Table of Contents

To determine whether or not the existing root servers are also advertised as authoritative for other TLDs, we can run a couple of quick scripts to check.

1 Get existing addresses

The following quick script retrieves all the existing root server operator addresses, both v4 and v6. 

addrs=""
for id in a b c d e f g h i j k l m ; do
    addrs="$addrs $(dig +short $id.root-servers.net A) $(dig +short $id.root-servers.net AAAA)"
done
echo $addrs

echo "addrs='$addrs'" > addrs.sh


198.41.0.4 2001:503:ba3e::2:30 199.9.14.201 2001:500:200::b 192.33.4.12 2001:500:2::c 199.7.91.13 2001:500:2d::d 192.203.230.10 2001:500:a8::e 192.5.5.241 2001:500:2f::f 192.112.36.4 2001:500:12::d0d 198.97.190.53 2001:500:1::53 192.36.148.17 2001:7fe::53 192.58.128.30 2001:503:c27::2:30 193.0.14.129 2001:7fd::1 199.7.83.42 2001:500:9f::42 202.12.27.33 2001:dc3::35

2 See whether any of those addresses are listed elsewhere

With the addresses collected, we can now get the entire root zone as a text file and search through it for each address.

(yes turning it into a regexp and using egrep would be more efficient, but I didn't) 

. addrs.sh

if [ ! -f root-zone.txt ] ; then
    dig @localroot.isi.edu . axfr > root-zone.txt
fi

for addr in $addrs ; do
    grep $addr root-zone.txt
done


a.root-servers.net.	518400	IN	A	198.41.0.4
a.root-servers.net.	518400	IN	AAAA	2001:503:ba3e::2:30
b.root-servers.net.	518400	IN	A	199.9.14.201
b.root-servers.net.	518400	IN	AAAA	2001:500:200::b
c.root-servers.net.	518400	IN	A	192.33.4.12
c.root-servers.net.	518400	IN	AAAA	2001:500:2::c
d.root-servers.net.	518400	IN	A	199.7.91.13
d.root-servers.net.	518400	IN	AAAA	2001:500:2d::d
e.root-servers.net.	518400	IN	A	192.203.230.10
e.root-servers.net.	518400	IN	AAAA	2001:500:a8::e
f.root-servers.net.	518400	IN	A	192.5.5.241
f.root-servers.net.	518400	IN	AAAA	2001:500:2f::f
g.root-servers.net.	518400	IN	A	192.112.36.4
g.root-servers.net.	518400	IN	AAAA	2001:500:12::d0d
h.root-servers.net.	518400	IN	A	198.97.190.53
h.root-servers.net.	518400	IN	AAAA	2001:500:1::53
i.root-servers.net.	518400	IN	A	192.36.148.17
i.root-servers.net.	518400	IN	AAAA	2001:7fe::53
j.root-servers.net.	518400	IN	A	192.58.128.30
j.root-servers.net.	518400	IN	AAAA	2001:503:c27::2:30
k.root-servers.net.	518400	IN	A	193.0.14.129
k.root-servers.net.	518400	IN	AAAA	2001:7fd::1
l.root-servers.net.	518400	IN	A	199.7.83.42
l.root-servers.net.	518400	IN	AAAA	2001:500:9f::42
m.root-servers.net.	518400	IN	A	202.12.27.33
m.root-servers.net.	518400	IN	AAAA	2001:dc3::35

As you can see, the only place that the current addresses appear in the root zone is the records for the RSO identifiers themselves.

3 Checking where the names are authoritative for anything other than the root

for id in a b c d e f g h i j k l m ; do
    grep $id.root-servers.net root-zone.txt
done


.			86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020050101 1800 900 604800 86400
.			518400	IN	NS	a.root-servers.net.
arpa.			172800	IN	NS	a.root-servers.net.
a.root-servers.net.	518400	IN	A	198.41.0.4
a.root-servers.net.	518400	IN	AAAA	2001:503:ba3e::2:30
.			86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020050101 1800 900 604800 86400
.			518400	IN	NS	b.root-servers.net.
arpa.			172800	IN	NS	b.root-servers.net.
b.root-servers.net.	518400	IN	A	199.9.14.201
b.root-servers.net.	518400	IN	AAAA	2001:500:200::b
.			518400	IN	NS	c.root-servers.net.
arpa.			172800	IN	NS	c.root-servers.net.
c.root-servers.net.	518400	IN	A	192.33.4.12
c.root-servers.net.	518400	IN	AAAA	2001:500:2::c
.			518400	IN	NS	d.root-servers.net.
arpa.			172800	IN	NS	d.root-servers.net.
d.root-servers.net.	518400	IN	A	199.7.91.13
d.root-servers.net.	518400	IN	AAAA	2001:500:2d::d
.			518400	IN	NS	e.root-servers.net.
arpa.			172800	IN	NS	e.root-servers.net.
e.root-servers.net.	518400	IN	A	192.203.230.10
e.root-servers.net.	518400	IN	AAAA	2001:500:a8::e
.			518400	IN	NS	f.root-servers.net.
arpa.			172800	IN	NS	f.root-servers.net.
f.root-servers.net.	518400	IN	A	192.5.5.241
f.root-servers.net.	518400	IN	AAAA	2001:500:2f::f
.			518400	IN	NS	g.root-servers.net.
arpa.			172800	IN	NS	g.root-servers.net.
g.root-servers.net.	518400	IN	A	192.112.36.4
g.root-servers.net.	518400	IN	AAAA	2001:500:12::d0d
.			518400	IN	NS	h.root-servers.net.
arpa.			172800	IN	NS	h.root-servers.net.
h.root-servers.net.	518400	IN	A	198.97.190.53
h.root-servers.net.	518400	IN	AAAA	2001:500:1::53
.			518400	IN	NS	i.root-servers.net.
arpa.			172800	IN	NS	i.root-servers.net.
i.root-servers.net.	518400	IN	A	192.36.148.17
i.root-servers.net.	518400	IN	AAAA	2001:7fe::53
.			518400	IN	NS	j.root-servers.net.
j.root-servers.net.	518400	IN	A	192.58.128.30
j.root-servers.net.	518400	IN	AAAA	2001:503:c27::2:30
.			518400	IN	NS	k.root-servers.net.
arpa.			172800	IN	NS	k.root-servers.net.
k.root-servers.net.	518400	IN	A	193.0.14.129
k.root-servers.net.	518400	IN	AAAA	2001:7fd::1
.			518400	IN	NS	l.root-servers.net.
arpa.			172800	IN	NS	l.root-servers.net.
l.root-servers.net.	518400	IN	A	199.7.83.42
l.root-servers.net.	518400	IN	AAAA	2001:500:9f::42
.			518400	IN	NS	m.root-servers.net.
arpa.			172800	IN	NS	m.root-servers.net.
m.root-servers.net.	518400	IN	A	202.12.27.33
m.root-servers.net.	518400	IN	AAAA	2001:dc3::35

This shows that the names are only referenced for the root and the arpa TLD.

4 Results Summary

  1. The current RSO addresses and names do not reference any other TLDs
  2. Note: This does not mean that RSO instances are not serving from other addresses.
  3. Note: This work does not follow the tree down to see if there are inconsistencies between parent/child relationships such that a RSO might be in the child's NS set but not in the root zone. (which wouldn't be hard to do)
  4. Note: This work does not prove that the existing RSOs aren't using their names and addresses for DNS zones further down in the DNS tree.

Author: Wes Hardaker

Created: 2020-05-01 Fri 08:07

Validate