Re: Network Solutions is now in the wringer
pceasy@norfolk.INfi.NET (Dean Robb) writes:
While not a network operator, I think it would be most prudent to consider and discuss (among those who ARE netops) what do to if, say, the root server were suddenly comletely unaccessible for several days/permanently for *whatever* reason.
Duh, isn't that why there is more than one root server in the world? Remember various root servers have/are/will be unavailable for varying periods of time. Except for people who track these things closely, very few of these incidents have any noticeble impact on the Internet. The loss of any one (or even two, three, or four) root servers is not much of a crisis. However I feel some people confuse the data in the root servers, with the databases used to generate those zone files. There is a subtle, but important difference. And why simply copying the zone files is not sufficient.
Does anyone know if NSI even has an off-site mirror running? Or are all the eggs in one basket?
Without actually confirming they exist myself, NSI has reported in various forums including NANOG they have off-site backups. The GTLD's generally have much better backup, and diversity than most country TLD's, many US subdomains and ISP delegations. -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation
Thus spake Sean Donelan
pceasy@norfolk.INfi.NET (Dean Robb) writes:
Does anyone know if NSI even has an off-site mirror running? Or are all the eggs in one basket?
Without actually confirming they exist myself, NSI has reported in various forums including NANOG they have off-site backups. The GTLD's generally have much better backup, and diversity than most country TLD's, many US subdomains and ISP delegations.
Since this whole thread came up as a result of NSI getting potentially thwacked by the government for being the twits that we know they are (it always takes the gov longer to figure these things out apparently) and the possibility that NSI will try to take their ball and go home, we have to assume that off-site *NSI* backup reserve balls are going to go home with the primary game ball. (Am I taking this analog too far?) -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456
At 01:22 3/27/99 -0600, Sean Donelan wrote:
pceasy@norfolk.INfi.NET (Dean Robb) writes:
While not a network operator, I think it would be most prudent to consider and discuss (among those who ARE netops) what do to if, say, the root server were suddenly comletely unaccessible for several days/permanently for *whatever* reason.
Duh, isn't that why there is more than one root server in the world?
My concern is with the master server that NSI operates. My hope was that a netop who *didn't* have a contingency plan might start putting one together.
However I feel some people confuse the data in the root servers, with the databases used to generate those zone files. There is a subtle, but important difference. And why simply copying the zone files is not sufficient.
So who has copies of the databases? If NSI's master (the a-root?) is unavailable, new domains obviously wouldn't propagate, but how long can the other root servers go without getting an update? Does the system as currently configured *require* some server somewhere to be the master and is there one that can take over if NSI's are toast? "Small minds can only contemplate small ideas".....Unknown Dean Robb Owner, PC-EASY (757) 495-EASY [3279] On-site computer repair, upgrades and consultations Read my game reviews/columns in SimOps on WWW.TheGamers.Net
At 10:43 PM 3/27/99 -0500, Dean Robb wrote:
At 01:22 3/27/99 -0600, Sean Donelan wrote:
pceasy@norfolk.INfi.NET (Dean Robb) writes:
While not a network operator, I think it would be most prudent to consider and discuss (among those who ARE netops) what do to if, say, the root server were suddenly comletely unaccessible for several days/permanently for *whatever* reason.
Duh, isn't that why there is more than one root server in the world?
Hello Dean, After all that happened last year, when NSI kept hosing the root-servers, most network operators are keeping local root-zone file and are prepared to go "local" at the drop of your hat, if they don't run that way by default. I don't know if it's written up in an RFC, but it is definitely recommended practice. Those that didn't do this learned the hard way why they should. At MHSC, we always keep last weeks root-zone file. When the root-servers are corrupted is already too late to get last weeks good copy. The gTLD roots are another story, but they are actually more redundant than the root-servers. As regards the ccTLD roots, well some are better than others. 'nuff said there. I documented at least 4 times when the root-servers were FUBAR, last year, for more than a few hours. The documentation was done on the IFWP list as part of the debates there. One incident was days long. In the event that NSI goes down for the count, this method can keep status quo for quite a while. However, there is no backup for the gTLD registry. If NSI goes away, no new SLDs can be registered, in the IANA gTLDs. IOW, we'd have to come up with a new COM/NET/ORG/EDU registry (GOV/MIL do their own anyway). ___________________________________________________ Roeland M.J. Meyer - e-mail: mailto:rmeyer@mhsc.com Internet phone: hawk.lvrmr.mhsc.com Personal web pages: http://staff.mhsc.com/~rmeyer Company web-site: http://www.mhsc.com ___________________________________________________ KISS ... gotta love it!
In message <3.0.6.32.19990327224345.00d4ad00@norfolk.infi.net>, Dean Robb writes:
At 01:22 3/27/99 -0600, Sean Donelan wrote:
pceasy@norfolk.INfi.NET (Dean Robb) writes:
While not a network operator, I think it would be most prudent to consider and discuss (among those who ARE netops) what do to if, say, the root server were suddenly comletely unaccessible for several days/permanently for *whatever* reason.
Duh, isn't that why there is more than one root server in the world?
My concern is with the master server that NSI operates. My hope was that a netop who *didn't* have a contingency plan might start putting one together.
However I feel some people confuse the data in the root servers, with the databases used to generate those zone files. There is a subtle, but important difference. And why simply copying the zone files is not sufficient.
So who has copies of the databases? If NSI's master (the a-root?) is unavailable, new domains obviously wouldn't propagate, but how long can the other root servers go without getting an update? Does the system as currently configured *require* some server somewhere to be the master and is there one that can take over if NSI's are toast?
origin = A.ROOT-SERVERS.NET mail addr = hostmaster.INTERNIC.NET serial = 1999032605 refresh = 1800 (30M) retry = 900 (15M) expire = 604800 (1W) minimum ttl = 86400 (1D) Well the expire is 1W so by default the zones will be valid in all servers for a week after a.root-servers.net goes away (if that were to happen.) --- jerry@fc.net Insync Internet, Inc. | Freeside Communications, Inc. 5555 San Felipe, Suite 700 | PO BOX 80315 Austin, Tx 78708 713-407-7000 | 512-458-9810 http://www.insync.net | http://www.fc.net
In message <199903281722.LAA00911@freeside.fc.net>, Jeremy Porter writes:
In message <3.0.6.32.19990327224345.00d4ad00@norfolk.infi.net>, Dean Robb writes:
At 01:22 3/27/99 -0600, Sean Donelan wrote:
pceasy@norfolk.INfi.NET (Dean Robb) writes:
While not a network operator, I think it would be most prudent to consider and discuss (among those who ARE netops) what do to if, say, the root server were suddenly comletely unaccessible for several days/permanently for *whatever* reason.
Duh, isn't that why there is more than one root server in the world?
My concern is with the master server that NSI operates. My hope was that a netop who *didn't* have a contingency plan might start putting one together.
However I feel some people confuse the data in the root servers, with the databases used to generate those zone files. There is a subtle, but important difference. And why simply copying the zone files is not sufficient.
So who has copies of the databases? If NSI's master (the a-root?) is unavailable, new domains obviously wouldn't propagate, but how long can the other root servers go without getting an update? Does the system as currently configured *require* some server somewhere to be the master and is there one that can take over if NSI's are toast?
origin = A.ROOT-SERVERS.NET mail addr = hostmaster.INTERNIC.NET serial = 1999032605 refresh = 1800 (30M) retry = 900 (15M) expire = 604800 (1W) minimum ttl = 86400 (1D)
Well the expire is 1W so by default the zones will be valid in all servers for a week after a.root-servers.net goes away (if that were to happen.)
Sigh, as somone else already pointed out, the root-servers manually zone transfer and will not nessesarily expire the zone. At any rate I can see the problem lasting long enough to impact anything. Some people might even claim DNS is not required for proper functioning, and that DNS isn't in the Nanog charter, although perhaps root-servers are as they have some impact on performance. I don't really beleive that the operational folks at network solutions would actual do delibert things to interfere with root zone operations. Frankly while all the things network solutions has done lately, not one of them seems to be with the scope of this mailing list, as no offically supported operational functions have been broken. (I can see how if you wrote a script that depending on a particulaj output of whois, how it would be annoying, but I can't recall the RFC where that particular output format is specified. I don't believe WWW services were ever required. Ah well, off to do operational related things, I guess I should ignoring nanog more, as it just doesn't seem relevant to anything in particular. (Other than whining.) --- jerry@fc.net Insync Internet, Inc. | Freeside Communications, Inc. 5555 San Felipe, Suite 700 | PO BOX 80315 Austin, Tx 78708 713-407-7000 | 512-458-9810 http://www.insync.net | http://www.fc.net
participants (5)
-
Dean Robb
-
Jeff Mcadams
-
Jeremy Porter
-
Roeland M.J. Meyer
-
Sean Donelan