Root servers and transition

Sean Donelan SEAN at SDG.DRA.COM
Fri Mar 26 09:08:02 UTC 1999


jdfalk at cybernothing.ORG (J.D. Falk) writes:
>	Well, let's take the most extreme case, where NetSol suddenly
>	ceases performing the services of the InterNIC.  In such an
>	instance, we would hope that the root servers would continue
>	to function as they are, without any changes being made until
>	a new "A" server comes into being and is accepted by the root
>	server operators.

In general the failure modes are the same as a huge snow storm, power
failure, fiber cut, smurf attack or any of many other natural disasters
which could hit the Network Solutions severing their connectivity.

Speaking only of technical concerns, the root servers have
seven (7) days from the date of the last update before "something"
must be done.  That something could be simply extending the expiration
date of the zone files, and refreshing them; or changing their
configuration to be primary for the root zone.  Primary servers
never expire; but may require some external coordination between
the operators to assure consistency.  This has happened on a few
occasions in the past, and was generally a non-event to everyone
except for those few people who keep track of these things.

The zone files would be frozen at the last update until a new
zone generation process was implemented.  With NSI's latest
pronouncements, this gets into the political realm.  So I'll
just leave it at that.

GTLD servers operated directly by NSI, but housed in other locations
have some other interesting failure modes, namely network engineer
single point of failure.  No matter what some network engineers may
claim, I haven't found any system which could not be brought to
its knees by its own network engineers.  I don't believe any zones
are solely dependent on the GTLD servers operation.  The in-addr.arpa,
.mil, and .gov zones are sourced by others, nevertheless they have
some interesting historical propagation problems through the "A"
root server.

Ceasing to function is really the easy case.  The hard one is if
the data is corrupted or otherwise made unusable.  I don't know what
proceedures the root zone operators have in place to "roll-back"
zone files to an earlier version in case of corruption happening
at the same time Network Solutions becomes unavailable.
-- 
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
  Affiliation given for identification not representation




More information about the NANOG mailing list