IETF Logo Mail Archive

Re: eating our own dogfood...Re: IPv4 Outage

Mark Andrews <Mark_Andrews@isc.org> Wed, 19 December 2007 03:20 UTC

Return-path: <ietf-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4pUD-0000aL-CR; Tue, 18 Dec 2007 22:20:45 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4pUC-0000Wi-IN for ietf@ietf.org; Tue, 18 Dec 2007 22:20:44 -0500
Received: from mx.isc.org ([2001:4f8:0:2::1c]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J4pUA-0006gX-95 for ietf@ietf.org; Tue, 18 Dec 2007 22:20:44 -0500
Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTP id 681F8114027 for <ietf@ietf.org>; Wed, 19 Dec 2007 03:20:40 +0000 (UTC) (envelope-from Mark_Andrews@isc.org)
Received: from drugs.dv.isc.org (localhost.isc.org [IPv6:::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (verified OK)) by farside.isc.org (Postfix) with ESMTP id A1018E6075 for <ietf@ietf.org>; Wed, 19 Dec 2007 03:20:40 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.2/8.14.1) with ESMTP id lBJ3KWT4099846; Wed, 19 Dec 2007 14:20:33 +1100 (EST) (envelope-from marka@drugs.dv.isc.org)
Message-Id: <200712190320.lBJ3KWT4099846@drugs.dv.isc.org>
To: Theodore Tso <tytso@mit.edu>
From: Mark Andrews <Mark_Andrews@isc.org>
In-reply-to: Your message of "Tue, 18 Dec 2007 21:06:00 CDT." <20071219020600.GF7070@thunk.org>
Date: Wed, 19 Dec 2007 14:20:32 +1100
X-Spam-Score: -1.1 (-)
X-Scan-Signature: 5d7a7e767f20255fce80fa0b77fb2433
Cc: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>, ietf@ietf.org, Bill Manning <bmanning@ISI.EDU>
Subject: Re: eating our own dogfood...Re: IPv4 Outage
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org

> On Wed, Dec 19, 2007 at 11:36:34AM +1100, Mark Andrews wrote:
> > 	The problem is getting the AAAA records for them published.
> > 	A local copy of "root-servers.net" with the AAAA records
> > 	added will suffice.  "www.root-servers.org" will supply
> > 	you with the necessary information to construct such a
> > 	zone.
> 
> Ok, so I'm sure this is a REALLY dumb question, but what has prevented
> anyone from taking the informatoin from www.root-servers.org and
> creating a named.boot file with both the A and AAAA records for the
> root nameservers, and started telling people to install it?

	named.boot is not used after the priming succeeds.

	I override the data using zones.

        zone "b.root-servers.net" {
                type master;
                file "master/b.root-servers.net";
                notify no;
                allow-query { localhost; };
        };

        zone "f.root-servers.net" {
                type master;
                file "master/f.root-servers.net";
                notify no;
                allow-query { localhost; };
        };

        zone "h.root-servers.net" {
                type master;
                file "master/h.root-servers.net";
                notify no;
                allow-query { localhost; };
        };

        zone "k.root-servers.net" {
                type master;
                file "master/k.root-servers.net";
                notify no;
                allow-query { localhost; };
        };

        zone "m.root-servers.net" {
                type master;
                file "master/m.root-servers.net";
                notify no;
                allow-query { localhost; };
        };

	Which results in output like this.

; <<>> DiG 9.3.4-P1 <<>> ns .
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5807
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 10

;; QUESTION SECTION:
;.				IN	NS

;; ANSWER SECTION:
.			431596	IN	NS	D.ROOT-SERVERS.NET.
.			431596	IN	NS	A.ROOT-SERVERS.NET.
.			431596	IN	NS	J.ROOT-SERVERS.NET.
.			431596	IN	NS	G.ROOT-SERVERS.NET.
.			431596	IN	NS	H.ROOT-SERVERS.NET.
.			431596	IN	NS	C.ROOT-SERVERS.NET.
.			431596	IN	NS	K.ROOT-SERVERS.NET.
.			431596	IN	NS	E.ROOT-SERVERS.NET.
.			431596	IN	NS	I.ROOT-SERVERS.NET.
.			431596	IN	NS	B.ROOT-SERVERS.NET.
.			431596	IN	NS	L.ROOT-SERVERS.NET.
.			431596	IN	NS	F.ROOT-SERVERS.NET.
.			431596	IN	NS	M.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
B.ROOT-SERVERS.NET.	3600	IN	A	192.228.79.201
K.ROOT-SERVERS.NET.	3600	IN	A	193.0.14.129
F.ROOT-SERVERS.NET.	3600	IN	A	192.5.5.241
H.ROOT-SERVERS.NET.	3600	IN	A	128.63.2.53
M.ROOT-SERVERS.NET.	3600	IN	A	202.12.27.33
B.ROOT-SERVERS.NET.	3600	IN	AAAA	2001:478:65::53
K.ROOT-SERVERS.NET.	3600	IN	AAAA	2001:7fd::1
F.ROOT-SERVERS.NET.	3600	IN	AAAA	2001:500::1035
H.ROOT-SERVERS.NET.	3600	IN	AAAA	2001:500:1::803f:235
M.ROOT-SERVERS.NET.	3600	IN	AAAA	2001:dc3::35

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 19 14:18:40 2007
;; MSG SIZE  rcvd: 448

> Would there be a downside if, say, the Ubuntu and Fedora Linux
> distributions started shipping a /etc/bind/db.root file that included
> the AAAA records for the root name servers?  Are the IPv6 addresses
> stable enough they it would be a good thing to get them widely
> installed in thousands if not millions of machines all over the
> Internet?  Because if they are suitably stable, it wouldn't be that
> hard to arrange....

	I would *not* recommend distributions doing this.

	This is a "do this if you know what you are doing" activity
	and you accept the risks. 

	e.g. you need to actually track address changes etc.

	Mark

> 						- Ted
> 
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www1.ietf.org/mailman/listinfo/ietf
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@isc.org

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email