[dns-operations] root zone weirdness
Tony Finch
dot at dotat.at
Tue Dec 24 21:21:09 UTC 2019
Merry xmas!
I have been playing around with root zone archives. Jaap Akkerhuis has
given me a large archive covering 1999 - 2015 which overlaps in useful and
interesting ways with my collection and the update journal from David
Malone that I wrote about before.
There are a couple of anomalies that are kind of interesting.
In the run-up to signing the root zone in 2010, there was a period during
which it was signed but not verifiable, with deliberately altered DNSKEY
records. Some root servers continued to serve the unsigned zone while
others tested the signed version.
Jaap's archive switches to the signed version on the official go-live
point at serial number 2010071501.
David's journal gets the signed version starting on 2010041500. There's
more fun between then and go-live than I remember, in particular a number
of TLDs got DS records during this test period (.br and .uk at 2010062201,
.cz at 2010062400, .tm at 2010062901, .cat at 2010063001, .bg at
2010070301, .na at 2010070901).
The other notable difference between the archives is to do with TTLs of
root-servers.net glue and delegation NS RRsets involving root-servers.net.
I'm aware that the TTLs currently differ depending on whether you look at
the root zone, or .arpa, or root-servers.net. I'm not sure what the
history is, and I don't trust the data I have to be accurate - I believe
there were bugs related to servers being unclear which zone's records
should be included in an answer.
Jaap's archive has some relatively infrequent changes of TTLs between
2004090101 and 2007031401 (8 changes that look suspicious to me).
David's journal has frequent churn from 2007070401 until the zone is
signed, flip-flopping every few days.
I would like to suppress spurious changes in a way that is as historically
accurate as I can. I've got a git repository layout for these archives
which canonicalizes the zone files carefully in order to work with git
as well as I can manage. This churn causes different sources to disagree
when I think they should not.
Any reminiscences / thoughts / suggestions welcome.
Happy Newtonmass,
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Plymouth, Biscay: Variable 4 or less at first in south Biscay, otherwise
westerly 5 to 7, occasionally gale 8 in Plymouth, veering northerly 2 to 4,
then southeasterly 5 to 7. Rough or very rough, becoming rough, occasionally
moderate. Fair. Good.
More information about the dns-operations
mailing list