Home page logo
/

nanog logo nanog mailing list archives

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.
From: Joe Abley <jabley () hopcount ca>
Date: Fri, 14 Dec 2012 12:13:49 -0500

Hi Michael,

On 2012-12-14, at 11:59, Michael Thomas <mike () mtcc com> wrote:

Matthew Newton wrote:
On Fri, Dec 14, 2012 at 04:42:46PM +0000, Nick Hilliard wrote:
On 13/12/2012 22:54, Jason Castonguay wrote:
Advisory — D-root is changing its IPv4 address on the 3rd of January.
You've just given 3 weeks notice for a component change in one of the few
critical part of the Internet's infrastructure, at a time when most
I think that /was/ the advance notification - you've got 6 months :)
"The old address will continue to work for at least six months
 after the transition, but will ultimately be retired from
 service."

So really stupid question, and hopefully it's just me, do I need to do something
on my servers?

When nameservers first boot, all they have is a hints file. This is either baked in to the software, or provided as a 
"hints file", or some combination. The hints file you have today will have the current/outgoing D-Root address.

The first thing a resolver does before it is ready for service, again, armed only with the hints file, is to send a 
priming query to a root server. This query is of the form ". IN NS?". Resolvers will try servers from the hints file 
until they get a response. Once the priming response is received, the data originally harvested from the hints file can 
be thrown away.

Once D-Root renumbers, a freshly booted resolver with an old hints file will either:

 - send a priming query to one of A, B, C, E, F, G, H, I, J, K, L, M, and obtain a response that contains the new 
D-Root address
 - send a priming query to the old D-Root v4 address, and also obtain a response that contains the new D-Root address

Once service is discontinued on the current/outgoing D-Root address, such a resolver might fail to obtain a response to 
its priming query if it happens to try the D/v4 address first. It will re-try with a different address until it 
succeeds. In principle, you only need one reachable address in the hints file to work to get up and running.

In summary, theory (and practice) tells us that:

1. You should update your hints file from time to time, and

2. If you don't, chances are overwhelmingly good that it will make no difference, and everything will work as normal.


Joe



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]