[dns-operations] How much trouble am in in on May 5?

Doug Barton dougb at dougbarton.us
Thu May 6 05:56:13 UTC 2010

Now that The Day is past and the intarwebz haven't melted, I feel
comfortable saying publicly that the real day to watch for wasn't today,
the potential problems are only _beginning_ today, with caches that are
cold-starting. We won't really know for sure how screwed we are until 6
days from now when all the NS records for . expire from the caches.

And while we're on the topic of TTLs, the root zone has the following:
grep root-servers.net root-zone
.			518400	IN	NS	a.root-servers.net.
a.root-servers.net.	518400	IN	A

The root hints file has the following:
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30

But 'dig @<a-m>.root-servers.net . ns produces the following for all but
H, K, and L:
.                       518400  IN      NS      a.root-servers.net.
a.root-servers.net.     3600000 IN      A

Hopefully it's obvious that I'm simply using A-root as a placeholder
here to avoid pasting long and pointless dig output.

I don't think it's any coincidence that according to fpdns all the
3600000 servers report some version of BIND, and H, K, and L all say "no
match found" (which I suspect actually means they are running a flavor
of NSD).

... and for those who wish to open up yet another can of worms, why do
we need a 41.666666666666<etc> day TTL on the records in root.hints
anyway, but I digress ...



	... and that's just a little bit of history repeating.
			-- Propellerheads

	Improve the effectiveness of your Internet presence with
	a domain name makeover!    http://SupersetSolutions.com/

More information about the dns-operations mailing list