group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #46666
[Bug 2045297] Re: file root.hints needs update
This bug was fixed in the package dns-root-data -
2023112702~ubuntu0.20.04.1
---------------
dns-root-data (2023112702~ubuntu0.20.04.1) focal; urgency=medium
[ Imre Jonk ]
* update root hints to 2023112702
(LP: #2045297 Closes: #1054393)
-- Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> Mon, 29 Jan
2024 08:10:05 +0100
** Changed in: dns-root-data (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2045297
Title:
file root.hints needs update
Status in Ubuntu Docker Images:
New
Status in dns-root-data package in Ubuntu:
Fix Released
Status in dns-root-data source package in Xenial:
Triaged
Status in dns-root-data source package in Bionic:
Triaged
Status in dns-root-data source package in Focal:
Fix Released
Status in dns-root-data source package in Jammy:
Fix Released
Status in dns-root-data source package in Mantic:
Fix Released
Status in dns-root-data source package in Noble:
Fix Released
Status in dns-root-data package in Debian:
New
Bug description:
[ Impact ]
* There was a renumbering of USC/ISI's DNS Root Servers,
due to that Ubuntu users now are using servers that will
go away.
- https://b.root-servers.org/news/2023/05/16/new-addresses.html
- https://www.lacnic.net/6868/1/lacnic/lacnic-asigna-recursos-de-numeracion-al-servidor-raiz-de-usc_isi
* On one hand it is annoyance as e.g. named uses them as
hints and will on start check those hints and spam you
warnings to the logs.
* On the other hand this will break. Mid term the old addresses
will stop to work (by 2024-11-27) that is the strong
deadline until this has to be updated everywhere.
[ Test Plan ]
* Gladly the self check on hints of named can be quite useful here
$ apt install bind9
$ systemctl restart named
$ systemctl status named
Bad case (right now):
Jan 25 09:45:16 j systemd[1]: Started BIND Domain Name Server.
Jan 25 09:45:16 j named[4136]: running
Jan 25 09:45:16 j named[4136]: resolver priming query complete: success
Jan 25 09:45:16 j named[4136]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
Jan 25 09:45:16 j named[4136]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints
Jan 25 09:45:16 j named[4136]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
Jan 25 09:45:16 j named[4136]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
Good case (once data files are fixed):
...
Jan 25 09:47:50 n systemd[1]: Started named.service - BIND Domain Name Server.
Jan 25 09:47:51 n named[1731]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
Jan 25 09:47:51 n named[1731]: resolver priming query complete: success
Warning, if your system can't connect to the root DNS info (e.g. firewall or weird things) then you will see the check fail to fetch the data for coparison and due to that the comparison can not warn you. That would look like this (or similar depending on the release):
named[1659]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
[ Where problems could occur ]
* This isn't code, purely a data file for services that need to know
about dns root servers. Thereby there is no code in the package itself
that would fail, but potential regressions would be in the dependencies.
Those are (and we can more consciously look out for those):
Reverse-Recommends
==================
* dnsmasq-base [amd64 arm64 armhf ppc64el s390x]
* dnsmasq-base-lua [amd64 arm64 armhf ppc64el s390x]
* ldnsutils [amd64 arm64 armhf ppc64el s390x]
* libbellesip2 [amd64 arm64 armhf ppc64el s390x]
* unbound
* unbound-host
Reverse-Depends
===============
* bind9
* dnsviz
* hash-slinger [amd64 arm64 armhf ppc64el s390x]
* knot-resolver [amd64 arm64 armhf]
* libgetdns10 [amd64 arm64 armhf ppc64el s390x]
* libreswan [amd64 arm64 armhf ppc64el s390x]
* opendkim [amd64 arm64 armhf ppc64el s390x]
* pdns-recursor [amd64 arm64 ppc64el s390x]
* At the same time I think we'd not need to do super advanced tests with
custom setups of each of them. Those that are reverse dependencies and
have tests (bind9, libreswan) will be ran by autopkgtest and given the
change, that should IMHO be sufficient.
[ Other Info ]
* This is a native package and we are not doing anything special
There also is a Debian PR [1] proposing the same just based on a
different date. While we could pick the data of "today" it would
not help more. By chosing the same data as proposed in Debian as
well as going with backport-style versions even for the current
release we - intentionally - allow this to be synced over once
the Debian upload happens.
If their upload races ours we can just sync that in noble, and
only do the SRUs with backport-style versions.
[1]: https://salsa.debian.org/dns-team/dns-root-
data/-/merge_requests/2/diffs#1acc4dbeefe4bd3ebaef82f869677cc1a3b20306
--- original report ---
$ lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04
$apt-cache policy dns-root-data
dns-root-data:
Installed: 2021011101
Candidate: 2021011101
Version table:
*** 2021011101 500
500 http://us-west1.gce.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
100 /var/lib/dpkg/status
---
There was a change of IP addresses for B Root DNS servers, see
https://b.root-servers.org/news/2023/05/16/new-addresses.html
The current root.hints file has version
; last update: January 11, 2021
; related version of root zone: 2021011101
and it should be replaced with something newer from ftp://ftp.internic.net/domain/named.cache
; last update: November 27, 2023
; related version of root zone: 2023112702
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-docker-images/+bug/2045297/+subscriptions
