nanog mailing list archives
Re: New addresses for b.root-servers.net
From: Jim <mysidia () gmail com>
Date: Fri, 2 Jun 2023 11:57:25 -0500
On Thu, Jun 1, 2023 at 5:59 PM William Herrin <bill () herrin us> wrote: A server generation is about 3 years before it's obsolete and is
generally replaced. I suggest making the old address operable for two . generations (6 years) and black-holed for another generation (3 more ....
As you mention.. there is No TTL for the root hints. The TTL is Infinite. And not all users will be retired after 3 years... there are DNS resolvers online running 10-year old code and there are DNS resolvers on the internet that may not see a roots hint update in the next 10 years. It is unlikely that there is any practical way of giving notice to the operators of such servers. Therefore, I would suggest IP Addresses that ever appeared in the official root hints should be reserved permanently and exclusively for official root service, then blackholed indefinitely once service is not in operation anymore to prevent any DNS service other than an official root server appearing at that IP at any point in time in the future no matter how many years have elapsed (Infinite TTL). A major concern would be if the IP address were eventually re-assigned to something else that ended up reporting false answers due to a malicious or misconfigured DNS service. DNS resolvers can handle no answer by trying other servers, but a false answer from an unauthorized and malicious root service being received by non-validating resolvers would be fairly certain to be capable of causing total failure in the resolver; while an IP address being offline would more likely only cause impairment or delays. It's understandable if some root service IP addresses stop providing service years after the end of service, and resolvers should still be able to function at some level with reduced resiliency and increased errors if only a small number have changed.
Regards, Bill Herrin
-- -JH
Current thread:
- Re: New addresses for b.root-servers.net Jan Schaumann via NANOG (Jun 01)
- Re: New addresses for b.root-servers.net Wes Hardaker (Jun 01)
- Re: New addresses for b.root-servers.net William Herrin (Jun 01)
- Re: New addresses for b.root-servers.net Masataka Ohta (Jun 01)
- Re: New addresses for b.root-servers.net Jim (Jun 02)
- Re: New addresses for b.root-servers.net William Herrin (Jun 02)
- Re: New addresses for b.root-servers.net Matthew Petach (Jun 02)
- Re: New addresses for b.root-servers.net William Herrin (Jun 01)
- Re: New addresses for b.root-servers.net Matt Corallo (Jun 03)
- Re: New addresses for b.root-servers.net William Herrin (Jun 03)
- Re: New addresses for b.root-servers.net Matt Corallo (Jun 03)
- Re: New addresses for b.root-servers.net William Herrin (Jun 03)
- Re: New addresses for b.root-servers.net Wes Hardaker (Jun 01)
- Re: New addresses for b.root-servers.net Izaac (Jun 04)
- Re: New addresses for b.root-servers.net William Herrin (Jun 04)
- Re: New addresses for b.root-servers.net Mark Andrews (Jun 04)
- Re: New addresses for b.root-servers.net William Herrin (Jun 04)