Re: .mil domain root only hosted by one server??

[bmanning () karoshi com]

 the .mil domain has an "master" source, just like .com or <your tld here>
 it has a list of authoritative servers, just like .com or <your tld here>

 You are reading your response incorrectly.  your dig query ask for the
 default, which is an "A" record.  .MIL has no "A" rr at the apex.  The
 authority for .MIL, according to a.root-servers.net, is g.root-servers.net.

 the NSlist for mil is:

$ dig mil. ns

; <<>> DiG 8.3 <<>> mil. ns 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 11
;; QUERY SECTION:
;;      mil, type = NS, class = IN

;; ANSWER SECTION:
mil.                    2D IN NS        CON1.NIPR.mil.
mil.                    2D IN NS        CON2.NIPR.mil.
mil.                    2D IN NS        EUR1.NIPR.mil.
mil.                    2D IN NS        EUR2.NIPR.mil.
mil.                    2D IN NS        PAC1.NIPR.mil.
mil.                    2D IN NS        PAC2.NIPR.mil.
mil.                    2D IN NS        A.ROOT-SERVERS.NET.
mil.                    2D IN NS        H.ROOT-SERVERS.NET.
mil.                    2D IN NS        G.ROOT-SERVERS.NET.
mil.                    2D IN NS        B.ROOT-SERVERS.NET.
mil.                    2D IN NS        E.ROOT-SERVERS.NET.

-----  

        all over the world.  Some inside the military, some out.



> I just stumbled across something I thought was interesting. All the .mil 
> domain names used by the U.S. Military are served by one single root 
> server. I thought that was a bit odd. I'm sure that one server is more than 
> enough to handle the queries for all the .mil domains with no problem, but 
> it doesn't seem very redundant or safe at all. Especially for something our 
> military uses. There's something that could be beefed up a little bit. My 
> other thought (which others may know) was that perhaps the military runs 
> G.ROOT-SERVERS.NET and I'm just not aware of it. Maybe it's a policy to 
> only run .mil on what they can control? Even still, I think it might be in 
> their best interest to setup a few more.
>
> These are the results I got when I queried A.ROOT-SERVERS.NET:
>
> ; <<>> DiG 9.2.1 <<>> @a.root-servers.net mil.
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;mil.                           IN      A
>
> ;; AUTHORITY SECTION:
> mil.                    86400   IN      SOA     G.ROOT-SERVERS.NET. 
> HOSTMASTER.N
> IC.mil. 2002082000 3600 900 1209600 86400
>
> ;; Query time: 390 msec
> ;; SERVER: 198.41.0.4#53(a.root-servers.net)
> ;; WHEN: Wed Aug 21 15:38:58 2002
> ;; MSG SIZE  rcvd: 90
>
>
> I'd like comments from anyone with more information on this. I'm just 
> curious as to why it is this way and what the reasoning behind it is. Maybe 
> I'll email hostmaster.nic.mil and ask. ;)
>
> Vinny Abello
> Network Engineer
> Server Management
> vinny () tellurian com
> (973)300-9211 x 125
> (973)940-6125 (Direct)
> PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A
>
> Tellurian Networks - The Ultimate Internet Connection
> http://www.tellurian.com (888)TELLURIAN