North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Root Name Servers

  • From: Paul A Vixie
  • Date: Tue Feb 18 13:44:33 1997

Again, I have redirected followups to [email protected] since this is not a
NANOG issue.

> >Also, is it possible that the recent problems NANOG
> >people have been discussing regarding Root Name Servers
> >is really the result of these transitions to TRUE Root
> >Name Servers ?
> 
> If whatever you are doing, however you are implimenting it
> for whatever reasons, caused corrupted data in h.root-servers.net
> and the subsequent failures, then you are a menace to the network
> and should cease and desist activities.  You have clearly stated
> that your servers don't carry the .com domain directly; if you do
> something which crashes the servers that do carry .com you will
> likely find yourself sucking air over your ether pipes.
> 
> You could, of course, merely be confused about what happened a
> few days ago.  I would hope this is the case.

Older BIND servers do in fact become confused in the presence of multiple
(disparite) authority declarations for the same domain ("." for example).
Anyone who has a primary/secondary relationship (direct or indirect) with
a server who subscribes to private "." data is likely to become confused
in a way that only occasional nameserver restarts will repair.

BIND 8.1 is more immune to this than BIND 4.9.5 was, but in fact there is
no "final and complete" solution to this problem other than DNS Security.

I do not think the problems with H recently had to do with AlterNIC, though.
- - - - - - - - - - - - - - - - -