Important Informational Message - root.zone change

Mailman List Mirror (Read Only)
1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

*****PLEASE NOTE*****
This is an important Informational Message to the internet community:

November 5, 2002, the IP address for J.root-servers.net will
change in the authoritative NS set for "dot". The change will
be reflected in zone serial # 2002110501.

The new set of servers authoritative for "dot" will be:
A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4
H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53
C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12
G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4
F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241
B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107
J.ROOT-SERVERS.NET. 5w6d16h IN A 192.58.128.30
K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129
L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12
M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33
I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17
E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10
D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90

This WILL require a change to your root hints file. The new
file will be available via anonymous ftp from
rs.internic.net:/domain/named.root as well as
ftp.internic.net:/doamin/named.root starting 11/5/02 1700UTC (12pm
EST/9am PST).

Both the new and old j.root-servers.net IP space will provide
answers in parallel for the foreseeable future.

2

This WILL require a change to your root hints file. The new

[...]

Both the new and old j.root-servers.net IP space will provide
answers in parallel for the foreseeable future.

Since its been 5 years since the hints/cache boot file has changed,
it may be useful to remind people an immediate change to your
local configuration files is not required. You don't need to
slashdot internic.net tomorrow morning trying to download the file.

As long as 1 listed IP address responds with the current list of root
servers, the server doesn't even need to be a root server itself, your
name server should figure out who are the current roots. In the 1980's
and 1990's when the hints/cache file changed regularly, some people when
years without updating it. Or only updated it when they upgraded their
name server code.

Don't Panic.

3

Well said!

I am quite disappointed that ICANN has not included similar language in
their announcement. They know better.

Daniel

4

"John Crain" <crain@icann.org> writes:

*****PLEASE NOTE*****
This is an important Informational Message to the internet community:

November 5, 2002, the IP address for J.root-servers.net will
change in the authoritative NS set for "dot".

Why is this change being made?

Also:

The change will
be reflected in zone serial # 2002110501.

[...]

J.ROOT-SERVERS.NET. 5w6d16h IN A 192.58.128.30

[...]

...the old data is still being served by root-servers.net, vis:

$ dig a j.root-servers.net

; <<>> DiG 8.3 <<>> a j.root-servers.net
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13
;; QUERY SECTION:
;; j.root-servers.net, type = A, class = IN

;; ANSWER SECTION:
j.root-servers.net. 2d6h55m50s IN A 198.41.0.10

5

Looks to me like dot's serial isn't 2002110501 yet:
H.ROOT-SERVERS.NET. 2002110500
A.ROOT-SERVERS.NET. 2002110500
D.ROOT-SERVERS.NET. 2002110500
E.ROOT-SERVERS.NET. 2002110500
I.ROOT-SERVERS.NET. 2002110500
M.ROOT-SERVERS.NET. 2002110500
L.ROOT-SERVERS.NET. 2002110401
K.ROOT-SERVERS.NET. 2002110500
J.ROOT-SERVERS.NET. 2002110500
B.ROOT-SERVERS.NET. 2002110500
F.ROOT-SERVERS.NET. 2002110500
G.ROOT-SERVERS.NET. 2002110500
C.ROOT-SERVERS.NET. 2002110500

6

Also...

Why is it that the PGP keys with which the root zone cache file is
being signed aren't widely available? The files are signed with keyid
C1D27AF9 which I cannot retrieve from, for instance, the MIT PGP
keyserver. Given the importance of the file it would be nice to verify
the data.

7

Once upon a time, Perry E. Metzger <perry@piermont.com> said:

"John Crain" <crain@icann.org> writes:
> November 5, 2002, the IP address for J.root-servers.net will
> change in the authoritative NS set for "dot".

Why is this change being made?

My guess would be because of the proximity of a.root-servers.net
(198.41.0.4) and j.root-servers.net (198.41.0.10), which are in the same
/24 announced in BGP.

8

Why is it that the PGP keys with which the root zone cache file is
being signed aren't widely available? The files are signed with keyid
C1D27AF9 which I cannot retrieve from, for instance, the MIT PGP
keyserver. Given the importance of the file it would be nice to verify
the data.

that's why i have not even considered installing

randy

9

> The change will
> be reflected in zone serial # 2002110501.
[...]
> J.ROOT-SERVERS.NET. 5w6d16h IN A 192.58.128.30
[...]

...the old data is still being served by root-servers.net, vis:

Looks to me like dot's serial isn't 2002110501 yet:
H.ROOT-SERVERS.NET. 2002110500
A.ROOT-SERVERS.NET. 2002110500
D.ROOT-SERVERS.NET. 2002110500
E.ROOT-SERVERS.NET. 2002110500
I.ROOT-SERVERS.NET. 2002110500
M.ROOT-SERVERS.NET. 2002110500
L.ROOT-SERVERS.NET. 2002110401
K.ROOT-SERVERS.NET. 2002110500
J.ROOT-SERVERS.NET. 2002110500
B.ROOT-SERVERS.NET. 2002110500
F.ROOT-SERVERS.NET. 2002110500
G.ROOT-SERVERS.NET. 2002110500
C.ROOT-SERVERS.NET. 2002110500

actually...a more interesting point from the data you posed here is:

(a) the change to j's address noted in the original message had
already been made (they show 2002110500 whereas the change was
supposed to be in 2002110501).

(b) l was a little out of date, and b was as well earlier that day (it
wasn't serving the new address).

for that matter, l is *still* out of date. :wink: