Slashdot Mirror
Verisign Plans DNS Changes
NetWizard writes "According to a recent NANOG post and an InfoWorld story, 'Verisign will change the serial number format and "minimum" value in the .com and .net zones' SOA records on or shortly after 9 February 2004'. They seemed to have learned their lesson, from the post: 'There should be no end-user impact resulting from these changes (though it's conceivable that some people have processes that rely on the semantics of the .com/.net serial number.) But because these zones are widely used and closely watched, we want to let the Internet community know about the changes in advance.)'"
No-one cares what format the serial number is in, except those who have written software that relies on the current format (in disobedience of the RFCs...)
A serial number is just a 32-bit number, and is used to see if a domain has been updated. The specs. do not say anywhere that it should be in a specific format.
"Elmo knows where you live!" - The Simpsons
This announcement is important in that Verisign finally seems to recognize that they are part of a larger community, that those DNS records are not just some corporate asset sitting in a couple of computers in the corner.
Changes affect administrators around the globe. As part of a community, they have a responsibility to make their decisions transparent to the community, and to announce changes well-enough in advance that those who are affected have time to prepare.
This is not just a Verisign issue. The need for major Internet organizations to recognize the larger public as important stakeholders within the community is important. Awareness of the larger community should be followed by communication and actions that reflect that awareness, thus signalling a willingness to truly be a part of that community.
Verisign seems to be exhibiting a newfound awareness of community that ICANN seems to have abandoned.
I hope Verisign continues to be a good memeber of the community. Perhaps others can follow their lead.
------- "One of the joys of travel is visiting new towns and meeting new people." -- G. KHAN
How the hell will this be a pain in the ass? Any software that relies on .com's serial number remaining static is broken and needs to be fixed. Complain to the software developers, as Verisign is not at fault this time.
The internet infrastructure should be managed and run by the community, and not driven by commerical proliferation of services offered to enhance a companies offerings. This change seems dubious at best, considering Verisigns previous efforts of domain sitting, which, would break applications lets ensure we keep them in their place.
2038 anyone?
I'm not someone at Verisign, but I am willing to suggest possible logic in this change.
The previous format, YYYYMMDDNN (where NN is an arbitrary sequence number), conforms to no standard but its own. The UNIX timestamp format is recognised by any date/time manipulation tool worth using, as well as being a standard (de facto or otherwise, I don't know). While switching format now is a PITA for those who have already written tools that work with it, it will make future development fractionally easier, as well as allowing more accuracy than could practically be used.
Then again, they could just leave things alone.
Verisign will change the serial number format and "minimum" value in the .com and .net zones
Right, so when I fall on an unresolved address, I can't even return it under warranty because the serial number has changed, and even if they did reimburse me, they changed the value. That's just flipping great...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
From Infoworld: But the company did allow that "processes that rely on the semantics of the .com/.net serial number" could be affected.
For example, companies that have created scripts to monitor domain change on .com and .net will almost certainly need to make changes to account for the serial number change..."The damage won't be catastrophic, but some DNS servers could stop receiving updates,"
And they are planning to do this next Feb 9? Isn't that like too little time for organizations to update their systems?
I don't trust Verisign... the fact that they control such an important database accesed by millions of people around the world really frightens me. They screwed it once, they can do it again.
They should have that power removed from them. It should be on another organization (i.e. a non-profit one) that better serves internet community.
The above isn't meant as an excuse, just an explanation as to why this will undoubtly break someone's something. Then you get back to the old 'change is good' but not if it causes trouble, then 'change is bad'[tm]. At some point we're going to have to make big changes to the infrastructure and things will break regardless of compatability. we might as well get used to it (though as always, having a decent explanation wouldn't be a bad thing[tm])
[Fuck Beta]
o0t!
They will be changing their serial number from about 2004020900 to something about 1075680000 which according to the DNS system will be an older serial number because the difference is only 928340900 which is much less than half the range of a 32 bit number. They can make the change that they are planning if they make two changes with at least their cache interval amount of time between the changes. See RFC-1034.
I got your international standard right here.
YYYY-MM-DD and YYYYMMDD are both standards-compliant.
Seriously, if you've never heard of this standard, read up. Whenever I need to stick a date or a time on something in text form, I just do it the ISO 8601 way.
Reading between the lines, it looks to me like Verisign want to start providing real time DNS updates, in which case there is a reason for change it. Currently they update the database twice a day, which is well within the limits of the current serial number scheme. But with real time updates, they could easily get to 100 updates in a day.
Because if you weren't, you would be saying that if your ISP has 10,000 customers, and they all ran their own caching nameservers, and all of them decide to resolve "www.google.com", then the root nameservers wouldn't really be hit with 10,000 times as many queries as if all of your little servers were properly configured.
There are two reasons to query the root nameservers directly:
That's it. Hitting them directly for routine queries is wasteful, inconsiderate, and expensive. If you weren't joking: fix your configuration. Now.
Dewey, what part of this looks like authorities should be involved?
My serial number format lasts longer than Verisign's, and I still get more than 100 updates a day out of it. In fact it will last until 07:06:36 Tuesday 2 October 2096 while staying in just 9 digits (which it has been since 15:06:40 Saturday 4 September 1982). After that it goes to 10 digits, but still remains a positive signed 32 bit integer until 12:56:28 Wednesday 16 March 2242, and if unsigned 32 bit integer works everywhere else, it will go all the way to 01:53:00 Wednesday 30 May 2514.
Instead of being the count of number of seconds, as Verisign plans to use, mine is 1/4 of that value. Basically, I take the system time() value and divide by 4. By treating that value as an unsigned quantity, I won't have the Y2038 bug, either. That logic will work until 06:28:15 Sunday 7 February 2106 (past the 9 digit limit). And I can do 21600 updates a day (one every 4 seconds).
dig linuxhomepage.com. soa
now we need to go OSS in diesel cars
You clearly don't understand how DNS works. This change in no way requires a new zone 96 times a day. The TTL field is used by client accessing the zone to understand when they need to stop caching the retrieved data. Verisign could have a TTL of 15 minutes and never change the serial number, and nothing would break.
Who on earth needs a domain name working so quickly? Spammers, perhaps. Squatters. Anyone else?