Re: New addresses for b.root-servers.net

[Wes Hardaker <wjhns61 () hardakers net>]

Matt Corallo <nanog () as397444 net> writes:

[Sorry for the delay -- this was ICANN week and I'm just getting unburied]

> > Perhaps make it a false responder in the last of those 9 years so that
> > anybody who is truly that far behind on their software updates gets
> > enough of a spanking to stop sending you packets. You'll have problems
> > repurposing the address and its subnet until folks stop sending you
> > DNS query packets, even if you don't respond to them.
>
> Not a bad idea, you could also put a nice warning page up informing
> them that their DNS resolver is broken and not enforcing DNSSEC while
> you're at it :)

Responding to this topic specifically:

All root server operators have made a strong commitment to only serving
the DNS root as managed by IANA [1], I'm afraid this option is off the
table.  Although you could use some wiggle-ling to try and say this
principle doesn't apply to "old addresses", I would not be willing to
take that wiggle on behalf of b.root-servers.net.

[1] https://www.icann.org/en/system/files/files/rssac-055-07jul21-en.pdf
-- 
Wes Hardaker                                     
USC/ISI