[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ga-full] Re: alternate roots and the dns that serves them
On Tue, 18 Apr 2000, Bob Garth wrote:
> Joe, thank you, that was great(!!!), and yes, it answers most of my
> questions, but one. At what version of bind/named needs to be used that
> supports .db (database files) other than the obvious, the most recent?
> Just wondering if it's nessacary for me to upgrade.
Oh - sorry - that just my nameing convention for the file - it's a
standard zone file. I gave you instructions for bind 8 plus versions. If
you have bind 4 plus version the proceedure is as follows for the ORSC -
just replace the IP number 199.166.24.1 with the IP number of the root
server you want to secondary the file from.
Add this line to your named.boot:
secondary . 199.166.24.1 sec/db.root
This will automatically keep you updated with the latest root zone. Now
add:
. IN NS example.com
example.com IN A 10.10.10.10
Note 1: Fill in your own domain name and IP address in the example
above, unless of course you really are the node example.com and you really
have an IP address of 10.10.10.10
If you run your own root file the proceedure is basically the same instead
of using
secondary . 199.166.24.1 sec/db.root
primary . sec/db.root
- I think that is the correct setup but make sure you reffer to your
manual to verify the primary setup line - i'm rusty on bind 4 versions.
> And a bit off topic, but is there a version of bind now that can update
> single domain records without having to restart the server from scratch?
There is one called dns cache = but I have yet to get email back from the
author. I'm looking for a dns server myself which can handle the dot.com
zone file which is now in the giga byte range. The current binds require
at least 4 gigs of ram memory to run the dot.com file.
Another one called ultradns has had good reviews - but it's not yet
available except in alpha. http://www.ultradns.com/ - i think they handle
some form of updating if I remmber a conversation with someone back in the
opensrs conference - he liked it.
But remember - alot of these dns servers are not well tested, or
extensively tested. I's stick with bind and put up with the
restart/reload droll.
Regards
Joe
.. and thank you for the nice compliment. however it's my job to know
this junk and to provide answers - the thanks should go to Mr. Francis
Fanego who passed away last year but left pccf with the necessary support
to sponsor our research.
>
> Your a wonderful source for info, and thank you again!
>
> - Bob
>
> On Tue, 18 Apr 2000, !Dr. Joe Baptista wrote:
>
> > Any dns server can operate as a root server. If a dns server runs the
> > "." zone - then it's s root server.
> >
> > Example - if I wanted to operate a root server using the ORSC roots, as i
> > do on mine - I secondary the file from the ORSC primary root server.
> >
> > Example:
> >
> > I would change my named.conf file and would remove the hints section
> >
> > eg
> >
> > zone "." {
> > type hint;
> > file "named.ca";
> > };
> >
> > and replace it with something like this;
> >
> > zone "." {
> > type slave;
> > file "ORSC-root.db";
> > masters {
> > 199.166.24.1;
> > };
> > };
> >
> > You can also make up your own root file - and run your own root. This is
> > good for corporation that want to block access to certain sections of
> > namespace. here's an example:
> >
> > zone "." {
> > type master;
> > file "jlb-root.db";
> > };
> >
> > or you could do
> >
> > zone "." {
> > type hint;
> > file "jlb-root.db";
> > };
> >
> > In this case - I have compiled my own root file called jlb-root.db
> >
> > You can view what root zone files look like by doing the following under
> > unix.
> >
> > dig @NS1.VRX.NET. . axfr
> >
> > that get's you the ORSC root, for the IANA roots you do the following
> >
> > dig @F.ROOT-SERVERS.NET. . axfr
> >
> > and so on and so forth - just replace the nameserver for the cenfereation
> > listed below - i.e. A.I-DNS.NET. for i-dns and TINC-ORG.COM. for TINC and
> > you'll get their respective root servers. I'm not sure if the IRSC allows
> > zone transfers for their root zone file - if you try it with success let
> > me know and i'll make a note of it in my records.
> >
> > >From one old fart to another
> > Cheers and hope I've answered you questions.
> >
> > On Tue, 18 Apr 2000, Bob Garth wrote:
> >
> > > Joe, do you have open source code for a root server and if so where?
> > >
> > > Thanks,
> > > Bob
> > >
> > > On Tue, 18 Apr 2000, Joe Baptista wrote:
> > >
> > > > A few people have contacted me with respect to alternate root servers and
> > > > a prior post to domain policy. So I've made this report of known root
> > > > server confederation and what nameservers were pointing to them.
> > > >
> > > > I may make the actual data file available is there's enough interest - in
> > > > any case once the root server survey is over I will be publishing the
> > > > results.
> > > >
> > > > Enjoy
> > > > Joe Baptista
> > > >
> > > > Root Server Confederation: A.I-DNS.NET. HOSTMASTER.I-DNS.NET.
> > > > - Test Date ---- Serial --- Name Server --------------------
> > > > 20000409130016 2000031210 apn1.apnt.com.
> > > > 20000409130023 2000031210 apn1.etransac.com.
> > > > 20000410200824 2000031211 buntharik.spu.ac.th.
> > > > 20000412014628 2000031211 dhcp.netsworld.com.
> > > > 20000412192635 2000031211 dns.ksc.co.th.
> > > > 20000412224604 2000031211 dns.netsworld.com.
> > > > 20000413204158 2000031211 dns1.netuser.nu.
> > > > 20000413213629 2000031211 dns1.personal.org.
> > > > 20000413220956 2000031211 dns1.real-digis.com.
> > > > 20000414022744 2000031211 dns2.alanodic.com.
> > > > 20000416002900 2000031211 fwnt.tat.or.th.
> > > > 20000416083742 2000031213 gccf1.gccf.org.
> > > > 20000417010933 2000031214 hhser.aconnect.com.au.
> > > > 20000417020029 2000031214 hkg.chi.net.
> > > > 20000417091252 2000031214 i1.i-dns.com.
> > > > 20000417091359 2000031214 i2.i-dns.com.
> > > > 20000418030009 2000031214 jade.hknet.com.
> > > >
> > > > Root Server Confederation: NS1.VRX.NET. HOSTMASTER.NS1.VRX.NET.
> > > > - Test Date ---- Serial --- Name Server --------------------
> > > > 20000409013842 2000080214 aaron.kesher.net.
> > > > 20000409101839 2000080214 amber.elektron.pl.
> > > > 20000409234648 2000080214 arwena.ii.uni.wroc.pl.
> > > > 20000410202624 2000080214 buster.hworx.com.
> > > > 20000410214231 2000080214 caesar.jbpc.net.
> > > > 20000412080131 2000080219 dns.bears.org.
> > > > 20000414003434 2000080220 dns1.ucn.com.tw.
> > > > 20000415182130 2000080220 flychi.cx.
> > > > 20000415200644 2000080220 frank.eargle.com.
> > > > 20000416090412 2000080220 gehenna.pell.chi.il.us.
> > > > 20000416090424 2000080220 gehenna.psgvb.com.
> > > > 20000417060502 2000080220 hostuniverse.com.
> > > > 20000417062159 2000080220 house.taipei.to.
> > > > 20000417110238 2000080220 idk.com.
> > > > 20000417181006 2000080220 instant.mobiledns.com.
> > > > 20000418033114 2000080220 jantar.elektron.pl.
> > > >
> > > > Root Server Confederation: RS2.AURSC.AH.NET. AT.AH.NET.
> > > > - Test Date ---- Serial --- Name Server --------------------
> > > > 20000411143122 1999070501 court.srealm.net.au.
> > > > 20000411205321 1999070501 danger.downcity.net.
> > > > 20000415212437 1999070501 frontdoor.netcentives.com.
> > > >
> > > > Root Server Confederation: TINC-ORG.COM. TINC.TINC-ORG.COM.
> > > > - Test Date ---- Serial --- Name Server --------------------
> > > > 20000409062429 2000040802 akk4.akk.uni-karlsruhe.de.
> > > > 20000410040828 2000040802 axolotl.mincom.com.
> > > > 20000410085400 2000041000 bean.xtdnet.nl.
> > > > 20000411032257 2000041000 cephyr.cid-net.de.
> > > > 20000411032316 2000041000 cephyr.cid.net.
> > > > 20000417083704 2000041700 hushaboom.cultural.com.
> > > > 20000418094245 2000041700 kaserv.gni.net.
> > > >
> > > > ------------------------------------------------------------
> > > >
> > >
> >
>
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html