Blog entries for "F-root"

 There is a new draft from the IETF GROW working group that attempts to standardize how Anycasted services manage their routing announcements.  The draft can be found at:

ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-grow-unique-origin-as-01.txt

Before commenting directly on the draft a review of how ISC operates the F-Root Anycast network is in order.

While many of you know ISC as the maintainer of the BIND DNS server software, we have always had our hand in the DNS operations field, including operating one of the 13 DNS root servers (F.ROOT-SERVERS.NET), as well as secondaring many ccTLD and non-commercial zones for over a decade. ISC has also been at the forefront of designing and implementing DNS Security Extensions (DNSSEC) which is a mechanism to cryptographically verify that the response given to a DNS request is correct.

ISC uses an unusual routing configuration for the F-Root name server. While the configuration is relatively easy to understand, it's hard to deduce by looking at the routing tables. We'll explain it here!

The network 192.5.4.0/23 is used for F-Root. The reasons for using this block are historical and unimportant, but the fact that it is a /23 is very important. Looking in the global routing table, you'll find 192.5.4.0/23 routed worldwide; ISC has obtained multiple transit providers for this network to provide excellent access to F-Root.

In the Fall of 2009, the organizations responsible for generating the root zone, ICANN, Verisign, and the US Department of Commerce, announced that they had come to a agreement on how to sign the root zone with DNSSEC (DNS Security Extensions) A website has been created by ICANN and Verisign to provide information about the change and a rollout timeline.