root servers list changing?

[Paul Vixie]

Matthew Hannigan <mlh at zip.com.au> writes:

> Either way, I don't expect it to change from day to day.

that's true.  "dig" (or the longer version "dig . ns" should produce
roughly similar output (differing only in TTL values) no matter when
you run it.  however, your first clue actually came much earlier:

> I forgot to mention that I also got the message 
>      check_root: 1 root servers ater query to root server < min
> message for a while.  And I had not changed my dns setup, which
> had been working fine.

this means BIND is trying to re-prime since the cached ". NS" TTL is
too low, and it is not getting good answers.  this can mean that your
root.cache file is corrupt, and is pointing at a server that is not
answering the question correctly (though not so incorrectly as to cause
the answer to be rejected by the cache).  or it can mean that your host
is firewalled off from the root servers in a way that these priming
queries aren't getting answered at all.  either way, that is the real
trouble spot, and the fact that "dig" gives inconsistent results is
only a symptom.

> I've read that often enough but it's still not clear to me why
> dig is so much better.  Certainly the output is still fairly cryptic
> and messy. 

you mean because it looks so much like a dns master ("zone") file?  :-)

> I tried ./dig and "./dig . any" and get vastly reduced list of
> root-servers in the "additional" section for latter.

what does "dig @f.root-servers.net . ns" say?

> Well looks like I'll be off to buy the 4th edition of DNS + Bind today.
> I was resisting because I have the 1st edition and I was a little
> underwhelmed by it :-(

you could also try the bind9 operations guide.  it's in the kit and on the
web, as a pdf file.
-- 
Paul Vixie