[dns-operations] BIND upgrades because the H root server will be renumbered

Jim Reid jim at rfc1035.com
Tue Sep 1 03:49:36 UTC 2015

On 1 Sep 2015, at 02:27, Ken Peng <kpeng at runbox.com> wrote:

> We now try to upgrade BIND servers.

While you should always run reasonably current DNS software, it's pointless to immediately upgrade BIND just because the H root server is going to be renumbered in December. Currently available versions of BIND do not (yet) have the new IP addresses of H compiled in.

You're running something that's rather old (9.8.1-P1). IIUC ISC no longer supports or maintains that old release. [See https://www.isc.org/downloads/software-support-policy.] So you need to upgrade to a current release regardless of what's happening to H. And perhaps upgrade yet again after H renumbers.

FWIW the most recent ISC release appears to be a beta for BIND 9.10.3 (9.10.3b1) that was published on August 6th. It does not have the new IP addresses for H in lib/dns/rootns.c. Although I don't speak for ISC, it seems highly likely that change will be made for the next BIND releases/upgrades around or just after Dec 1st because those new IP addresses for H then be reflected in the root and root-servers.net zones. Since those new IP addresses for H are already "live", thr change might well find its way into the next versions of BIND that get released before H's official changeover date. No matter. Resolving name servers should really be configured with an up to date hints file for the root instead of depending on what might or might not be hard-coded in the software.

The old IP addresses for H (ie the ones used today) will still have an active root server for 6 months after H renumbers. This will allow even more time for those who need longer to replace or reconfigure their DNS software so it will use H's new IP addresses for priming queries at start-up.

More information about the dns-operations mailing list