Tidbit from DirectNIC

michael.dillon1 · September 2, 2005, 3:44pm

From downtown New Orleans...

-----snip-----
Fox News is reporting that there is an operation underway to refill
chillers at the Bell South building down the street to keep phone service
available to much of the southeast United States. That is apparently where
all the firetrucks are going to in the area, in case you were wondering.
-----snip-----

It is interesting to note that it is possible to bring in diesel and water
to resupply BellSouth yet it is impossible to bring in water and food for
the residents, not to mention a fleet of small boats that could have
prevented thousands from dying trapped inside their attics.

If you have a datacenter in a location that might be flooded by rivers or
storm surges, do you have inflatable rafts among your emergency supplies?

--Michael Dillon

Christopher_L_Morro1 · September 2, 2005, 3:49pm

>From downtown New Orleans...
Interdictor — LiveJournal

--snip---

If you have a datacenter in a location that might be flooded by rivers or
storm surges, do you have inflatable rafts among your emergency supplies?

"do you have a disaster-recovery site off-site in a less hazardous area?"

(might also be asked, eh?)

Steven_Champeon · September 2, 2005, 3:54pm

1) potable water is probably somewhat different from the water used in
chillers or fire trucks

2) phone service is, IMHO, one helpful pre-requisite to providing
emergency care and disaster relief

3) the pictures I've been seeing have been full of boats, many of them
thrown up on land a few hundred feet from their berths

Not saying that the utter failure of DHS as an organization isn't on
evidence here. Just saying that it's one thing to feed and water a plant
and quite another to feed and water a human being, let alone tens of
thousands of them.

Peter_Karin_Dambier · September 2, 2005, 5:02pm

Anybody else who noticed?

A.ROOT-SERVERS.NET has serial number 2005090101
D.ROOT-SERVERS.NET has serial number 2005090101
E.ROOT-SERVERS.NET has serial number 2005090101
I.ROOT-SERVERS.NET has serial number 2005090101
M.ROOT-SERVERS.NET has serial number 2005090101
L.ROOT-SERVERS.NET has serial number 2005090101
K.ROOT-SERVERS.NET has serial number 2005090101
J.ROOT-SERVERS.NET has serial number 2005090101
B.ROOT-SERVERS.NET has serial number 2005090101
F.ROOT-SERVERS.NET has serial number 2005090101
G.ROOT-SERVERS.NET has serial number 2005090101
C.ROOT-SERVERS.NET has serial number 2005090101
There was no response from H.ROOT-SERVERS.NET

it is now

2005-09-02 (245) 18:57:42 Paris
2005-09-02 (245) 16:57:42 UTC

En detail:

; <<>> DiG 9.1.3 <<>> -t any @A.ROOT-SERVERS.NET .
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22682
;; flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 13, ADDITIONAL: 3

;; QUESTION SECTION:
;. IN ANY

;; ANSWER SECTION:
. 518400 IN NS A.ROOT-SERVERS.NET.
. 86400 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. \
2005090101 1800 900 604800 86400

Kind regards,
Peter and Karin Dambier

bill3 · September 2, 2005, 5:08pm

why do you care?

--bill

Bruce_Campbell · September 2, 2005, 5:15pm

You mean, we can't use the root zone serial number for NTP purposes? I'm disappointed

bill3 · September 2, 2005, 5:27pm

we -can- but why?

--bill

Bandy_Rush1 · September 2, 2005, 6:07pm

why do you care?

because root server status is one measure of internet
infrastructure status and stability.

why do you want to imply that caring that a root
server does not respond is inappropriate?

randy

bill3 · September 2, 2005, 6:35pm

> why do you care?

because root server status is one measure of internet
infrastructure status and stability.

  yes it is... and having hundreds/thousands of
  folks checking has its own set of issues.
  I note that Peter was kind enough to show that
  all the root servers he was able to reach - AGREED -
  on the serial number they were using.

why do you want to imply that caring that a root
server does not respond is inappropriate?

  does not respond from where? after all,
  one does not have to reach -all- the root servers.
  Getting to one is sufficent.

  that said, Peter has his own "root-servers" and so
  my question to him was why he should care about other
  folks root servers.

Peter_Karin_Dambier · September 2, 2005, 7:11pm

Thankyou for asking.

I do care for the health of the root-servers.

Many say there is only one root but they forget to mention which one.

All root-servers try to keep in sync somehow.
Right now root-servers.net is not in sync with its zone file.

If the reason should be a natural desaster of any kind then
Public-Root would be obliged to offer publishing the zone file,
without asking any undue questions and without making any undue
statements.

Everything my be discussed on a private channel.

I also noticed there is a major difference between the old and
the new zone file. Could this be the reason why there was no
update on the servers?

I tried to load the root-zone file on my personal root-server and
did not live through any problems but right now my server is IPv4
only.

To spare search and debug, here is the diff:
(please forgive the long list)

# SOA(".","2005090200","A.ROOT-SERVERS.NET.","NSTLD.VERISIGN-GRS.COM.","1800","900","604800","86400").

ADD: A.DNS.BR ADD: E.DNS.JP ADD: C.DNS.TW ADD: D.DNS.JP ADD: F.DNS.JP ADD: DNS1.THNIC.CO.TH ADD: NS.AMNIC.NET ADD: NS-EXT.ISC.ORG ADD: D.EXT.NIC.FR ADD: NS-US1.NIC.AT ADD: NS4.NIC.COOP ADD: D.DNS.LU ADD: NSD.NIC.UK ADD: NS1.NIC.COOP ADD: A.DNS.LU ADD: NSA.NIC.UK ADD: B.GTLD-SERVERS.NET ADD: A.GTLD-SERVERS.NET ADD: F.NIC.DE ADD: NS-ZA.RIPE.NET ADD: NS-SEC.RIPE.NET ADD: DOMREG.NIC.CH ADD: MERAPI.SWITCH.CH ADD: NS2.UNIVIE.AC.AT ADD: Z.NIC.DE ADD: NS0.JA.NET ADD: NS0.JA.NET ADD: NS4.NIC.UK ADD: B.HOSTING.NIC.FR ADD: B.NIC.FR ADD: C.NIC.FR ADD: NS2.DNS.PT ADD: A.NS.SE ADD: BRUSSELS.NS.DNS.BE ADD: F.NS.SE ADD: G.NS.SE ADD: DNS.NIC.IT ADD: NSIT.GARR.NET ADD: NS3.NS.ESAT.NET ADD: NS.ATI.TN ADD: A.NASK.PL ADD: NS6.IEDR.IE ADD: D.DNS.TW ADD: A.DNS.TW ADD: SEC3.APNIC.NET ADD: A.DNS.JP ADD: G.DNS.KR ADD: NS.CNC.AC.CN ADD: DNS2.CNNIC.NET.CN ADD: E.DNS.KR AAAA 2001:12FF:0:0:0:0:0:10
AAAA 2001:200:0:1:0:0:0:4
AAAA 2001:238:800:1:0:0:0:1
AAAA 2001:240:0:0:0:0:0:53
AAAA 2001:2F8:0:100:0:0:0:153
AAAA 2001:3C8:1209:1:0:0:0:22
AAAA 2001:4D00:0:0:0:0:0:90
AAAA 2001:4F8:0:2:0:0:0:13
AAAA 2001:4F8:0:2:0:0:0:8
AAAA 2001:4F8:4:B:0:0:0:202
AAAA 2001:502:100E:0:0:0:0:106
AAAA 2001:502:100E:0:0:0:0:251
AAAA 2001:502:100E:0:0:0:0:44
AAAA 2001:502:D399:0:0:0:0:106
AAAA 2001:502:D399:0:0:0:0:251
AAAA 2001:502:D399:0:0:0:0:44
AAAA 2001:503:231D:0:0:0:2:30
AAAA 2001:503:A83E:0:0:0:2:30
AAAA 2001:608:6:0:0:0:0:5
AAAA 2001:610:240:0:53:0:0:193
AAAA 2001:610:240:0:53:0:0:4
AAAA 2001:620:0:0:0:0:0:4
AAAA 2001:620:0:0:0:0:0:5
AAAA 2001:628:453:4302:0:0:0:53
AAAA 2001:628:453:4905:0:0:0:53
AAAA 2001:630:0:8:0:0:0:14
AAAA 2001:630:0:9:0:0:0:14
AAAA 2001:630:181:35:0:0:0:83
AAAA 2001:660:3005:1:0:0:1:2
AAAA 2001:660:3005:1:0:0:1:2
AAAA 2001:660:3006:1:0:0:1:1
AAAA 2001:690:A80:4001:0:0:0:100
AAAA 2001:698:9:301:0:0:0:53
AAAA 2001:6A8:3C60:0:0:0:0:BE
AAAA 2001:6B0:7:0:0:0:0:53
AAAA 2001:6B0:8:1:0:0:0:53
AAAA 2001:760:4000:1F5:0:0:0:5
AAAA 2001:760:FFFF:FFFF:0:0:0:CA
AAAA 2001:7C8:2:A:0:0:0:64
AAAA 2001:970:1:1:0:0:0:10
AAAA 2001:A10:1:1:0:0:0:44
AAAA 2001:BB0:CCC3:0:0:0:0:2
AAAA 2001:C50:FFFF:1:0:0:0:230
AAAA 2001:CD8:800:0:0:0:0:8
AAAA 2001:DC0:1:0:4777:0:0:140
AAAA 2001:DC4:0:0:0:0:0:1
AAAA 2001:DC5:A:0:0:0:0:1
AAAA 2001:DC7:0:0:0:0:0:1
AAAA 2001:DC7:1000:0:0:0:0:1
AAAA 2001:DCC:5:0:0:0:0:100

Kind regards,
Peter and Karin Dambier

bmanning@vacation.karoshi.com wrote:

william_at_elan.net · September 2, 2005, 7:16pm

So are you're saying IPv6 glue records for various nameservers have been added to the root or that they have removed from there?

Peter_Karin_Dambier · September 2, 2005, 7:42pm

william(at)elan.net wrote:

To spare search and debug, here is the diff:
(please forgive the long list)

# SOA(".","2005090200","A.ROOT-SERVERS.NET.","NSTLD.VERISIGN-GRS.COM.","1800","900","604800","86400").

ADD: A.DNS.BR AAAA 2001:12FF:0:0:0:0:0:10

So are you're saying IPv6 glue records for various nameservers have been added to the root or that they have removed from there?

On my diff I see only the many AAAA records added.

I dont think there were many deletes I did not yet count them. I dont do
it automatically.

I have noticed with some versions of bind can raise issues with with
loss of IPv6 connectivity.

That issue could be wellknown routers with temporaryly disabled IPv6
stack, for security reasons.

That issue could as well be a natural desaster.

Maybe there is another issue with bind?

I am using the new root.zone file on BIND 9.2.3
That machine has Linux 2.2.19 without IPv6 stack.

I did not encounter any problems yet.

Kind regards,
Peter and Karin

Joe_Abley3 · September 2, 2005, 7:46pm

I don't speak for any other nameserver on this list (and I don't especially speak for this one, since I'm not part of the team at ISC that runs it).

However, I'm pretty sure there has been AAAA glue for ns-ext.isc.org in the root zone for quite some time (e.g. months, if not longer).

Joe

Peter_Karin_Dambier · September 2, 2005, 8:17pm

Joe Abley wrote:

ADD: NS-EXT.ISC.ORG AAAA 2001:4F8:0:2:0:0:0:13

I don't speak for any other nameserver on this list (and I don't especially speak for this one, since I'm not part of the team at ISC that runs it).

However, I'm pretty sure there has been AAAA glue for ns-ext.isc.org in the root zone for quite some time (e.g. months, if not longer).

Joe

# SOA(".","2005090200","A.ROOT-SERVERS.NET.","NSTLD.VERISIGN-GRS.COM","1800","900","604800","86400").

2001:4F8:0:2:0:0:0:13 NS-EXT.ISC.ORG
2001:4F8:0:2:0:0:0:8 D.EXT.NIC.FR
2001:4F8:4:B:0:0:0:202 NS-US1.NIC.AT

# SOA(".","2005090100","A.ROOT-SERVERS.NET","NSTLD.VERISIGN-GRS.COM","30M","15M","1W","1D").

2001:4F8:0:2::13 NS-EXT.ISC.ORG
2001:4F8:0:2::8 D.EXT.NIC.FR
2001:4F8:4:B::202 NS-US1.NIC.AT

Thankyou Joe,

You have put my nose on it. They changed the format.

Kind regards,
Peter and Karin

Michael_Greb1 · September 2, 2005, 11:16pm

> -----snip-----
> Fox News is reporting that there is an operation underway to refill
> chillers at the Bell South building down the street to keep phone service
> available to much of the southeast United States. That is apparently where
> all the firetrucks are going to in the area, in case you were wondering.
> -----snip-----
>
> It is interesting to note that it is possible to bring in diesel and water
> to resupply BellSouth yet it is impossible to bring in water and food for
> the residents, not to mention a fleet of small boats that could have
> prevented thousands from dying trapped inside their attics.

1) potable water is probably somewhat different from the water used in
chillers or fire trucks

2) phone service is, IMHO, one helpful pre-requisite to providing
emergency care and disaster relief

Last year after Ivan phone service played no roll in emergency care or
disaster relief. Ham Radio operators, myself included, were stationed
at each shelter, the Red Cross and Salvation Army command centers, the
county EOC, hospitals, and some assigned to shadow important people such
as the mayor whereever they went. Every agency participating had a
presence at the county EOC. When an ambulance was needed at a shelter,
it was called for via ham radio, an operator at the EOC passed the message
to the ambulance dispatcher in the same room, they called the ambulance
out.

Those in their home and not in a shelter had no way to call for help but
the city and county themselves did not rely on phone service for
anything. This is why the federal government gives so much valuable
radio spectrum to Ham Radio, more then any other service, the principal
purpose of Ham Radio is to provide emergency communications in times of
need.

3) the pictures I've been seeing have been full of boats, many of them
thrown up on land a few hundred feet from their berths

Not saying that the utter failure of DHS as an organization isn't on
evidence here. Just saying that it's one thing to feed and water a plant
and quite another to feed and water a human being, let alone tens of
thousands of them.

Michael Greb

Roy_Badami · September 3, 2005, 12:27am

Is the named.root file on ftp.internic.net defunct now then? Because
it is dated 2004 and contains no AAAA records...

-roy

Roy_Badami · September 3, 2005, 12:31am

Is the named.root file on ftp.internic.net defunct now then?

> Because it is dated 2004 and contains no AAAA records...

Though I don't see any AAAA records from any of the root servers...

David_A_Ulevitch · September 3, 2005, 12:32am

Is the named.root file on ftp.internic.net defunct now then? Because
it is dated 2004 and contains no AAAA records...

Nope. Not defunct.

Apples: http://www.internic.net/zones/named.root
and
Oranges: http://www.internic.net/zones/root.zone

-david

Roy_Badami · September 3, 2005, 12:33am

Though I don't see any AAAA records from any of the root

> servers...

Sorry, I was mistaken, ignore that comment...

-roy

Roy_Badami · September 3, 2005, 12:39am

Nope. Not defunct.

> Apples: http://www.internic.net/zones/named.root and
> Oranges: http://www.internic.net/zones/root.zone

Yeah, sorry, I'm being dumb. I'll go back to lurking now...

-roy