New addresses for b.root-servers.net

Thu Jun 1 22:57:55 UTC 2023

On Thu, Jun 1, 2023 at 3:22 PM Wes Hardaker <wjhns61 at hardakers.net> wrote:
> 1. There is some definite disagreement in opinions we've heard at this
> point, where we've heard from the other extreme opinion where they
> actually wish we wouldn't support the old addresses beyond the TTL at
> the time of the changeover (IE, a bit longer than 48 hours).

Why? Are they fans of breaking the Internet? There is no TTL on the
root hints file and software update cycles are generally a lot longer
than 48 hours. Yes, I know resolvers are supposed to discard the hints
once they have the authoritative NS and A records, but you'd just be
begging for unintended consequences.

> 2. I'll note that we are still serving DNS requests at the addresses that
> we switched away from in 2017 [1][2].  At that time we actually only
> promised 6 months and we've doubled that time length with our latest
> announced change.
>  But we do need a date after which we can turn off
> service to an address block if some reason demands it.
>
> Certainly we would appreciate other opinions about what the right length
> of a change-over time would be, especially from the operational
> communities that will be most impacted by this change.

A server generation is about 3 years before it's obsolete and is
generally replaced. I suggest making the old address operable for two
generations (6 years) and black-holed for another generation (3 more
years).

Perhaps make it a false responder in the last of those 9 years so that
anybody who is truly that far behind on their software updates gets
enough of a spanking to stop sending you packets. You'll have problems
repurposing the address and its subnet until folks stop sending you
DNS query packets, even if you don't respond to them.

Regards,
Bill Herrin

-- 
William Herrin
bill at herrin.us
https://bill.herrin.us/