[dns-operations] How much trouble am in in on May 5?
Doug Barton
dougb at dougbarton.us
Thu May 6 05:56:13 UTC 2010
Now that The Day is past and the intarwebz haven't melted, I feel
comfortable saying publicly that the real day to watch for wasn't today,
the potential problems are only _beginning_ today, with caches that are
cold-starting. We won't really know for sure how screwed we are until 6
days from now when all the NS records for . expire from the caches.
And while we're on the topic of TTLs, the root zone has the following:
grep root-servers.net root-zone
. 518400 IN NS a.root-servers.net.
...
a.root-servers.net. 518400 IN A 198.41.0.4
...
The root hints file has the following:
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
But 'dig @<a-m>.root-servers.net . ns produces the following for all but
H, K, and L:
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
...
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
Hopefully it's obvious that I'm simply using A-root as a placeholder
here to avoid pasting long and pointless dig output.
I don't think it's any coincidence that according to fpdns all the
3600000 servers report some version of BIND, and H, K, and L all say "no
match found" (which I suspect actually means they are running a flavor
of NSD).
... and for those who wish to open up yet another can of worms, why do
we need a 41.666666666666<etc> day TTL on the records in root.hints
anyway, but I digress ...
Doug
--
... and that's just a little bit of history repeating.
-- Propellerheads
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
More information about the dns-operations
mailing list