In article <[EMAIL PROTECTED]> you write: > > >On 4-Feb-2008, at 16:05, Iljitsch van Beijnum wrote: > >> And the new named.root has arrived: >> >> ftp://rs.internic.net/domain/named.root > >I seem to think it has become fairly widespread practice for people to >refresh their named.root files (or whatever they decide to call it) >using something like this: > >$ dig . NS >named.root > >This worked before today. From today, it still works (in the sense >that it will still result in a named.root file which is sufficiently >complete in most situations for a nameserver to be able to send a >priming query) but it won't contain a complete set of glue. > >So, if you're in the habit of doing > > dig . NS >named.root > >you would ideally change that habit to something like > > curl -O ftp://rs.internic.net/domain/named.root
Why? dig is quite capable of coping. Depending apon dig's age and firewall configuration one or more of these will work. dig +edns=0 . NS @a.root-servers.net > named.root dig +bufsize=1200 . NS @a.root-servers.net > named.root dig +vc . NS @a.root-servers.net > named.root As none of these sets DO, they should suffice for the foreseeable future. When DNSSEC is deployed for the root and root-servers.net you will want to do crypto checks. Even then the above queries won't break. Mark >instead. (Incidentally, for me, rs.internic.net is giving "530 Login >incorrect" after PASS when logging in using "ftp" > > >Joe