Repotting report
Mark Andrews
Mark_Andrews at isc.org
Tue Feb 5 01:36:09 UTC 2008
In article <D2EFA74C-EE9C-4189-BF18-43E73B7C7892 at ca.afilias.info> you write:
>
>
>On 4-Feb-2008, at 16:05, Iljitsch van Beijnum wrote:
>
>> And the new named.root has arrived:
>>
>> ftp://rs.internic.net/domain/named.root
>
>I seem to think it has become fairly widespread practice for people to
>refresh their named.root files (or whatever they decide to call it)
>using something like this:
>
>$ dig . NS >named.root
>
>This worked before today. From today, it still works (in the sense
>that it will still result in a named.root file which is sufficiently
>complete in most situations for a nameserver to be able to send a
>priming query) but it won't contain a complete set of glue.
>
>So, if you're in the habit of doing
>
> dig . NS >named.root
>
>you would ideally change that habit to something like
>
> curl -O ftp://rs.internic.net/domain/named.root
Why? dig is quite capable of coping.
Depending apon dig's age and firewall configuration one or
more of these will work.
dig +edns=0 . NS @a.root-servers.net > named.root
dig +bufsize=1200 . NS @a.root-servers.net > named.root
dig +vc . NS @a.root-servers.net > named.root
As none of these sets DO, they should suffice for the
foreseeable future.
When DNSSEC is deployed for the root and root-servers.net
you will want to do crypto checks. Even then the above
queries won't break.
Mark
>instead. (Incidentally, for me, rs.internic.net is giving "530 Login
>incorrect" after PASS when logging in using "ftp"
>
>
>Joe
More information about the NANOG
mailing list