North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Repotting report

  • From: Mark Andrews
  • Date: Mon Feb 04 20:53:13 2008

In article <[email protected]> you write:
>On 4-Feb-2008, at 16:05, Iljitsch van Beijnum wrote:
>> And the new named.root has arrived:
>I seem to think it has become fairly widespread practice for people to  
>refresh their named.root files (or whatever they decide to call it)  
>using something like this:
>$ dig . NS >named.root
>This worked before today. From today, it still works (in the sense  
>that it will still result in a named.root file which is sufficiently  
>complete in most situations for a nameserver to be able to send a  
>priming query) but it won't contain a complete set of glue.
>So, if you're in the habit of doing
>   dig . NS >named.root
>you would ideally change that habit to something like
>   curl -O

	Why?  dig is quite capable of coping.

	Depending apon dig's age and firewall configuration one or
	more of these will work.

	dig +edns=0 . NS > named.root
	dig +bufsize=1200 . NS > named.root
	dig +vc . NS > named.root

	As none of these sets DO, they should suffice for the
	foreseeable future.

	When DNSSEC is deployed for the root and
	you will want to do crypto checks.  Even then the above
	queries won't break.


>instead. (Incidentally, for me, is giving "530 Login  
>incorrect" after PASS when logging in using "ftp"