IETF Logo Mail Archive

Re: L-Root address change [Re: [DNSOP] AS112 for TLDs]

John Crain <john.crain@icann.org> Wed, 28 November 2007 19:44 UTC

Return-path: <dnsop-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IxSqA-00064I-Mq; Wed, 28 Nov 2007 14:44:58 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IxSq9-000645-Hk for dnsop@ietf.org; Wed, 28 Nov 2007 14:44:57 -0500
Received: from smtp2.lax.icann.org ([208.77.188.15] helo=smtp01.icann.org) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IxSq8-000582-T3 for dnsop@ietf.org; Wed, 28 Nov 2007 14:44:57 -0500
Received: from mobile105.mdr.icann.org (mobile105.mdr.icann.org [192.0.39.105] (may be forged)) (authenticated bits=0) by smtp01.icann.org (8.13.8/8.12.11) with ESMTP id lASJitIW008523 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <dnsop@ietf.org>; Wed, 28 Nov 2007 11:44:55 -0800
Message-Id: <F4B4CAFA-C7FE-4803-A51E-625542FD1070@icann.org>
From: John Crain <john.crain@icann.org>
To: IETF DNSOP WG <dnsop@ietf.org>
In-Reply-To: <474DBB41.5080402@publicroot.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Apple Message framework v915)
Subject: Re: L-Root address change [Re: [DNSOP] AS112 for TLDs]
Date: Wed, 28 Nov 2007 11:44:55 -0800
References: <20071127141848.GA16571@nic.fr> <20071127150813.GD33734@moof.catpipe.net> <474C40DF.8080100@publicroot.org> <9B9F9C57-5000-4A63-99CA-89EEB8014205@icann.org> <474C9497.7020308@publicroot.org> <CDFBEFF8-B4BD-4D2B-8E86-6919B62DBA14@icann.org> <474C9A04.1090405@publicroot.org> <77E55800-E184-4225-91C5-59DA85D3E156@icann.org> <20071128095544.GB19314@unknown.office.denic.de> <m2r6iaxkz7.wl%jinmei@isl.rdc.toshiba.co.jp> <474DBB41.5080402@publicroot.org>
X-Mailer: Apple Mail (2.915)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ff03b0075c3fc728d7d60a15b4ee1ad2
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Errors-To: dnsop-bounces@ietf.org

Speculation is all it is and I probably have no better ideas than many  
folks here. Be better to try and figure out what is really happening...

I think this is just a knock on effect from the fact that many folks  
don't keep their systems up to date, especially smaller networks.
Typically they turn something on and just leave it until it stops  
working. Just like they don't update any other software if it isn't  
done for them automatically.

That shouldn't come as a surprise to anyone.

It's nice to think that resolvers will automatically fix themselves  
when priming but I think the stats show this not to be solving the  
issue.

It's too early from the L-root perspective to really see what is  
happening. Less than a month since renumbering, long term trends will  
be more interesting.
We'll start to analyze some of the big hitters on the old address.  
Once we have some long term data I will publish something.

Luckily the folks who gave us DSC made it easy for me to do just that.

Big thanks to Duane and co!!!


John L. Crain
Chief Technical Officer
I.C.A.N.N.



On 28 Nov 2007, at 11:02, Joe Baptista wrote:

> Yes - many questions and few answer and very little data available  
> for the community to figure out those answers. John Crain should  
> publish stats more often. Why indeed does root behave so strangely.  
> That little 40 percentage thingy indeed does raise alotof questions.  
> John can you speculate for us? Whats going on.
>
> Another very interesting thing is the incredible power behind one IP  
> number when it has experienced root activity. It only takes one  
> rogue root to highjack the entire root system. Its been done twice  
> now in internet history. How is that possible?
>
> regards
> joe baptista
>
> JINMEI Tatuya / 神明達哉 wrote:
>
>> At Wed, 28 Nov 2007 10:55:44 +0100,
>> Peter Koch <pk@DENIC.DE> wrote:
>>
>>
>>>> Currently about 60% New IP to 40% old IP... and rising slowly
>>>>
>>>> So clearly a lot of folks still need to up date their hints  
>>>> files :(
>>>>
>>> part of that traffic will be due to old hints files, but priming was
>>> actually supposed to accelerate the migration.  40% of total L  
>>> traffic
>>> seems a bit much for 1/13 of the priming traffic?
>>>
>>
>> BIND9 also uses the root hint when it finds necessary glue is
>> missing.  For example, consider the following delegation:
>>
>> child.foo.example.  NS 86400 ns.child.foo.example.
>> ns.child.foo.example. A 3600 192.0.2.1
>>
>> When the (recursive) resolver first visits the child.foo.example  
>> zone,
>> it caches both the NS and A records.  The glue (A) record will expire
>> in 1 hour.  When the resolver tries to visit the zone after that  
>> while
>> still keeping the NS record, it tries to fetch the missing glue from
>> the root using the hint file, regardless of whether it has the root  
>> NS
>> and the root server addresses in its cache.
>>
>> This would be another reason for the queries to the old L-root
>> address, though I don't think it makes the 40% of total traffic  
>> unless
>> the vast majority of hint files aren't updated.
>>
>> 					JINMEI, Tatuya
>> 					Communication Platform Lab.
>> 					Corporate R&D Center, Toshiba Corp.
>> 					jinmei@isl.rdc.toshiba.co.jp
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www1.ietf.org/mailman/listinfo/dnsop
>>
>>
>>
>
>
> -- 
> Joe Baptista                                www.publicroot.org
> PublicRoot Consortium
> ----------------------------------------------------------------
> The future of the Internet is Open, Transparent, Inclusive,
> Representative & Accountable to the Internet community @large.
> ----------------------------------------------------------------
> Office: +1 (202) 517-1593
>    Fax: +1 (509) 479-0084
>
> <baptista.vcf>_______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www1.ietf.org/mailman/listinfo/dnsop


_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email