** Also affects: dns-root-data (Ubuntu Xenial) Importance: Undecided Status: New
** Also affects: dns-root-data (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: dns-root-data (Ubuntu Bionic) Assignee: (unassigned) => Christian Ehrhardt (paelzer) ** Changed in: dns-root-data (Ubuntu Bionic) Status: New => Triaged ** Changed in: dns-root-data (Ubuntu Xenial) Assignee: (unassigned) => Christian Ehrhardt (paelzer) ** Changed in: dns-root-data (Ubuntu Xenial) Status: New => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/2045297 Title: file root.hints needs update Status in Ubuntu Docker Images: New Status in dns-root-data package in Ubuntu: Fix Released Status in dns-root-data source package in Xenial: Triaged Status in dns-root-data source package in Bionic: Triaged Status in dns-root-data source package in Focal: Triaged Status in dns-root-data source package in Jammy: Triaged Status in dns-root-data source package in Mantic: Triaged Status in dns-root-data source package in Noble: Fix Released Status in dns-root-data package in Debian: New Bug description: [ Impact ] * There was a renumbering of USC/ISI's DNS Root Servers, due to that Ubuntu users now are using servers that will go away. - https://b.root-servers.org/news/2023/05/16/new-addresses.html - https://www.lacnic.net/6868/1/lacnic/lacnic-asigna-recursos-de-numeracion-al-servidor-raiz-de-usc_isi * On one hand it is annoyance as e.g. named uses them as hints and will on start check those hints and spam you warnings to the logs. * On the other hand this will break. Mid term the old addresses will stop to work (by 2024-11-27) that is the strong deadline until this has to be updated everywhere. [ Test Plan ] * Gladly the self check on hints of named can be quite useful here $ apt install bind9 $ systemctl restart named $ systemctl status named Bad case (right now): Jan 25 09:45:16 j systemd[1]: Started BIND Domain Name Server. Jan 25 09:45:16 j named[4136]: running Jan 25 09:45:16 j named[4136]: resolver priming query complete: success Jan 25 09:45:16 j named[4136]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints Jan 25 09:45:16 j named[4136]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints Jan 25 09:45:16 j named[4136]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints Jan 25 09:45:16 j named[4136]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints Good case (once data files are fixed): ... Jan 25 09:47:50 n systemd[1]: Started named.service - BIND Domain Name Server. Jan 25 09:47:51 n named[1731]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete) Jan 25 09:47:51 n named[1731]: resolver priming query complete: success Warning, if your system can't connect to the root DNS info (e.g. firewall or weird things) then you will see the check fail to fetch the data for coparison and due to that the comparison can not warn you. That would look like this (or similar depending on the release): named[1659]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out [ Where problems could occur ] * This isn't code, purely a data file for services that need to know about dns root servers. Thereby there is no code in the package itself that would fail, but potential regressions would be in the dependencies. Those are (and we can more consciously look out for those): Reverse-Recommends ================== * dnsmasq-base [amd64 arm64 armhf ppc64el s390x] * dnsmasq-base-lua [amd64 arm64 armhf ppc64el s390x] * ldnsutils [amd64 arm64 armhf ppc64el s390x] * libbellesip2 [amd64 arm64 armhf ppc64el s390x] * unbound * unbound-host Reverse-Depends =============== * bind9 * dnsviz * hash-slinger [amd64 arm64 armhf ppc64el s390x] * knot-resolver [amd64 arm64 armhf] * libgetdns10 [amd64 arm64 armhf ppc64el s390x] * libreswan [amd64 arm64 armhf ppc64el s390x] * opendkim [amd64 arm64 armhf ppc64el s390x] * pdns-recursor [amd64 arm64 ppc64el s390x] * At the same time I think we'd not need to do super advanced tests with custom setups of each of them. Those that are reverse dependencies and have tests (bind9, libreswan) will be ran by autopkgtest and given the change, that should IMHO be sufficient. [ Other Info ] * This is a native package and we are not doing anything special There also is a Debian PR [1] proposing the same just based on a different date. While we could pick the data of "today" it would not help more. By chosing the same data as proposed in Debian as well as going with backport-style versions even for the current release we - intentionally - allow this to be synced over once the Debian upload happens. If their upload races ours we can just sync that in noble, and only do the SRUs with backport-style versions. [1]: https://salsa.debian.org/dns-team/dns-root- data/-/merge_requests/2/diffs#1acc4dbeefe4bd3ebaef82f869677cc1a3b20306 --- original report --- $ lsb_release -rd Description: Ubuntu 22.04.3 LTS Release: 22.04 $apt-cache policy dns-root-data dns-root-data: Installed: 2021011101 Candidate: 2021011101 Version table: *** 2021011101 500 500 http://us-west1.gce.archive.ubuntu.com/ubuntu jammy/main amd64 Packages 100 /var/lib/dpkg/status --- There was a change of IP addresses for B Root DNS servers, see https://b.root-servers.org/news/2023/05/16/new-addresses.html The current root.hints file has version ; last update: January 11, 2021 ; related version of root zone: 2021011101 and it should be replaced with something newer from ftp://ftp.internic.net/domain/named.cache ; last update: November 27, 2023 ; related version of root zone: 2023112702 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-docker-images/+bug/2045297/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp