New addresses for b.root-servers.net

Fri Jun 16 02:51:53 UTC 2023

William Herrin <bill at herrin.us> writes:

Hi Bill,

> I acknowledge that you'd prefer it be, "forever and a day," and
> perhaps that's what the answer should be, but in all due respect the
> document you cite is completely mute on the use of addresses which are
> -no longer- root DNS servers.

I cited the document to discuss the fact that we can not do what you
suggested:

> Not a bad idea, you could also put a nice warning page up informing
> them that their DNS resolver is broken and not enforcing DNSSEC while
> you're at it :)

as this would require us to return a different answer to a query than
what is in the IANA maintained root zone (IE, we'd be synthesizing
address records and hoping that the querier was using a web-browser
which has been tried by many companies and is heavily frowned upon.
Other options like returning a special loopback address have been better
appreciated [2] but this would still require returning answers that did
not match the IANA distributed root zone data which we will not do.

As to your other point:

> At some point, somebody's going to want to do something with the old
> /24.

You are correct that we did not state we will or will not be returning
the address block we have back to ARIN.  We do not plan on returning it
for precisely the reasons you've specified.  Even if we were going to,
we would certainly stop responding on it for a long time first.  And
even if we returned it, I suspect that ARIN itself would consider
carefully what to do with a returned address in the critical
infrastructure block.  TL;DR: we agree and it's covered.

-- 
Wes Hardaker                                     
USC/ISI