> How about allocating some "good sounding" IP addresses for them,
> (like 1.0.0.x/32) and hard-wiring them into resolver code? Would
> save quite a lot of configuration headaches for newbies.
Hardwiring anything like this into a system like DNS sounds like a really
bad idea if only for the simple reason that DNS is not just used on the
Internet, but also within private networks. Having hardwiring IP numbers
in this case would cause headaches of unimaginable proportions.
It's DNS servers, not resolvers, that need to update their lists
of Internet root servers. The problem (IMHO) is that few sites know
or care that they have to maintain root server list periodically to
stay in sync with the rest of the Internet. One way to attack the
problem (not solve it) is to require nameserver vendors (IIS, Apple,
BIND, etc.) to provide the capability for periodic root server list
In Unix (BIND), it's quite easy:
# pick a random time once a week
31 10 * * 4 /usr/sbin/update-root
# some other time during the week
23 20 * * 6 /usr/sbin/named.restart
The shell script (off the top of my head):
trap "rm -f $tmp" 1 2 3 14 15
ncftp -a -d 600 -g 5 ftp.root-servers.net:/named.root
if [ ! -r named.root ]; then
Mail -s "Could not get root nameserver list" hostmaster
diff root.cache root-servers > $tmp
if [ -s $tmp ]; then
mv named.root root.cache # fails if couldn't download
Mail -s "Root server update" hostmaster < $tmp
rm -f $tmp
Perhaps something similar could be done in a C program on
any NT or Mac internet DNS server. If there's no "cron"
functionality, have the nameserver periodically check once
every N seconds (where N ~= one week + random seconds)
against a configured named resource for the list of root
servers. For example, on the internet, it might be
"ftp://ftp.root-servers.net/named.root". For a local admin-
istrator it might be "file:config/named.root".
An RFC describing this mechanism would be yet another checkoff
mark that nameserver vendors would want to comply with. To
promote compliance, nameserver vendors that comply would get
listed on the "Good Netkeeping Seal of Approval List" at
http://www.root-servers.net (where other neat new RFC features
like dynamic updating or secure AXFR are also listed).
The best part about these updates is that your root server list
is always updated from a named resource than can change its IP
address whenever it needs to rather than forcing some IP addresses
to be static.
People who don't update eventually lose. Internet service providers
can detect losers (occasionally sniffing for domain/udp traffic to
outdated servers) and mail them to let them know they should look at
http://www.root-servers.net for more info about updating servers.
Administrators of old root nameservers can do this as well (if ISPs
are uncomfortable sniffing traffic).
.... just fantacizing.