[51152] in North American Network Operators' Group
Re: .mil domain root only hosted by one server??
daemon@ATHENA.MIT.EDU (Vinny Abello)
Wed Aug 21 16:24:16 2002
Date: Wed, 21 Aug 2002 16:09:21 -0400
To: nanog@trapdoor.merit.edu
From: Vinny Abello <vinny@tellurian.com>
In-Reply-To: <20020821200443.GA26361@rfc822.net>
Errors-To: owner-nanog-outgoing@merit.edu
Ooops... My apologies (before I get slammed). I forgot the query type of NS
in my dig.
; <<>> DiG 9.2.1 <<>> @a.root-servers.net ns mil.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr aa rd; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 11
;; QUESTION SECTION:
;mil. IN NS
;; ANSWER SECTION:
mil. 86400 IN NS E.ROOT-SERVERS.NET.
mil. 86400 IN NS PAC2.NIPR.mil.
mil. 86400 IN NS CON1.NIPR.mil.
mil. 86400 IN NS B.ROOT-SERVERS.NET.
mil. 86400 IN NS A.ROOT-SERVERS.NET.
mil. 86400 IN NS EUR1.NIPR.mil.
mil. 86400 IN NS PAC1.NIPR.mil.
mil. 86400 IN NS H.ROOT-SERVERS.NET.
mil. 86400 IN NS G.ROOT-SERVERS.NET.
mil. 86400 IN NS CON2.NIPR.mil.
mil. 86400 IN NS EUR2.NIPR.mil.
;; ADDITIONAL SECTION:
E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
PAC2.NIPR.mil. 86400 IN A 199.252.155.234
CON1.NIPR.mil. 86400 IN A 199.252.175.234
B.ROOT-SERVERS.NET. 3600000 IN A 128.9.0.107
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
EUR1.NIPR.mil. 86400 IN A 199.252.154.234
PAC1.NIPR.mil. 86400 IN A 199.252.180.234
H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
CON2.NIPR.mil. 86400 IN A 199.252.173.234
EUR2.NIPR.mil. 86400 IN A 199.252.143.234
;; Query time: 500 msec
;; SERVER: 198.41.0.4#53(a.root-servers.net)
;; WHEN: Wed Aug 21 16:07:56 2002
;; MSG SIZE rcvd: 412
That's better. :) Go back to your regularly scheduled threads.
At 03:04 PM 8/21/2002 -0500, you wrote:
>On Wed, Aug 21, 2002 at 03:46:22PM -0400, Vinny Abello wrote:
> >
> > I just stumbled across something I thought was interesting. All the .mil
> > domain names used by the U.S. Military are served by one single root
> > server. I thought that was a bit odd. I'm sure that one server is more
> than
> > enough to handle the queries for all the .mil domains with no problem, but
> > it doesn't seem very redundant or safe at all. Especially for something
> our
> > military uses. There's something that could be beefed up a little bit. My
> > other thought (which others may know) was that perhaps the military runs
> > G.ROOT-SERVERS.NET and I'm just not aware of it. Maybe it's a policy to
> > only run .mil on what they can control? Even still, I think it might be in
> > their best interest to setup a few more.
> >
> > These are the results I got when I queried A.ROOT-SERVERS.NET:
> >
> > ; <<>> DiG 9.2.1 <<>> @a.root-servers.net mil.
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;mil. IN A
> >
> > ;; AUTHORITY SECTION:
> > mil. 86400 IN SOA G.ROOT-SERVERS.NET.
> > HOSTMASTER.N
> > IC.mil. 2002082000 3600 900 1209600 86400
> >
>Ummmm. The SOA MNAME field is always a single server.
>
>bastet[~]$ dig +short mil ns @g.root-servers.net
>PAC1.NIPR.mil.
>H.ROOT-SERVERS.NET.
>G.ROOT-SERVERS.NET.
>CON2.NIPR.mil.
>EUR2.NIPR.mil.
>E.ROOT-SERVERS.NET.
>PAC2.NIPR.mil.
>CON1.NIPR.mil.
>B.ROOT-SERVERS.NET.
>A.ROOT-SERVERS.NET.
>EUR1.NIPR.mil.
>bastet[~]$
>
>-Pete
Vinny Abello
Network Engineer
Server Management
vinny@tellurian.com
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN
