[158871] in North American Network Operators' Group
=?windows-1252?Q?Re=3A_Advisory_=97_D-root_is_changing_its_IPv4_?=
daemon@ATHENA.MIT.EDU (Joe Abley)
Fri Dec 14 12:27:35 2012
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <50CB5AE7.8070709@mtcc.com>
Date: Fri, 14 Dec 2012 12:13:49 -0500
To: Michael Thomas <mike@mtcc.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi Michael,
On 2012-12-14, at 11:59, Michael Thomas <mike@mtcc.com> wrote:
> Matthew Newton wrote:
>> On Fri, Dec 14, 2012 at 04:42:46PM +0000, Nick Hilliard wrote:
>>> On 13/12/2012 22:54, Jason Castonguay wrote:
>>>> Advisory =97 D-root is changing its IPv4 address on the 3rd of =
January.
>>> You've just given 3 weeks notice for a component change in one of =
the few
>>> critical part of the Internet's infrastructure, at a time when most
>> I think that /was/ the advance notification - you've got 6 months :)
>> "The old address will continue to work for at least six months
>> after the transition, but will ultimately be retired from
>> service."
>=20
> So really stupid question, and hopefully it's just me, do I need to do =
something
> on my servers?
When nameservers first boot, all they have is a hints file. This is =
either baked in to the software, or provided as a "hints file", or some =
combination. The hints file you have today will have the =
current/outgoing D-Root address.
The first thing a resolver does before it is ready for service, again, =
armed only with the hints file, is to send a priming query to a root =
server. This query is of the form ". IN NS?". Resolvers will try servers =
from the hints file until they get a response. Once the priming response =
is received, the data originally harvested from the hints file can be =
thrown away.
Once D-Root renumbers, a freshly booted resolver with an old hints file =
will either:
- send a priming query to one of A, B, C, E, F, G, H, I, J, K, L, M, =
and obtain a response that contains the new D-Root address
- send a priming query to the old D-Root v4 address, and also obtain a =
response that contains the new D-Root address
Once service is discontinued on the current/outgoing D-Root address, =
such a resolver might fail to obtain a response to its priming query if =
it happens to try the D/v4 address first. It will re-try with a =
different address until it succeeds. In principle, you only need one =
reachable address in the hints file to work to get up and running.
In summary, theory (and practice) tells us that:
1. You should update your hints file from time to time, and
2. If you don't, chances are overwhelmingly good that it will make no =
difference, and everything will work as normal.
Joe
