MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
November
Sun Mon Tue Wed Thu Fri Sat
       
8
 
2007
Months
Nov


Thu, Nov 08, 2007 6:24 pm

Root Hints

I was notified by someone that the L root name server had changed. To see what root name servers one of my DNS servers, running Redhat Linux 9, was using, I ran dig and saw the following output:
# dig

; <<>> DiG 9.2.1 <<>>
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60704
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       517448  IN      NS      G.ROOT-SERVERS.NET.
.                       517448  IN      NS      H.ROOT-SERVERS.NET.
.                       517448  IN      NS      I.ROOT-SERVERS.NET.
.                       517448  IN      NS      J.ROOT-SERVERS.NET.
.                       517448  IN      NS      K.ROOT-SERVERS.NET.
.                       517448  IN      NS      L.ROOT-SERVERS.NET.
.                       517448  IN      NS      M.ROOT-SERVERS.NET.
.                       517448  IN      NS      A.ROOT-SERVERS.NET.
.                       517448  IN      NS      B.ROOT-SERVERS.NET.
.                       517448  IN      NS      C.ROOT-SERVERS.NET.
.                       517448  IN      NS      D.ROOT-SERVERS.NET.
.                       517448  IN      NS      E.ROOT-SERVERS.NET.
.                       517448  IN      NS      F.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
F.ROOT-SERVERS.NET.     172107  IN      A       192.5.5.241
J.ROOT-SERVERS.NET.     172107  IN      A       192.58.128.30

;; Query time: 169 msec
;; SERVER: 207.233.128.10#53(207.233.128.10)
;; WHEN: Thu Nov  8 16:15:46 2007
;; MSG SIZE  rcvd: 260

I only saw the addresses for two of the thirteen root servers listed. The servers are named A.ROOT-SERVERS.NET. through M.ROOT-SERVERS.NET. as shown by the output of a dig command below.

# dig . NS @f.root-servers.net

; <<>> DiG 9.2.1 <<>> . NS @f.root-servers.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19934
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       518400  IN      NS      H.ROOT-SERVERS.NET.
.                       518400  IN      NS      I.ROOT-SERVERS.NET.
.                       518400  IN      NS      J.ROOT-SERVERS.NET.
.                       518400  IN      NS      K.ROOT-SERVERS.NET.
.                       518400  IN      NS      L.ROOT-SERVERS.NET.
.                       518400  IN      NS      M.ROOT-SERVERS.NET.
.                       518400  IN      NS      A.ROOT-SERVERS.NET.
.                       518400  IN      NS      B.ROOT-SERVERS.NET.
.                       518400  IN      NS      C.ROOT-SERVERS.NET.
.                       518400  IN      NS      D.ROOT-SERVERS.NET.
.                       518400  IN      NS      E.ROOT-SERVERS.NET.
.                       518400  IN      NS      F.ROOT-SERVERS.NET.
.                       518400  IN      NS      G.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET.     3600000 IN      A       198.41.0.4
B.ROOT-SERVERS.NET.     3600000 IN      A       192.228.79.201
C.ROOT-SERVERS.NET.     3600000 IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     3600000 IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     3600000 IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     3600000 IN      A       192.5.5.241
G.ROOT-SERVERS.NET.     3600000 IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     3600000 IN      A       128.63.2.53
I.ROOT-SERVERS.NET.     3600000 IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     3600000 IN      A       192.58.128.30
K.ROOT-SERVERS.NET.     3600000 IN      A       193.0.14.129
L.ROOT-SERVERS.NET.     3600000 IN      A       199.7.83.42
M.ROOT-SERVERS.NET.     3600000 IN      A       202.12.27.33

;; Query time: 235 msec
;; SERVER: 192.5.5.241#53(f.root-servers.net)
;; WHEN: Thu Nov  8 16:22:59 2007
;; MSG SIZE  rcvd: 436

I also checked the status of the DNS service on the system with the rndc status command and saw the following:

# rndc status
number of zones: 6
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running

When I checked the /var/named/named.ca file on the system, I found it was dated January 24, 2003, so was almost 5 years old, since the current date is November 8, 2007. I backed up the current named.ca file and then overwrote the file with the latest information.

# dig . NS @f.root-servers.net >/var/named/named.ca

I then restarted the DNS server with /etc/init.d/named restart.

Note: if you see the following when you check the DNS server status, try issuing the /etc/init.d/restart command again.

# rndc status
rndc: connect failed: connection refused

The root hints file, /var/named/named.ca should be updated periodically, which I hadn't been doing on the server. A script to do so can be found at Keeping it working. The script will have to be customized for your particular system though, e.g. I would need to use named.ca instead of root.hints for the filename. And you also need to substitute the name of a system or an IP address of a system that should normally be reachable over your Internet connection for some.machine.net

References:

  1. Configuring DNS > Configuring named
    O'Reilly - Safari Books Online
  2. LOCAL AREA NETWORK DOMAIN NAME SYSTEM (DNS)
    Small Enterprise Networking and Computing Primer
  3. Keeping it working
    Linux.com

[/network/dns] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo