[dns-operations] really old root zones for saveroot

Sat Dec 14 22:43:55 UTC 2019

I have been playing around with the old update journal in the saveroot
repository, to see if I can reconstruct root zones between July 2005 and
March 2014.

https://github.com/fanf2/saveroot/

David Malone reminded me that I got the journal from him when I mentioned
saving the root zone in a git repository, so thanks are due to him for
this part of the history.

https://twitter.com/dwmal1/status/441339653044461568

I think reconstruction is mostly feasible, but it would be super helpful
if anyone can give me a copy of the root zone from any point in that time
period to fill in a couple of gaps.

There are a few gotchas that I have found.

Firstly, names in the journal change from upper-case to lower-case
part-way through, which makes matching records mildly inconvenient. The
change coincides with the zone being (experimentally) signed in April
2010. I think I will not preserve this in the reconstrucred version: the
case change has the disadvantage of making diffs less useful, and it's
easy enough to recover the historically accurate upper case because the
switch-over time is so obvious.

Secondly, very stable records don't appear in the journal. For example,
the NS RRsets for the root itself and for .com have not changed for many
years. There are 785 records that appear in my first full copy of the root
zone, but not in the journal. I think this is fairly straightforward to
cope with.

Thirdly, there's a gap between the end of the journal and the first full
copy of the zone. I thought the gap was a couple of days, but on closer
inspection it turns out the last serial number in the journal is
2014030500 and the first complete zone is 2014030501. Normally this would
be ideal, but it turns out there were some actually meaningful changes in
that update.

The list below has records that appear in the journal but not in the
2014030501 zone. This is mostly simple to deal with, except for the .mk
delegation change, in particular kitka.marnet.net.mk. It looks like that
was a long-lived name server, mentioned in NS and A records that predated
the journal (so they don't appear). I can infer the NS record but not the
A record.

I cannot infer any NS records that were stable for the entire lifetime of
the journal and deleted in the 2014030501 update, which might be a problem
for .mk and .ro (and less plausibly for other TLDs).

.			86400	IN	RRSIG	SOA 8 0 86400 20140312000000 20140304230000 33655 . [...]
.			86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2014030500 1800 900 604800 86400
co.			86400	IN	DS	27859 8 1 63D2DAEB4D479BD4DFF4202D9BDC82B309C2CCD5
co.			86400	IN	DS	27859 8 2 EF8F5B56FA9A79EF29A82330DB625BA19CE3A5B140B24287855DDAAA 03EA369B
co.			86400	IN	RRSIG	DS 8 1 86400 20140312000000 20140304230000 33655 . [...]
kitka.marnet.net.mk.	172800	IN	AAAA	2a02:e48:0:3::2
kn.			86400	IN	NSEC	kp. NS RRSIG NSEC
kn.			86400	IN	RRSIG	NSEC 8 1 86400 20140312000000 20140304230000 33655 . [...]
la.			86400	IN	DS	54086 7 1 C468E20FD427F2EB5E4658B1E1D24840768DC8E1
la.			86400	IN	DS	54086 7 2 28339FCEDF2C52583595DD1460A6B07D9FA5692A5BA8E6E5F34EE306 35230541
la.			86400	IN	RRSIG	DS 8 1 86400 20140312000000 20140304230000 33655 . [...]
lt.			86400	IN	DS	24556 8 1 A9D06FA34F1C9D57062899824F5702041188DE97
lt.			86400	IN	DS	24556 8 2 DEA1E077D98EA2DE8750281B40ACEBC14687AEB8FE49506333C903D5 01F6C620
lt.			86400	IN	RRSIG	DS 8 1 86400 20140312000000 20140304230000 33655 . [...]
mk.			172800	IN	NS	ns2.arnes.si.
mk.			172800	IN	NS	ns5.univie.ac.at.
ns2.arnes.si.		172800	IN	A	193.2.1.91
ns2.arnes.si.		172800	IN	AAAA	2001:1470:8000::91
ro.			172800	IN	NS	ns-ext.isc.org.
xn--90a3ac.		86400	IN	NSEC	xn--cg4bki. NS RRSIG NSEC
xn--90a3ac.		86400	IN	RRSIG	NSEC 8 1 86400 20140312000000 20140304230000 33655 . [...]

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Tyne, Dogger: Westerly or southwesterly 6 to gale 8, decreasing 3 to 5 for a
time in north. Moderate or rough. Rain or showers. Good, occasionally poor.