[dns-operations] Domain Name System without Root Servers

Evan Hunt each at isc.org
Tue Oct 3 00:11:53 UTC 2017


On Mon, Oct 02, 2017 at 11:52:42PM +0000, Wessels, Duane wrote:
> Daniel Karrenberg just gave a very interesting/terrifying presentation at
> DNS-OARC about root priming:
> 
> https://indico.dns-oarc.net/event/27/session/5/contribution/21
> 
> My point being that this stuff never actually works the way we think its
> supposed to...

Coincidentally, we spotted a bug in BIND a few weeks ago which I suspect
is a major contributor to this.  (I should probably have said something
from the mic about it, but I hadn't looked closely at the problem yet and
didn't want to get it wrong. I did speak to Daniel about it over lunch.)

For the past several years, BIND has been failing to cache root-server
addresses correctly, so it ends up sending priming queries almost every
time it looks up a TLD.  I fixed it last night, it's in our engineering
review process now.

                                                eh



More information about the dns-operations mailing list