From mnorris at dalkey.hea.ie Fri Sep 15 10:40:31 1995 From: mnorris at dalkey.hea.ie (Mike Norris) Date: Fri, 15 Sep 95 09:40:31 +0100 Subject: DNS Problem Message-ID: <9509150840.AA27654@dalkey.hea.ie> On Mon, 11 Sep 1995 11:39:26 +0200 Willi Huber said: >Dear all, > >there seems to be a DNS problem regarding the root name servers. We >(that means the ch top-level DNS server) has picked up several times >now a false A record for E.ROOT-SERVERS.NET. The address picked up is binary >zero. A restart only helps for a short time. Other top-level DNS servers >contain the false entry as well. Are there any recommendations for hostmasters of (1) top-level domains and (2) subsidiary domains? Should all be using the new A, B, C etc list of root-level servers? Many thanks. Mike Norris From Piet.Beertema at cwi.nl Fri Sep 15 10:53:23 1995 From: Piet.Beertema at cwi.nl (Piet Beertema) Date: Fri, 15 Sep 1995 10:53:23 +0200 Subject: DNS Problem In-Reply-To: "Your message of Fri, 15 Sep 95 09:40:31 +0100 " <9509150840.AA27654@dalkey.hea.ie> Message-ID: <9509150853.AA09160=piet@kraai.cwi.nl> Are there any recommendations for hostmasters of (1) top-level domains and (2) subsidiary domains? No. Should all be using the new A, B, C etc list of root-level servers? Yes. BTW, personally I don't like the ABC list system: in the old situation one could see at first glance where a root server is located. With the ABC list system that's no longer possible. Piet From mnorris at dalkey.hea.ie Fri Sep 15 10:59:46 1995 From: mnorris at dalkey.hea.ie (Mike Norris) Date: Fri, 15 Sep 95 09:59:46 +0100 Subject: DNS Problem In-Reply-To: Your message of "Fri, 15 Sep 95 10:53:23 +0200." <9509150853.AA09160=piet@kraai.cwi.nl> Message-ID: <9509150859.AA27698@dalkey.hea.ie> Many thanks, Piet. I've heard a few people sharing your dislike of the new ABC system. For the sake of alphabetical order it sacrifices useful positional information. Mike Norris From robert at dknet.dk Fri Sep 15 11:11:59 1995 From: robert at dknet.dk (Robert Martin-Legene) Date: Fri, 15 Sep 1995 11:11:59 +0200 (MET DST) Subject: DNS Problem In-Reply-To: <9509150853.AA09160=piet@kraai.cwi.nl> Message-ID: On Fri, 15 Sep 1995, Piet Beertema wrote: > BTW, personally I don't like the ABC list system: > in the old situation one could see at first glance > where a root server is located. With the ABC list > system that's no longer possible. I agree on that, except that it's much easier to spot fake root NS' (I guess that's one of the reasons it was made too) -- Robert Martin-Leg?ne, = EUnet Denmark = DKnet, Fruebjergvej 3, DK-2100 Kobenhavn O, +45 39 17 99 00 From Piet.Beertema at cwi.nl Fri Sep 15 11:50:16 1995 From: Piet.Beertema at cwi.nl (Piet Beertema) Date: Fri, 15 Sep 1995 11:50:16 +0200 Subject: DNS Problem In-Reply-To: "Your message of Fri, 15 Sep 1995 11:11:59 +0200 (MET DST) " Message-ID: <9509150950.AA09488=piet@kraai.cwi.nl> BTW, personally I don't like the ABC list system: in the old situation one could see at first glance where a root server is located. With the ABC list system that's no longer possible. I agree on that, except that it's much easier to spot fake root NS' (I guess that's one of the reasons it was made too) That's indeed a good argument. But in that case there would be no need to distribute root cache init files that contain the ABC list, but files that contain the real hostnames. That would buy you the best of 2 worlds: - The real root server information will flow in anyway and override whatever is in the init file. Thus fake root servers would still be spotted immediately. - In the init file one could still see where a given root server is located, by comparing the A record with the A records of the root servers. Piet From robert at dknet.dk Fri Sep 15 12:10:30 1995 From: robert at dknet.dk (Robert Martin-Legene) Date: Fri, 15 Sep 1995 12:10:30 +0200 (MET DST) Subject: DNS Problem In-Reply-To: <9509150950.AA09488=piet@kraai.cwi.nl> Message-ID: On Fri, 15 Sep 1995, Piet Beertema wrote: > - In the init file one could still see where a given > root server is located, by comparing the A record > with the A records of the root servers. A bit complicated.. If the in-addr.arpa didn't map to the root-servers.net zone, but to the old name you could easily use host -A e.root-servers.net and find the old "location". Why they didn't do that I'm not really sure. -- Robert Martin-Leg?ne, = EUnet Denmark = DKnet, Fruebjergvej 3, DK-2100 Kobenhavn O, +45 39 17 99 00 From Piet.Beertema at cwi.nl Fri Sep 15 12:14:09 1995 From: Piet.Beertema at cwi.nl (Piet Beertema) Date: Fri, 15 Sep 1995 12:14:09 +0200 Subject: DNS Problem In-Reply-To: "Your message of Fri, 15 Sep 1995 12:10:30 +0200 (MET DST) " Message-ID: <9509151014.AA09589=piet@kraai.cwi.nl> - In the init file one could still see where a given root server is located, by comparing the A record with the A records of the root servers. A bit complicated.. Not really: If the in-addr.arpa didn't map to the root-servers.net zone, but to the old name Note that I didn't ask for the reverse mapping to resolve to the old names. I only suggested to put the real hostnames in the init file. Then the only "complication" is that you have to compare A records by hand to match a root server name with its real hostname. Which is not a big deal... Piet From e07 at nikhef.nl Fri Sep 15 12:54:17 1995 From: e07 at nikhef.nl (Eric Wassenaar) Date: Fri, 15 Sep 1995 12:54:17 +0200 Subject: DNS Problem In-Reply-To: Your message of "Fri, 15 Sep 1995 10:53:23 +0200" Message-ID: <9509151054.MA11484@nikhefh.nikhef.nl> > in the old situation one could see at first glance > where a root server is located. With the ABC list > system that's no longer possible. It is at second glance. -- Eric [] for SERVER in A B C D E F G H I [] do [] host -t txt ${SERVER}.root-servers.net [] done A.root-servers.net TXT "formerly ns.internic.net" B.root-servers.net TXT "formerly ns1.isi.edu" C.root-servers.net TXT "formerly c.psi.net" D.root-servers.net TXT "formerly terp.umd.edu" E.root-servers.net TXT "formerly ns.nasa.gov" F.root-servers.net TXT "formerly ns.isc.org" G.root-servers.net TXT "formerly ns.nic.ddn.mil" H.root-servers.net TXT "formerly aos.arl.army.mil" I.root-servers.net TXT "formerly nic.nordu.net" From e07 at nikhef.nl Fri Sep 15 13:02:29 1995 From: e07 at nikhef.nl (Eric Wassenaar) Date: Fri, 15 Sep 1995 13:02:29 +0200 Subject: DNS Problem In-Reply-To: Your message of "Fri, 15 Sep 95 09:59:46 +0100" Message-ID: <9509151102.NA11766@nikhefh.nikhef.nl> > your dislike of the new ABC system. For the sake of > alphabetical order it sacrifices useful positional > information. No, the only reason for the change was to be able to use much better name compression to prevent udp packet overflow for those replies that need the list of all root servers and their addresses. -- Eric From zsako at banknet.net Fri Sep 15 12:55:12 1995 From: zsako at banknet.net (Janos Zsako) Date: Fri, 15 Sep 95 12:55:12 +0200 Subject: DNS Problem Message-ID: <9509151055.AA11598@banknet.banknet.net> > From: Robert Martin-Legene > To: Piet Beertema > Cc: dns-wg at ripe.net > On Fri, 15 Sep 1995, Piet Beertema wrote: > > > - In the init file one could still see where a given > > root server is located, by comparing the A record > > with the A records of the root servers. > > A bit complicated.. If the in-addr.arpa didn't map to the root-servers.net > zone, but to the old name you could easily use host -A e.root-servers.net > and find the old "location". Why they didn't do that I'm not really sure.= I suppose it is mainly because the "old location" can have several IP addresses only one of which is defined in the root-servers.net domain (ns.nasa.gov is such an example). This can probably allow for security features such as packet filtering on destination address. By the way, PSI.NET has solved the problem in a similar manner to what you suggest, but the other way round: c.psi.net CNAME c.root-servers.net c.root-servers.net A 192.33.4.12 Janos Zsako From egoshin at ihep.su Fri Sep 15 14:01:24 1995 From: egoshin at ihep.su (Leonid A.Yegoshin) Date: Fri, 15 Sep 95 15:01:24 +0300 (GMT+3:00) Subject: DNS Problem References: <9509150950.AA09488=piet@kraai.cwi.nl> Message-ID: The list of root servers like [A-...].ROOT-SERVERS.NET has the large advance - due to DNS name packing in DNS replies this packet is smaller than old, and it possible to increase the root server list. Just with current DNS packet limit = 512 bytes. - Leonid Yegoshin, LY22 From egoshin at ihep.su Fri Sep 15 14:18:55 1995 From: egoshin at ihep.su (Leonid A.Yegoshin) Date: Fri, 15 Sep 95 15:18:55 +0300 (GMT+3:00) Subject: DNS Problem References: <9509151014.AA09589=piet@kraai.cwi.nl> Message-ID: >From: Piet Beertema > >Note that I didn't ask for the reverse mapping >to resolve to the old names. I only suggested >to put the real hostnames in the init file. Hm-m, contestable suggestion - RU-BIND for example will don't work in this case - it will reject any packets received from [A-...].ROOT-SERVERS.NET about root servers itself. (Due to security reason - don't permit to change root servers for anybody !) - Leonid Yegoshin, LY22 From Piet.Beertema at cwi.nl Fri Sep 15 13:34:32 1995 From: Piet.Beertema at cwi.nl (Piet Beertema) Date: Fri, 15 Sep 1995 13:34:32 +0200 Subject: DNS Problem In-Reply-To: "Your message of Fri, 15 Sep 1995 12:54:17 +0200 " <9509151054.MA11484@nikhefh.nikhef.nl> Message-ID: <9509151134.AA09791=piet@kraai.cwi.nl> in the old situation one could see at first glance where a root server is located. With the ABC list system that's no longer possible. It is at second glance. A.root-servers.net TXT "formerly ns.internic.net" B.root-servers.net TXT "formerly ns1.isi.edu" ... Eric, you're fabulous! ;-) Now let's hope those TXT records are kept up to date and indeed reflect the names of the hosts on which each corresponding "ABC rootserver" runs. BTW, 'dig . txt' gives an empty response. Don't know what to think of that... :-) Piet From e07 at nikhef.nl Fri Sep 15 13:51:36 1995 From: e07 at nikhef.nl (Eric Wassenaar) Date: Fri, 15 Sep 1995 13:51:36 +0200 Subject: DNS Problem In-Reply-To: Your message of "Fri, 15 Sep 1995 13:34:32 +0200" Message-ID: <9509151151.NA14233@nikhefh.nikhef.nl> > BTW, 'dig . txt' gives an empty response. Don't know > what to think of that... :-) I know what to think of that. See my message of yesterday on the ripe-list. (Sorry, couldn't resist :-) -- Eric From egoshin at ihep.su Wed Sep 27 11:46:15 1995 From: egoshin at ihep.su (egoshin at ihep.su) Date: Wed, 27 Sep 95 13:46:15 +0300 (MSD) Subject: RIPE 22 agenda proposal Message-ID: Hello All, I can suggest the following questions for discussion in nearest RIPE 22 on DNS WG. It is only my opinion, and any comments, proposal and objections are approved. 1. DNS failures. Report about some results of problem investigation. - I can do some short report. - Also it would be beautifull if somebody (from CH?) can comment the last situation about invalid A RR of one root server, I don't have detail information yet. 2. Directions of DNS development. During last IETF I met with Paul Vixie and we have some talk about possible directions of DNS development. I can report about this (DNS v2 ?). 3. Domain name payment. Consequences and problems for cooperation and DNS. It is about last decision of .XXX domain payment. Regards, - Leonid Yegoshin, LY22