...

How about allocating some "good sounding" IP addresses for them, (like 1.0.0.x/32) and hard-wiring them into resolver code? Would save quite a lot of configuration headaches for newbies.

Hardwiring anything like this into a system like DNS sounds like a really bad idea if only for the simple reason that DNS is not just used on the Internet, but also within private networks. Having hardwiring IP numbers in this case would cause headaches of unimaginable proportions.

It's DNS servers, not resolvers, that need to update their lists of Internet root servers. The problem (IMHO) is that few sites know or care that they have to maintain root server list periodically to stay in sync with the rest of the Internet. One way to attack the problem (not solve it) is to require nameserver vendors (IIS, Apple, BIND, etc.) to provide the capability for periodic root server list updates. In Unix (BIND), it's quite easy: In cron: # pick a random time once a week 31 10 * * 4 /usr/sbin/update-root # some other time during the week 23 20 * * 6 /usr/sbin/named.restart The shell script (off the top of my head): #!/bin/sh tmp=/tmp/rs$$ trap "rm -f $tmp" 1 2 3 14 15 chdir /etc/namedb ncftp -a -d 600 -g 5 ftp.root-servers.net:/named.root if [ ! -r named.root ]; then Mail -s "Could not get root nameserver list" hostmaster fi diff root.cache root-servers > $tmp if [ -s $tmp ]; then mv named.root root.cache # fails if couldn't download Mail -s "Root server update" hostmaster < $tmp fi rm -f $tmp Perhaps something similar could be done in a C program on any NT or Mac internet DNS server. If there's no "cron" functionality, have the nameserver periodically check once every N seconds (where N ~= one week + random seconds) against a configured named resource for the list of root servers. For example, on the internet, it might be "ftp://ftp.root-servers.net/named.root". For a local admin- istrator it might be "file:config/named.root". An RFC describing this mechanism would be yet another checkoff mark that nameserver vendors would want to comply with. To promote compliance, nameserver vendors that comply would get listed on the "Good Netkeeping Seal of Approval List" at http://www.root-servers.net (where other neat new RFC features like dynamic updating or secure AXFR are also listed). The best part about these updates is that your root server list is always updated from a named resource than can change its IP address whenever it needs to rather than forcing some IP addresses to be static. People who don't update eventually lose. Internet service providers can detect losers (occasionally sniffing for domain/udp traffic to outdated servers) and mail them to let them know they should look at http://www.root-servers.net for more info about updating servers. Administrators of old root nameservers can do this as well (if ISPs are uncomfortable sniffing traffic). .... just fantacizing. -- Eric Ziegast

On Mon, 9 Sep 1996, Nick Hilliard wrote: | Date: Mon, 9 Sep 1996 22:02:04 +0100 (BST) | From: Nick Hilliard <nick@eunet.ie> | To: nanog@merit.edu | Cc: namedroppers@internic.net | Subject: Re: The SWAMP | Resent-Date: Mon, 9 Sep 1996 17:12:00 -0400 (EDT) | Resent-From: randy@internic.net (Randy Bush) | Resent-To: namedroppers <namedroppers@internic.net> | | > How about allocating some "good sounding" IP addresses for them, | > (like 1.0.0.x/32) and hard-wiring them into resolver code? Would | > save quite a lot of configuration headaches for newbies. | | Hardwiring anything like this into a system like DNS sounds like a really | bad idea if only for the simple reason that DNS is not just used on the | Internet, but also within private networks. Having hardwiring IP numbers in | this case would cause headaches of unimaginable proportions. | I'm ambivalent on this. I think hardwiring the addresses is a good thing, but a configuration flag should be provided to override the hardwired addresses (this may simply be the existance of a 'cache' statement, or something more explicit). The real problem will be in re-education (or rather educating) all those DNS admins out there who don't even know they are DNS admin :-) regards | Nick | Mathias Koerber | Tel: +65 / 471 9820 | mathias@staff.singnet.com.sg SingNet NOC | Fax: +65 / 475 3273 | mathias@koerber.org Q'town Tel. Exch. | PGP: Keyid: 768/25E082BD, finger mathias@singnet.com.sg 2 Stirling Rd | 1A 8B FC D4 93 F1 9A FC BD 98 A3 1A 0E 73 01 65 S'pore 148943 | Disclaimer: I speak only for myself * Eifersucht ist eine Leidenschaft, die mit Eifer sucht, was Leiden schafft *