- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
VeriSign is planning changes to a Domain Name System component responsible for coordinating updates to the .com and .net domains throughout the DNS system, according to a company spokesman.
The changes are intended to prepare .com and .net for more frequent daily updates of information such as new subdomains, address changes and the culling out of obsolete subdomains. Internet users and organizations managing Web sites on .com and .net will not notice the change, VeriSign said.
However, some networking experts worry that the change, which is scheduled for Feb. 9, may have unanticipated consequences that could interrupt traffic to some .com and .net Web sites and other online services.
The modifications will change the way part of a DNS component called the SOA (Start of Authority) Record is generated for .com and .net domains, according to information posted to the Nanog networking discussion group by Matt Larson, of VeriSign Naming and Directory Services and confirmed by Pat Burns, a VeriSign spokesman.
SOAs are used to manage DNS zones, areas of an Internet domain that are managed by a single DNS server. The records contain identifying information about the zone, such as the name of the primary DNS server for the zone, the e-mail address of the person responsible for the zone and a unique serial number that can be used to compare whether the zone information in one DNS server is newer or older than that managed by other, secondary servers.
VeriSign Naming and Directory Services will change the serial number format in the .com and .net zones' SOA records. Currently, the serial number format is YYYYMMDD, plus an additional two-digit number (00 to 99) that is updated whenever the zone data is updated.
Under the new system, VeriSign will change the serial number to a unique value equal to the number of seconds since 00:00:00 Greenwich Mean Time on Jan. 1, 1970, Larson said.
That will allow VeriSign to make better use of its ATLAS (Advanced Transaction Lookup and Signalling system) technology to make more frequent and efficient updates to .com and .net, from the current system of two daily updates, Burns said.
VeriSign does not anticipate disruptions stemming from the change, Larson said. But the company did allow that "processes that rely on the semantics of the .com/.net serial number" could be affected.
For example, companies that have created scripts to monitor domain change on .com and .net will almost certainly need to make changes to account for the serial number change, said Thor Larholm, senior security researcher at Pivx Solutions.
Also, companies that have incorrectly formatted their DNS servers to get information directly from the DNS root servers maintained by VeriSign will stop receiving updates on Feb. 9, leaving those servers and the Internet users who rely on them out of step with the rest of the Internet, he said.
"The damage won't be catastrophic, but some DNS servers could stop receiving updates," he said.
While there is general agreement within the technical community that VeriSign has the right to make the serial number changes, there is also suspicion about the move, especially after the feud over VeriSign's controversial Site Finder service in 2003, which redirected requests for nonexistent Web addresses to a Web site maintained by VeriSign.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment