[dns-operations] B-Root to be renumbered in October

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Sep 5 09:11:45 UTC 2017

On Tue, Sep 05, 2017 at 10:02:12AM +0200,
 Stefan Förster <cite+dns-operations at incertum.net> wrote 
 a message of 21 lines which said:

> Not having too much experience running recursive resolvers, I found
> the article at https://kb.isc.org/article/AA-01309 and it seems
> that, apart from perhaps distributing a new root hints file to get
> rid of checkhints warnings, this should not be an operational
> problem.

Indeed, it should be completely invisible even for recursive resolvers
operators, thanks to RFC 8109.

But, in the real world, some problems can occur:

* some people never update the hints file. While there is still one
good root name server in it, it will work, thanks to priming but, one
day, you may have problems if there are too many discrepancies.

* some people hardwire in some never-updated program the IP addresses
of root name servers (typically malware authors, so may be not a use
case you want to support).

* experience show that root name servers addresses receive a lot of traffic even
long after decommission <http://www.cs.umd.edu/~dml/papers/droot.pdf>.

So, it is a good idea that these changes are posted at some places, to
increase awareness.

More information about the dns-operations mailing list