[dns-operations] Cloudflare hosting a root server?

Thomas Steen Rasmussen thomas at gibfest.dk
Fri Apr 14 10:44:19 UTC 2017


On 03/31/2017 04:59 AM, Evan Hunt wrote:
> On Thu, Mar 30, 2017 at 09:37:33PM -0400, Robert Edmonds wrote:
>> It looks like Cloudflare is hosting F-root instances now?
> Yep. 74 of them, as of today, if I recall correctly.
>
Hello,

I had some issues today because of these new f-roots.

The default FreeBSD named.conf[1] suggests slaving . and
arpa zones from f-root. Not all the f-root servers permit
AXFR apparently, meaning that a lot of FreeBSD servers
can suddently stop being able to slave the root zones, if
anycast makes them hit a new non-axfr-enabled f-root
server.

I've had problems getting AXFR from these, making me
think that all the new cloudflare nodes are refusing AXFR:

SIN.cf.f.root-servers.org
FRA.cf.f.root-servers.org
CPH.cf.f.root-servers.org

Wouldn't it be a good idea to keep axfr "rules" persistent
across all instances of a given root server?

I will contact the maintainer of the FreeBSD bind port
seperately and suggest using icanns axfr servers [2] as
default rather than f-root.

Thoughts? Thanks!

/Thomas

[1]: 
https://svnweb.freebsd.org/ports/head/dns/bind911/files/named.conf.in?view=markup#l105
[2]: http://www.dns.icann.org/services/axfr/




More information about the dns-operations mailing list