Important Informational Message - root.zone change
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 *****PLEASE NOTE***** This is an important Informational Message to the internet community: November 5, 2002, the IP address for J.root-servers.net will change in the authoritative NS set for "dot". The change will be reflected in zone serial # 2002110501. The new set of servers authoritative for "dot" will be: A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4 H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53 C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12 G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4 F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241 B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107 J.ROOT-SERVERS.NET. 5w6d16h IN A 192.58.128.30 K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129 L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12 M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33 I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17 E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10 D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90 This WILL require a change to your root hints file. The new file will be available via anonymous ftp from rs.internic.net:/domain/named.root as well as ftp.internic.net:/doamin/named.root starting 11/5/02 1700UTC (12pm EST/9am PST). Both the new and old j.root-servers.net IP space will provide answers in parallel for the foreseeable future. _________________________________________ John Crain Manager of Technical Operations ICANN/IANA crain@icann.org 1AF4 F638 4B2D 3EF2 F9BA 99E4 8D85 69A7 _________________________________________ -----BEGIN PGP SIGNATURE----- Version: PGP Personal Security 7.0.3 iQA/AwUBPcb/pdGxp5XUiliSEQJzewCg2sa+RFanZQ9XZa+t0Yif0zKnzhkAoMSa FVW9Q1ekZl49+X1RGPKaHqNy =FZjZ -----END PGP SIGNATURE-----
On Mon, 4 Nov 2002, John Crain wrote:
This WILL require a change to your root hints file. The new [...] Both the new and old j.root-servers.net IP space will provide answers in parallel for the foreseeable future.
Since its been 5 years since the hints/cache boot file has changed, it may be useful to remind people an immediate change to your local configuration files is not required. You don't need to slashdot internic.net tomorrow morning trying to download the file. As long as 1 listed IP address responds with the current list of root servers, the server doesn't even need to be a root server itself, your name server should figure out who are the current roots. In the 1980's and 1990's when the hints/cache file changed regularly, some people when years without updating it. Or only updated it when they upgraded their name server code. Don't Panic.
"John Crain" <crain@icann.org> writes:
*****PLEASE NOTE***** This is an important Informational Message to the internet community:
November 5, 2002, the IP address for J.root-servers.net will change in the authoritative NS set for "dot".
Why is this change being made? Also:
The change will be reflected in zone serial # 2002110501. [...] J.ROOT-SERVERS.NET. 5w6d16h IN A 192.58.128.30 [...]
...the old data is still being served by root-servers.net, vis: $ dig a j.root-servers.net ; <<>> DiG 8.3 <<>> a j.root-servers.net ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13 ;; QUERY SECTION: ;; j.root-servers.net, type = A, class = IN ;; ANSWER SECTION: j.root-servers.net. 2d6h55m50s IN A 198.41.0.10
On Tue, Nov 05, 2002 at 03:57:05PM -0500, Perry E. Metzger wrote:
"John Crain" <crain@icann.org> writes:
The change will be reflected in zone serial # 2002110501. [...] J.ROOT-SERVERS.NET. 5w6d16h IN A 192.58.128.30 [...]
...the old data is still being served by root-servers.net, vis:
Looks to me like dot's serial isn't 2002110501 yet: H.ROOT-SERVERS.NET. 2002110500 A.ROOT-SERVERS.NET. 2002110500 D.ROOT-SERVERS.NET. 2002110500 E.ROOT-SERVERS.NET. 2002110500 I.ROOT-SERVERS.NET. 2002110500 M.ROOT-SERVERS.NET. 2002110500 L.ROOT-SERVERS.NET. 2002110401 K.ROOT-SERVERS.NET. 2002110500 J.ROOT-SERVERS.NET. 2002110500 B.ROOT-SERVERS.NET. 2002110500 F.ROOT-SERVERS.NET. 2002110500 G.ROOT-SERVERS.NET. 2002110500 C.ROOT-SERVERS.NET. 2002110500
The change will be reflected in zone serial # 2002110501. [...] J.ROOT-SERVERS.NET. 5w6d16h IN A 192.58.128.30 [...]
...the old data is still being served by root-servers.net, vis:
Looks to me like dot's serial isn't 2002110501 yet: H.ROOT-SERVERS.NET. 2002110500 A.ROOT-SERVERS.NET. 2002110500 D.ROOT-SERVERS.NET. 2002110500 E.ROOT-SERVERS.NET. 2002110500 I.ROOT-SERVERS.NET. 2002110500 M.ROOT-SERVERS.NET. 2002110500 L.ROOT-SERVERS.NET. 2002110401 K.ROOT-SERVERS.NET. 2002110500 J.ROOT-SERVERS.NET. 2002110500 B.ROOT-SERVERS.NET. 2002110500 F.ROOT-SERVERS.NET. 2002110500 G.ROOT-SERVERS.NET. 2002110500 C.ROOT-SERVERS.NET. 2002110500
actually...a more interesting point from the data you posed here is: (a) the change to j's address noted in the original message had already been made (they show 2002110500 whereas the change was supposed to be in 2002110501). (b) l was a little out of date, and b was as well earlier that day (it wasn't serving the new address). for that matter, l is *still* out of date. ;-) -- |-----< "CODE WARRIOR" >-----| codewarrior@daemon.org * "ah! i see you have the internet twofsonet@graffiti.com (Andrew Brown) that goes *ping*!" werdna@squooshy.com * "information is power -- share the wealth."
Also... Why is it that the PGP keys with which the root zone cache file is being signed aren't widely available? The files are signed with keyid C1D27AF9 which I cannot retrieve from, for instance, the MIT PGP keyserver. Given the importance of the file it would be nice to verify the data. -- Perry E. Metzger perry@piermont.com
Why is it that the PGP keys with which the root zone cache file is being signed aren't widely available? The files are signed with keyid C1D27AF9 which I cannot retrieve from, for instance, the MIT PGP keyserver. Given the importance of the file it would be nice to verify the data.
that's why i have not even considered installing randy
Once upon a time, Perry E. Metzger <perry@piermont.com> said:
"John Crain" <crain@icann.org> writes:
November 5, 2002, the IP address for J.root-servers.net will change in the authoritative NS set for "dot".
Why is this change being made?
My guess would be because of the proximity of a.root-servers.net (198.41.0.4) and j.root-servers.net (198.41.0.10), which are in the same /24 announced in BGP. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
November 5, 2002, the IP address for J.root-servers.net will change in the authoritative NS set for "dot".
Why is this change being made?
as a simple step in improving the robustness of the overall system. back in the day, NSI agreed to act as guardian for a couple of the (then) new roots. As a temporary expedient, (J) was placed in the same broadcast domain as another root. moving it to a different broadcast domain will allow better traffic "splay" into the logical topology of the 'net.
... (old record is still visable)
yes. and it may still be there for a while. but using the new address (and checking all those new systems that are already in the distribution channel to ensure they pick up hte new address) will avoid the odd glitch when the old address is eventually retired... in a couple years. :) --bill
Cool, the root checks in BIND work Nov 5 22:28:35 clifden named[2072]: [ID 295310 daemon.warning] check_hints: A records for J.ROOT-SERVERS.NET class 1 do not match hint records Nevertheless, BIND 8.X does appear to use the root list returned from the queried name server . 517997 IN NS J.ROOT-SERVERS.NET. ;Cr=auth [192.36.148.17] 517997 IN NS K.ROOT-SERVERS.NET. ;Cr=auth [192.36.148.17] 517997 IN NS L.ROOT-SERVERS.NET. ;Cr=auth [192.36.148.17] 517997 IN NS M.ROOT-SERVERS.NET. ;Cr=auth [192.36.148.17] 517997 IN NS I.ROOT-SERVERS.NET. ;Cr=auth [192.36.148.17] 517997 IN NS E.ROOT-SERVERS.NET. ;Cr=auth [192.36.148.17] 517997 IN NS D.ROOT-SERVERS.NET. ;Cr=auth [192.36.148.17] 517997 IN NS A.ROOT-SERVERS.NET. ;Cr=auth [192.36.148.17] 517997 IN NS H.ROOT-SERVERS.NET. ;Cr=auth [192.36.148.17] 517997 IN NS C.ROOT-SERVERS.NET. ;Cr=auth [192.36.148.17] 517997 IN NS G.ROOT-SERVERS.NET. ;Cr=auth [192.36.148.17] 517997 IN NS F.ROOT-SERVERS.NET. ;Cr=auth [192.36.148.17] 517997 IN NS B.ROOT-SERVERS.NET. ;Cr=auth [192.36.148.17] J 604397 IN A 192.58.128.30 ;NT=5 Cr=answer [192.36.148.17]
participants (8)
-
Andrew Brown
-
bmanning@vacation.karoshi.com
-
Chris Adams
-
John Crain
-
John Payne
-
Perry E. Metzger
-
Randy Bush
-
Sean Donelan