In article <D2EFA74C-EE9C-4189-BF18-43E73B7C7892@ca.afilias.info> you write:
On 4-Feb-2008, at 16:05, Iljitsch van Beijnum wrote:
And the new named.root has arrived:
ftp://rs.internic.net/domain/named.root
I seem to think it has become fairly widespread practice for people to refresh their named.root files (or whatever they decide to call it) using something like this:
$ dig . NS >named.root
This worked before today. From today, it still works (in the sense that it will still result in a named.root file which is sufficiently complete in most situations for a nameserver to be able to send a priming query) but it won't contain a complete set of glue.
So, if you're in the habit of doing
dig . NS >named.root
you would ideally change that habit to something like
curl -O ftp://rs.internic.net/domain/named.root
Why? dig is quite capable of coping. Depending apon dig's age and firewall configuration one or more of these will work. dig +edns=0 . NS @a.root-servers.net > named.root dig +bufsize=1200 . NS @a.root-servers.net > named.root dig +vc . NS @a.root-servers.net > named.root As none of these sets DO, they should suffice for the foreseeable future. When DNSSEC is deployed for the root and root-servers.net you will want to do crypto checks. Even then the above queries won't break. Mark
instead. (Incidentally, for me, rs.internic.net is giving "530 Login incorrect" after PASS when logging in using "ftp"
Joe