North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Repotting report

  • From: Mark Andrews
  • Date: Mon Feb 04 20:53:13 2008

In article <[email protected]> you write:
>
>
>On 4-Feb-2008, at 16:05, Iljitsch van Beijnum wrote:
>
>> And the new named.root has arrived:
>>
>> ftp://rs.internic.net/domain/named.root
>
>I seem to think it has become fairly widespread practice for people to  
>refresh their named.root files (or whatever they decide to call it)  
>using something like this:
>
>$ dig . NS >named.root
>
>This worked before today. From today, it still works (in the sense  
>that it will still result in a named.root file which is sufficiently  
>complete in most situations for a nameserver to be able to send a  
>priming query) but it won't contain a complete set of glue.
>
>So, if you're in the habit of doing
>
>   dig . NS >named.root
>
>you would ideally change that habit to something like
>
>   curl -O ftp://rs.internic.net/domain/named.root

	Why?  dig is quite capable of coping.

	Depending apon dig's age and firewall configuration one or
	more of these will work.

	dig +edns=0 . NS @a.root-servers.net > named.root
	dig +bufsize=1200 . NS @a.root-servers.net > named.root
	dig +vc . NS @a.root-servers.net > named.root

	As none of these sets DO, they should suffice for the
	foreseeable future.

	When DNSSEC is deployed for the root and root-servers.net
	you will want to do crypto checks.  Even then the above
	queries won't break.

	Mark

>instead. (Incidentally, for me, rs.internic.net is giving "530 Login  
>incorrect" after PASS when logging in using "ftp" 
>
>
>Joe