New addresses for b.root-servers.net

• Previous message (by thread): New addresses for b.root-servers.net
• Next message (by thread): New addresses for b.root-servers.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 2, 2023 at 10:40 AM William Herrin <bill at herrin.us> wrote:

> On Fri, Jun 2, 2023 at 9:57 AM Jim <mysidia at gmail.com> wrote:
> > A major concern would be if the IP address were eventually re-assigned
> to something else that
> > ended up reporting false answers due to a malicious or misconfigured DNS
> service.
>
> Hi Jim,
>
> That's one reason I suggested intentionally making it a false
> responder for the final year of its post-service hold. Return wildcard
> A and AAAA records for all queries pointing to a web site which
> responds to any URL with, "Hey buddy, your DNS software is so grossly
> out of date that now it's broken and will stay broken until you fix
> it."
>
> Anybody still sending queries after that gets what they get and
> deserves it -- as long as the time that passes until the final year is
> long enough that only the most reckless and incompetent users are
> still sending queries.
>

I think you underestimate the time frames involved in some projects.
My older brother was deeply involved in the James Webb space telescope
project.
At one point, while visiting him at the giant clean room in Redondo Beach,
we started talking about the specifications on the computers onboard the
telescope.  I was aghast at how out-of-date the systems being installed
were,
and noted I could pop over to Fry's and pick up something with 20x the
memory,
running 10x as fast with pocket money.
He countered by pointing out there were thousands of subcontractors
involved
in the project, and everything had to come together smoothly at the end.
Once
the design work was completed, *everything* was frozen; no changes were
allowed,
no matter how well-intentioned, because there could be unanticipated ripple
effects
on other components being worked on by completely independent
subcontractors.
The end result being that what was being launched was based on hardware and
software that was finalized nearly two decades earlier.

It's a bit unkind to think that only "reckless and incompetent users" will
still be
sending queries years later, when there are plenty of projects like the
James
Webb space telescope where the elements were locked in years before any
decision to renumber root servers might have been made.

I agree with Jim.  Once a block was in use by a root server instance,
encoded
in root hints files, it should be forever reserved as such.  If we want to
make
use of different RIRs and distribute responsibility around the planet,
transfer
the ownership of a block from one RIR to another; don't count on everything
on and off the planet being able to update their root hints.

Thanks!

Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20230602/40a5e7c7/attachment.html>

• Previous message (by thread): New addresses for b.root-servers.net
• Next message (by thread): New addresses for b.root-servers.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]