[dns-operations] Cloudflare hosting a root server?

Thomas Steen Rasmussen thomas at gibfest.dk
Fri Apr 14 10:44:19 UTC 2017

On 03/31/2017 04:59 AM, Evan Hunt wrote:
> On Thu, Mar 30, 2017 at 09:37:33PM -0400, Robert Edmonds wrote:
>> It looks like Cloudflare is hosting F-root instances now?
> Yep. 74 of them, as of today, if I recall correctly.

I had some issues today because of these new f-roots.

The default FreeBSD named.conf[1] suggests slaving . and
arpa zones from f-root. Not all the f-root servers permit
AXFR apparently, meaning that a lot of FreeBSD servers
can suddently stop being able to slave the root zones, if
anycast makes them hit a new non-axfr-enabled f-root

I've had problems getting AXFR from these, making me
think that all the new cloudflare nodes are refusing AXFR:


Wouldn't it be a good idea to keep axfr "rules" persistent
across all instances of a given root server?

I will contact the maintainer of the FreeBSD bind port
seperately and suggest using icanns axfr servers [2] as
default rather than f-root.

Thoughts? Thanks!


[2]: http://www.dns.icann.org/services/axfr/

More information about the dns-operations mailing list