.ROOT-SERVERS.NET. 5w6d16h IN A 192.58.128.30
K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129
L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12
M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33
I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17
E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10
D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90

This WILL require a change to your root hints file. The new
file will be available via anonymous ftp from
rs.internic.net:/domain/named.root as well as
ftp.internic.net:/doamin/named.root starting 11/5/02 1700UTC (12pm
EST/9am PST).

Both the new and old j.root-servers.net IP space will provide
answers in parallel for the foreseeable future.

_________________________________________

John Crain
Manager of Technical Operations
ICANN/IANA

crain@icann.org
1AF4 F638 4B2D 3EF2 F9BA 99E4 8D85 69A7

Re:Anyone that cares...

[Tony+Hoyle]

Oops (don't try that at home kids...)

# dig @a.root-servers.net . ns >/etc/bind/db.root

Don't panic - and there is no conspiricy

[karl.auerbach]

This move is "a good thing".

The J server shared a broadcast domain (i.e. it was on the same Ethernet) as the A root server. That's was clearly sub-optimal.

So this move is good in that it creates a small bit of physical separation and a bit larger amount of net-topological separation between the J and A root servers.

I hear that the old server will continue in operation for an indefinite period - so there is no need to rush out and update your "hints" file for your DNS resolvers - you can do it at your leasure and you probably won't notice even if you forget to do it.

(Even if the old server is turned off - as long as a bogus server doesn't replace it, when DNS resolvers that are using the old hints file come up and look for a root zone definition, they will simply bypass the non-responsive absent server and try the other hints.)

But there is another issue - A change in the "hints" is always a nuisance. And since we are incurring this nuisance, I wonder why we did not use this as an opportunity to redress the imbalance of root server placement - there are few root servers in Europe and Asia, and rather than simply moving the J server from one side of Herndon, Virginia to another, why wasn't it moved to Europe of Asia?

Re:Don't panic - and there is no conspiricy

[sam_handelman]

If there's no conspiracy, why are we all crouching around a table in a smoke filled room going over printed transcripts of your VoIP conversations for the past week, huh, smart guy?

Just because we at Verisign have no sinister motives in moving a god damned computer does NOT mean that we're not involved in any conspiracies!

As another example, our co-conspirators at the NSA just closed a loophole that let members of their alien autopsy division take extra paid sickdays even if they've never been exposed to any alien tissue (and thus, to the space virus). This was a totally inoccuous cost cutting measure, and not part of their conspiracy to conceal the existence the aliens. Does this mean the conspiracy doesn't exist? Absolutely not!

stupid tagline

[GigsVT]

"Causing instability as usual"?

You only need one root server, there are 12 others. In fact, it safe to just wait until the next time you upgrade BIND or your operating system... running an out of date file won't hurt anything.

There was no reason to announce anything here. This is really a non-event.

umm...

[Triv]

An anonymous reader writes

Ok. I got that. Next.

"The day before yesterday the root zone was silently changed for the first time in 5 years.

That's english at least. Something changed. Hopefully the rest will tell me what.

The change was to J.ROOT-SERVERS.NET that is now managed by Verisign.

Verisign's evil, right?

The usual sites don't breathe a word about this change however as one would expect for such a change to be properly announced.

Conspiracies are bad, right?

An interesing sidenote is this thread on the IETF discussion list." the_proton writes "The server j.root-servers.net has changed IP address to 192.58.128.30. The new root zone hints can be grabbed from ftp://rs.internic.net/domain/named.root or ftp://ftp.internic.net/domain/named.root. The new zone serial number is 2002110501."

[Brain explodes]

(Isn't it amazing when you read something written in your own language and don't understand a word of what's being said?) ;)

Triv

Getting root.hints

[image]

> The new root zone hints can be grabbed from ftp://rs.internic.net/domain/named.root or ftp://ftp.internic.net/domain/named.root.

For those running bind, you may want to try this instead:

dig @e.root-servers.net . ns > root.hints

It will generate the root list automatically, ready for you to drop into /var/named/ (or wherever you installed it).

Not that big a deal

[ccandreva]

This post is leaving out some details that were brought up on the NANOG mailing list.

This is not a change that needs to be done immediately. For one thing, there are 13 (A - M) root servers. As long as your name server can contact one of them, it will download the latest list at start-up, so your root file can be fairly out of date, and still be fine when running.

Also, the announcement says that the server will respond on both IP addresses "for the forseeable future".

This isn't a question of flipping a switch and everyone having to update their servers at once. A big public announcement would probably just have confused most users for no good reason.

Apparently there was also a change today

[Kj0n]

Since when I look up the SOA record for the root domain, it gives a serial number of 2002110700 instead of 2002220501.

Re:Come get some karma...

[fawadhalim]

The root zone corresponds to the '.' at the very end of the domain names. The root name servers have records for .com,.org, and the national (.uk,.dk etc.) etc. DNS servers. If you ping cr.yp.to (DJB's domain), for example, and your DNS server has never seen a .to domain before, it'll query one of the root name servers for a name server authoritative for .to.

DON'T /. THE NAMED.ROOT FILES!!!!

[PacketMaster]

Please don't /. the named.root files Don't click on it just because you're curious to see what they look like. People need to legitimately access those files to update their DNS servers and flooding the FTP with meaningless requests is highly counterproductive.

Also, Slashdot editors, why even let those links get posted? Every person with a browser is clicking on those to see what they look like and making them inaccessable to people who need them. People who need to see them or access them know where they're at already and people who are that curious should exercise a little personal initiative and go find out where to get them. It's irresponsible on the part of /. to let this happen. Slashdotting a news site is one thing, but Slashdotting internic is a very different can.

Re:DON'T /. THE NAMED.ROOT FILES!!!!

[sys$manager]

Nobody needs to legitimately access those files to update their DNS servers. Everything will continue to work fine even if nobody could access those files. Even if you NEEDED to update your root hints file (which you don't), you can always lookup the NS records on another root server and output it to your hints file.

Nice troll though, it went totally unnoticed until now.

Re:DON'T /. THE NAMED.ROOT FILES!!!!

[edA-qa]

Why shouldn't somebody look if they are curious? I often hear about problems resulting from people not knowing enough about computers and the internet, perhaps looking at these root files is a good thing -- certainly some people will just be confused, but others might actually be even more curious and try to figure out what they mean.

Any extra bit of knowledge anybody has about the internet probably helps everybody in the long run.

And in any case, since nobody needs this root file immediately, and since the /. effect disappears in a few days, there shouldn't be any concern. At very least, consider this a fair test of the system, we wouldn't want our root name servers running on anything not-up-to-the-job, would we?

Re:DON'T /. THE NAMED.ROOT FILES!!!!

[Phroggy]

People need to legitimately access those files to update their DNS servers and flooding the FTP with meaningless requests is highly counterproductive.

No they don't. People need to type:
dig @a.root-servers.net > root.hints
and they'll get exactly the same thing. Much faster and easier, and you can't tell me we're going to slashdot a root nameserver by sending it a bunch of DNS queries like this - that's what root nameservers handle all day.

Re:DON'T /. THE NAMED.ROOT FILES!!!!

[ryanvm]

Please don't /. the named.root files.

Oh get serious.

1) Slashdot is not that big. I think the Internet's root servers just might be able to handle a bigger load than you think.

2) There are 12 (?) other root servers out there to get your root hints from. If any sysadmins out there give up on downloading the root hints because one freakin' server doesn't respond - well, they've got bigger problems.

Try Flowers netx time

[RatBastard]

I hear flowers and or chocolates will reduce the number of macings a geek will suffer in his lifetime.

You could also ask before you go rooting around the garden.

Re:Try Flowers netx time

[grub]

You could also ask before..

Ask? Generally the first exchange of words is "Hey! You in the bushes!"

newspaper had it

[jeavis]

A short blurb on this appeared in my local paper today (they don't have it online, sorry). The gist of it is Verisign physically relocated the server to another building on their campus. The stated intent was (1) to move it to an undisclosed location in the interest of physical security, and (2) to get it off a network segment that another root server (a.root-servers.net) was already on.

DDOS

[dirvish]

Does this have to do with the DDOS attacks that happened a couple weeks ago? Why else would they not make an announcement? OTOH, the perpetrators of the attacks wouldn't be fooled for long by a name change.

j.root-servers.net did not change hands.

[winnetou]

j.root-servers.net was 198.41.0.10 in 198.41.0.0/22, owned by VeriSign Global Registry Services.
j.root-servers.net is 192.58.128.30 now, in 192.58.128.0/24, owned by VeriSign Global Registry Services.
Having both a and j in the same netblock was not a good idea (remember what happened to Microsoft when they had all nameservers in the same netblock?).
See ARIN and ARIN again.

Re:Come get some karma...

[Daniel_Staal]

Simple: You know there is a nameserver for slashdot.org, right? You find that nameserver by asking the org nameserver where it is. And how do you find the org nameserver? You ask the root nameservers. The zoot zone is the base zone of the Internet (just like / is the base of the file system in Unix).

Re:protocols?

[pyros]

IANA made the

Did anyone else read that and ask "You are not a what? And who made the decision? Finish your damn sentence!"

Whoa.

[StupidKatz]

$ ftp rs.internic.net
Connected to rs.internic.net (198.41.0.6).
in.ftpd: error in loading shared libraries: libdl.so.2: cannot open shared object file: Error 23
ftp>

Slashdotted an FTP server. On some sort of *nix. Ouch.

It doesn't matter anyways...

[GLX]

When the change was announced, they noted specifically that the current J.ROOT-SERVERS.NET will stay in existance with it's current IP (just no direct DNS entry) and the new one has been moved to a different IP block for DoS protection... The current one will exist for awhile to come.

This isn't really news...

Re:Imagine the excitement this news will cause...

[Nintendork]

Same here. Although my main IP address is 127.0.0.1

I dare you all to hack me!

Instability? WTF?

[alexjohns]

"verisign-causing-instability-as-usual dept."
Michael Sims, you're a fucking idiot. You know nothing about the way the internet works. In no way, shape, or form does this cause any instability whatsoever. It improves stability, however slightly.

You might want to stick to articles about politics or censorship or something. Technical issues don't appear to be your forté.

Re:Instability? WTF?

[alexjohns]

Wow. Score: 5. For calling someone an idiot. Perhaps there's too many mod points floating around. :)

Has anyone noticed that Michael likes to post snide insider-like comments in articles he posts? The problem is that they're sometimes wrong. It's like he's the outsider kid trying to get into the in-clique, but he keeps screwing it up.

Wonder how long it will be before he discovers this threads and super-mods me down to -1?

Re:Too many moves, too many critical paths

[valdis]

Quite correct - there's only a little bit of procedurally/technically fiddly about it.

Your average root nameserver gets hit for about 100M queries per day (or on the order of 1,500 per second). See http://www.caida.org/~kkeys/dns/ for details. A root nameserver is expected to get pounded on by *mostly* invalid queries (see http://www.nanog.org/mtg-0210/wessels.html). The Wessels data was *normal production* workload, not during a DDoS.

All the usual considerations regarding BGP multihoming and hardware redundancy apply. There's reasons why the servers are Sun E10K or large IBM boxes or similar big iron, and why people who have just a T-1 from Barney's ISP, Bait, and Tackle Shop need not apply.

Of course, there's nothing in the above that can't be solved by applying clue and dollars. However...

Ever priced a E10K? And noticed that most of the root nameservers are basically donated by their hosts? That's where the politically fiddly comes in - the number of places that are clued enough to run a root DNS, network connected well enough to be worth it, and willing to donate the resources to do it, is a lot smaller than you might expect...

For DjbDNS users

[chrysalis]

You must put this in your /etc/dnscache/root/servers/@ file :

128.63.2.53
128.8.10.90
128.9.0.107
192.112.3 6.4
192.203.230.10
192.33.4.12
192.36.148.17
1 92.5.5.241
192.58.128.30
193.0.14.129
198.32.64 .12
198.41.0.4
202.12.27.33

O'Reilly DNS and Bind book

[Skjellifetti]

How is this [named.root/db.cache] kept up to date? As the network administrator [of your local network], that's your responsibility. Some old versions of BIND did update this file periodically. That feature was disabled, though; apparently it didn't work as well as the authors had hoped. Sometimes the db.cache file is mailed to the bind-users or namedroppers list mailing list. If you are on one of those lists, you are likely to hear about changes. (pg 68)

Bottom line: If you run a nameserver it is your responsibility to keep it up to date. That includes knowing how changes are announced. BIND has also had several well known security problems. If you are running a version < 8.2.5 you should upgrade that as well.

I haven't been informed neither! So what?

[MavEtJu]

The usual sites don't breathe a word about this change however as one would expect for such a change to be properly announced.

The impact of this change is close to zero. The announcement is only necessary for people who distribute name-server software. Why?

- Only the hints-file needs to be changed. The hints file bootstraps the DNS software on where it can find the .-zone. After that has been found, this data is not needed anymore.

- There are still 12 other perfectly reachable servers in the hints-file. They give you all the information needed.

- On the old IP address, a server will keep running for a while.

- Unless you're working for an ISP, you don't need this information. The majority of the internet (windows users) don't have to change anything, they just run use their ISPs nameservers. The majority of the minority of the internet also use the nameservers of the ISP. Only a relative small group run their own servers.

So dear anonymous writer, don't be afraid, the internet is not going to break because of this. No reason for panic, all is fine.

Re:Hoax!

[Junta]

If that was intended as a joke, it sucked.

If not, it is stupid.

The IP addresses that are reserved for private use are:

10.0.0.0/8 (10.x.x.x)
192.168.0.0/16 (192.*168*.x.x)
172.16.0.0/12 (172.16-31.x.x)

Quite frankly, I'm not sure why 99.9% of the network administrators gravitate towards 192.168.1.0/24 as their private network address... Even I chose 192.168.123.0/24 as my network, so I'm partially guilty....

If it is going to always stay a private network, why not just use the full class B? If trying to plan for communications with other private networks in the class B range, why pick something so common?

I personally have started using 10.(random).(random).0/24 when setting up class C networks. When *really* limited use, I constrict it to /26 or so. This way the chances are low that any private network I want to set up a tunnel with will conflict with my address space...

Of course I have yet to see 172.16.0.0/12 used by anyone, it's just too damn weird. What's the point? Some routers can't even handle non class a/b/c addresses... But saying you used the class B and a half private network should earn points on some scale..

This only affects OS maintainers, not DNS admins

I'm surprised that only one poster has even noticed that Slashdotters are barking up the wrong tree, but even (s)he didn't quite make the connection.

For the most part, root.hints files are maintained by OS/Distribution maintainers, not DNS admins. The hints file is only used to bootstrap a DNS server which will (well, should) retrieve an authoritative copy of the root zone shortly after startup and then rely on that instead. As long as just one of the 13 root server IP addresses listed in a DNS server's root.hints file is correct, the server will successfully retrieve the updated root zone. At the rate at which changes are made to the root zone (or at least, to its delegated servers), it is likely that this condition will hold true for the next 10-20 years.

So, as long as DNS server admins perform an OS upgrade sometime between now and the year 2012, they need not touch their server configuration at all; the change will be handled automatically.

Almost but not quite...

[AndroidCat]

In the same way that requests go down the tree to find the server, requests go up the tree to the root servers. (Up the tree to the roots, hmm!)

If your immediate DNS handled a request for slashdot.org two seconds previously, it should still be cached -- no need to bother a root server over that. Any request would have go up several levels before a root server would be bothered with it. (Otherwise they'd be continually /.'ed :^)

The root servers could all disappear without a lot of disruption, but only for a short time until the cache entries started timing out.

My backup plan is to toss the entire name space into my local hosts file. I've already got DoubleClick in there for testing. :^)

DNS Server Moved

[Steve0987]

As the href="http://computerworld.com/newsletter/0%2C4902 %2C75711%2C0.html?nlid=AM"article in Computer World explains, the move of the DNS server was done for both physical seperation and to move it onto a different LAN segment.

Re:Serial number?

[Jugalator]

> > The new zone serial number is 2002110501.
> What was the old serial number?

1997082200

That's quite simple

[BrunoC]

Just a few points here: - I don't think there's a conspiracy here. J is moving and that's it. ICANN does not have to go "stop the presses! J ROOT SERVER is moving". They just have to release the new hints file. There's no need to panic, as someone posted before. - The 13 root servers were attacked, A (hosted by Verisign at undisclosed location ) survived the attack and J didn't. Why not move J to a safer place? - Improving the security of the root servers is a *good* thing, not a bad one. The root servers network is a sensitive one, and everything done there must be done very carefully, especially after the DDoS. - Go get some sleep, the root servers around the world will grant you the right to translate IP addresses :)

Wrong dot

[kasperd]

So they say they are the dot in dot com, but they should really say they are the dot in dot com dot, because they are really the dot after com not the dot before com. However this last dot is often forgotten, it really means the name is absolute rather than relative. This is very much like the leading slash in paths to files.

Hmm, now I'm writing on slashdot about leading slashes and trailing dots, what a coincidence.