-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2004-11-12, at 02.53, Randy Bush wrote:
which roots are anycast? c f i j k?
b m - - kurtis - -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQZQYaqarNKXTPFCVEQJcDACeMo3bNr6oOIRx69IvmCdMv/Xe3l0AnA4d QdMSlL6vKhLe3xqRKkAf3LfV =LN6i -----END PGP SIGNATURE-----
> > which roots are anycast? c f i j k? > b m
g
Not according to http://root-servers.org. Hiding the places? -Hank
On Fri, Nov 12, 2004 at 07:30:58AM +0200, Hank Nussbacher wrote:
> > which roots are anycast? c f i j k? > b m
g
Not according to http://root-servers.org. Hiding the places?
-Hank
root-servers.org is not definative. why do you think it is? --bill
Randy, I think it is time to update rfc2870 and add a few new MUST paragraphs :-) -Hank On Sat, 13 Nov 2004, Randy Bush wrote:
root-servers.org is not definative. why do you think it is?
because the community expects the root server ops to be helpful, open, honest, and transparent. you know, all that service to the community stuff. damned shame not all seem to be.
randy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2004-11-12, at 03.03, Randy Bush wrote:
which roots are anycast? c f i j k? b m
thanks.
which are widely anycast, i.e. at more than three or four locations OR on three or more continents?
I think that http://root-servers.org is up to date for _most_ root-servers. - - kurtis - -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQZQcLaarNKXTPFCVEQKdTgCfSZ/sYJXC1FiGQ7HYH0bJgFEVHzIAoIlE 3cQ7TTN81E5ee+P83FCcd9Z6 =ComI -----END PGP SIGNATURE-----
which roots are anycast? c f i j k?
b m
- - kurtis -
According to http://root-servers.org only m is. -Hank
On Fri, Nov 12, 2004 at 07:30:00AM +0200, Hank Nussbacher wrote:
which roots are anycast? c f i j k?
b m
- - kurtis -
According to http://root-servers.org only m is.
-Hank
root-servers.org does not representevery root-server operator. --bill
kurtis@kurtis.pp.se (Kurt Erik Lindqvist) wrote:
On 2004-11-12, at 02.53, Randy Bush wrote:
which roots are anycast? c f i j k? b m
k (London, Amsterdam, Frankfurt) Elmar. -- "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, <bu6o7e$e6v0p$2@ID-31.news.uni-berlin.de>) --------------------------------------------------------------[ ELMI-RIPE ]---
Elmar K. Bins wrote:
kurtis@kurtis.pp.se (Kurt Erik Lindqvist) wrote:
On 2004-11-12, at 02.53, Randy Bush wrote:
which roots are anycast? c f i j k?
b m
k (London, Amsterdam, Frankfurt)
K is also in Athens (GR); Doha (QA); Milan (IT); Reykjavik (IS); Helsinki (FI); Geneva (CH). www.root-servers.org is up to date.
Elmar.
Andrei Robachevsky RIPE NCC
Helsinki (FI); Geneva (CH). www.root-servers.org is up to date.
for those nodes that choose to use root-servers.org as a publication method, that might be true. I take your note to mean that www.root-servers.org is up to date wrt the publication of deployed sites for the K server. Don't presume to speak for the other operators please. -- bill
Elmar.
Andrei Robachevsky RIPE NCC
I just want to be sure that I understand what you are saying, Bill. There is no single place where one can obtain authoritative information about the root server system and all of its individual servers. There is no single organization that speaks in any collective manner for the root server operators. Ray
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of bmanning@vacation.karoshi.com Sent: Friday, November 12, 2004 7:19 AM To: Andrei Robachevsky Cc: Elmar K. Bins; nanog@nanog.org Subject: Re: anycast roots
Helsinki (FI); Geneva (CH). www.root-servers.org is up to date.
for those nodes that choose to use root-servers.org as a publication method, that might be true. I take your note to mean that www.root- servers.org is up to date wrt the publication of deployed sites for the K server.
Don't presume to speak for the other operators please.
-- bill
Elmar.
Andrei Robachevsky RIPE NCC
i'm saying that there is no place that is public that has connectivity information for all instances of the "B" servers. i am unaware of a single persistant place and no organization that speaks for all server operators in their capacity as root operators. On Fri, Nov 12, 2004 at 07:26:26AM -0500, Ray Plzak wrote:
I just want to be sure that I understand what you are saying, Bill.
There is no single place where one can obtain authoritative information about the root server system and all of its individual servers. There is no single organization that speaks in any collective manner for the root server operators.
Ray
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of bmanning@vacation.karoshi.com Sent: Friday, November 12, 2004 7:19 AM To: Andrei Robachevsky Cc: Elmar K. Bins; nanog@nanog.org Subject: Re: anycast roots
Helsinki (FI); Geneva (CH). www.root-servers.org is up to date.
for those nodes that choose to use root-servers.org as a publication method, that might be true. I take your note to mean that www.root- servers.org is up to date wrt the publication of deployed sites for the K server.
Don't presume to speak for the other operators please.
-- bill
Elmar.
Andrei Robachevsky RIPE NCC
Bill, bmanning@vacation.karoshi.com wrote:
Helsinki (FI); Geneva (CH). www.root-servers.org is up to date.
for those nodes that choose to use root-servers.org as a publication method, that might be true. I take your note to mean that www.root-servers.org is up to date wrt the publication of deployed sites for the K server.
Yes, that's what I meant. Andrei
Don't presume to speak for the other operators please.
-- bill
Elmar.
Andrei Robachevsky RIPE NCC
bmanning@vacation.karoshi.com wrote:
for those nodes that choose to use root-servers.org as a publication method, ...
as far as i know, the root-servers.org web site is 100% accurate, and has 100% participation amongst root server operators wrt publishing accurate information. if bill knows otherwise, i'd like him to say so, and offer specifics both as to what information is not present, and where it can be found today, and where it can be found in the future. if bill is not actually aware of any missing information, i'd like him to say so, since it's possible to infer from his comments here that the web site is inaccurate or out-of-date in some way he's directly aware of, and i just don't think that's true. -- Paul Vixie
On Fri, Nov 12, 2004 at 11:00:54PM +0000, Paul Vixie wrote:
bmanning@vacation.karoshi.com wrote:
for those nodes that choose to use root-servers.org as a publication method, ...
as far as i know, the root-servers.org web site is 100% accurate, and has 100% participation amongst root server operators wrt publishing accurate information. if bill knows otherwise, i'd like him to say so, and offer specifics both as to what information is not present, and where it can be found today, and where it can be found in the future.
if bill is not actually aware of any missing information, i'd like him to say so, since it's possible to infer from his comments here that the web site is inaccurate or out-of-date in some way he's directly aware of, and i just don't think that's true. -- Paul Vixie
please remove all public informtion about "B" from http://www.root-servers.org. The public data about "B" on that site is not 100% accurate and does not have 100% participation amoungst root-server operators wrt publishing accurate information. plesae be apprised that your thinking here is inaccurate. --bill
please remove all public informtion about "B" from http://www.root-servers.org. The public data about "B" on that site is not 100% accurate and does not have 100% participation amoungst root-server operators wrt publishing accurate information.
you've got root on that web server. if you want something removed, you can remove it yourself.
plesae be apprised that your thinking here is inaccurate.
that's a somewhat useless statement, lacking as it does in detail. i'd still like to know where B's public information can be found, accurately.
Paul Vixie wrote (responding to Bill Manning):
... The public data about "B" on that site is not 100% accurate and does not have 100% participation amoungst root-server operators wrt publishing accurate information.
you've got root on that web server. if you want something removed, you can remove it yourself.
Alright guys, we've known Bill for many years, going back to Rice. Since it has now been revealed that Bill has root there, then we should hold Bill's feet to the fire until his information is accurate. Sometimes we opine about abstractions -- "the operators did it" -- when it's PEOPLE that are the operators. We always have our best results when we get the people involved directly with each other, instead of hiding behind those impersonal corporate abstractions. Bill, you've done good work in the past. Let us know when things are fixed there.... Even where it's really somebody else's job. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
At 04:25 AM 13-11-04 +0000, bmanning@vacation.karoshi.com wrote:
On Fri, Nov 12, 2004 at 11:00:54PM +0000, Paul Vixie wrote:
bmanning@vacation.karoshi.com wrote:
for those nodes that choose to use root-servers.org as a publication method, ...
as far as i know, the root-servers.org web site is 100% accurate, and has 100% participation amongst root server operators wrt publishing accurate information. if bill knows otherwise, i'd like him to say so, and offer specifics both as to what information is not present, and where it can be found today, and where it can be found in the future.
if bill is not actually aware of any missing information, i'd like him to say so, since it's possible to infer from his comments here that the web site is inaccurate or out-of-date in some way he's directly aware of, and i just don't think that's true. -- Paul Vixie
please remove all public informtion about "B" from http://www.root-servers.org. The public data about "B" on that site is not 100% accurate and does not have 100% participation amoungst root-server operators wrt publishing accurate information.
For what purpose? Is B (ISI) is need of more secrecy than say G (US DoD)? I always thought we strive for more transparency than for less. Perhaps if ISI can't play nice like all the other roots, I am sure there are many other organizations that would be happy to host B. -Hank
plesae be apprised that your thinking here is inaccurate.
--bill
On Fri, Nov 12, 2004 at 11:00:54PM +0000, Paul Vixie <vixie@vix.com> wrote a message of 18 lines which said:
as far as i know, the root-servers.org web site is 100% accurate,
Following the recent discussion about "anycast jitter" with j.root-servers.net, I believe one information is missing: wether the node is global or local (BGP NO_EXPORT). It is not easy to find by itself (you have to do a lot of traceroutes) so, if you have access to this information, it would be quite useful. (I'm one of the persons who see a lot of jitter for j.root-servers.net with Randy Bush's experiment.)
bortzmeyer@nic.fr (Stephane Bortzmeyer) wrote:
It is not easy to find by itself (you have to do a lot of traceroutes) so, if you have access to this information, it would be quite useful.
(I'm one of the persons who see a lot of jitter for j.root-servers.net with Randy Bush's experiment.)
Well, either my probes don't pick up the jitter, or I'm guessing the naming convetion for j wrongly. I see jns1-hgtld.j.root-servers.net jns2-hgtld.j.root-servers.net jns3-hgtld.j.root-servers.net jns4-hgtld.j.root-servers.net jns5-hgtld.j.root-servers.net jns6-hgtld.j.root-servers.net (same from AS8495/AS8220 and AS8763) in alternating fashion, but I would assume "jns1" through "jns6" are just the individual servers of a setup called "hgtld". Yours, Elmi. -- "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, <bu6o7e$e6v0p$2@ID-31.news.uni-berlin.de>) --------------------------------------------------------------[ ELMI-RIPE ]---
On Wed, Nov 17, 2004 at 02:37:25PM +0100, Elmar K. Bins <elmi@4ever.de> wrote a message of 34 lines which said:
in alternating fashion, but I would assume "jns1" through "jns6" are just the individual servers of a setup called "hgtld".
That's a reasonable guess. Someone from Verisign to confirm/infirm?
On 17 Nov 2004, at 08:37, Elmar K. Bins wrote:
in alternating fashion, but I would assume "jns1" through "jns6" are just the individual servers of a setup called "hgtld".
I have no idea about Verisign's scheme, but in case anybody notices similar distribution of queries across F root servers, it may help to know that: xxxNa.f.root-servers.org xxxNb.f.root-servers.org xxxNc.f.root-servers.org etc are hosts all located at the same site "xxxN". Service is distributed between those hosts at that site in the manner of: http://www.isc.org/pubs/tn/isc-tn-2004-1.html Service is distributed between sites in the manner of: http://www.isc.org/pubs/tn/isc-tn-2003-1.html I would expect people to see high affinity to a particular site for a particular client, and much lower affinity between individual hosts within a site (but still plenty to allow DNS over TCP to function properly). It will be interesting to see Randy's results. Today (2004-11-17) the only global nodes are SFO2 and PAO1; all the rest are local nodes (where "global" and "local" are described at <http://www.isc.org/pubs/tn/isc-tn-2003-1.html#anchor2>). Both global nodes live in the same AS. Joe
On Wed, Nov 17, 2004 at 10:05:20AM -0500, Joe Abley <jabley@isc.org> wrote a message of 36 lines which said:
I have no idea about Verisign's scheme, but in case anybody notices similar distribution of queries across F root servers, it may help to know that:
xxxNa.f.root-servers.org xxxNb.f.root-servers.org xxxNc.f.root-servers.org etc
are hosts all located at the same site "xxxN".
OK, I understand. So, like Elmar Bins, I was seeing "intra-site" jitter, which is normal (it is only seen with UDP queries, probably because the Verisign load balancer is stateful and remembers the binding for TCP) and no "inter-site" jitter, which would be more serious. But I'm quite at this edge of the Internet, so let's wait for more reports with Peter Boothe's tool. And just be sure to "sanitize" the results before jumping to the wrong conclusion, like I did.
On Wed, 17 Nov 2004, Elmar K. Bins wrote:
bortzmeyer@nic.fr (Stephane Bortzmeyer) wrote:
It is not easy to find by itself (you have to do a lot of traceroutes) so, if you have access to this information, it would be quite useful.
(I'm one of the persons who see a lot of jitter for j.root-servers.net with Randy Bush's experiment.)
Well, either my probes don't pick up the jitter, or I'm guessing the naming convetion for j wrongly.
I see
jns1-hgtld.j.root-servers.net jns2-hgtld.j.root-servers.net jns3-hgtld.j.root-servers.net jns4-hgtld.j.root-servers.net jns5-hgtld.j.root-servers.net jns6-hgtld.j.root-servers.net
(same from AS8495/AS8220 and AS8763)
in alternating fashion, but I would assume "jns1" through "jns6" are just the individual servers of a setup called "hgtld".
Correct. At the moment, most J root instances are colocated with com/net name servers. The instance you're reaching is colocated with h.gtld-servers.net, which is in Amsterdam. Matt -- Matt Larson <mlarson@verisign.com> VeriSign Naming and Directory Services
as far as i know, the root-servers.org web site is 100% accurate,
Following the recent discussion about "anycast jitter" with j.root-servers.net, I believe one information is missing: wether the node is global or local (BGP NO_EXPORT).
note that BGP NO_EXPORT is but one of several ways to make a "local node". for many of our peers, "keep this to one's own network and one's customers" is the default, and they have to strip off our NO_EXPORT community in order to achieve this. but your question is understandable on that modified basis.
It is not easy to find by itself (you have to do a lot of traceroutes) so, if you have access to this information, it would be quite useful.
the www.root-servers.org main page is pretty crowded already. adding an indication of global-vs-local for each city could be pretty distracting; especially since those rootops who anycast usually have their own separate web site describing their efforts, which are more easily kept up to date and which, being root-specific, are generally less crowded. some rootops even prefer to keep this level of detail out of the public eye, possibly because it's the kind of thing that makes ddos attacks easier to plan. speaking for f-root only, we don't mind that the world knows which of our anycast nodes are global and which are local. but the other rootops will have to speak for themselves, and they will probably not choose to use the www.root-servers.org web page to signal this level of detail. (remember, these are the kinds of details that can change every week or every day.) -- Paul Vixie
participants (15)
-
Andrei Robachevsky -
Bill Woodcock -
bmanning@vacation.karoshi.com -
Elmar K. Bins -
Hank Nussbacher -
Joe Abley -
Kurt Erik Lindqvist -
Matt Larson -
Paul Vixie -
Paul Vixie -
Randy Bush -
Ray Plzak -
Sean Donelan -
Stephane Bortzmeyer -
William Allen Simpson