Message-ID: <199609091442.KAA20704@franklin.nysernet.ORG>
Unfortunately, this doesn't work now. Our name servers get tens of thousands
of hits a day for a former root, c.nyser.net, a machine that hasn't existed for
quite some time.
There's absolutely nothing you can do about those, they're the
result of old software with old configurations. Changing at the
end nodes is the only thing that will ever fix that problem.
Certainly changing the root nameserver addresses isn't going to
make any difference (unless you can somehow guarantee that none
of the old root addresses has any kind of nameserver sutting at it,
that at least would motivate the old end sites a little).
Given that the end nodes have to be updated to make things better,
it seems that the best solution is to motivate them to upgrade
the software (it isn't exactly a difficult task) so that the
problem of changing root addresses (and lots of others) mostly
goes away.
Magic stable root addresses isn't likely to be much of a long term
help, regardless of how well they can be propogated, or what kind
of message it sends wrt address & routing table slot conservation.
If anything, taht is likely to just encourage people to keep using
nameserver code that should have been retired years ago.
kre
Given that the end nodes have to be updated to make things better,
it seems that the best solution is to motivate them to upgrade
the software (it isn't exactly a difficult task) so that the
problem of changing root addresses (and lots of others) mostly
goes away.
One thing I noticed about the beta versions of Netscape that
was quite annoying at first: they expired. However, they
succeeded in forcing me to upgrade my software.
Has anyone thrown around the idea of having freeware servers expire
(or at least give you lots of warnings/errors). I'm not talking
about every 3 months like Netscape, but every couple of years.
I know this sounds dangerous from a production standpoint, but
having unpatched versions of sendmail x, etc around is also
dangerous. Nowadays, compromised security on another system often
forces one to track down denial of service attacks from that system.
You can always bandaid the problem (except
possibly with mail or ntp'ed systems) by changing the date on the
systems. And you can always make available "grandfathered" versions
that run after the expire date for those people that absolutely
have to run the old version. (or let the people change their own
source code)
Better yet, make it a compile time flag and let the people that
want a nonexpiring version change it. Most people use the default
on everything anyways (and those are the people that will never upgrade
or patch their software).
allan
allan@bellsouth.net