William Herrin <bill@herrin.us> writes: Hi Bill,
I acknowledge that you'd prefer it be, "forever and a day," and perhaps that's what the answer should be, but in all due respect the document you cite is completely mute on the use of addresses which are -no longer- root DNS servers.
I cited the document to discuss the fact that we can not do what you suggested:
Not a bad idea, you could also put a nice warning page up informing them that their DNS resolver is broken and not enforcing DNSSEC while you're at it :)
as this would require us to return a different answer to a query than what is in the IANA maintained root zone (IE, we'd be synthesizing address records and hoping that the querier was using a web-browser which has been tried by many companies and is heavily frowned upon. Other options like returning a special loopback address have been better appreciated [2] but this would still require returning answers that did not match the IANA distributed root zone data which we will not do. As to your other point:
At some point, somebody's going to want to do something with the old /24.
You are correct that we did not state we will or will not be returning the address block we have back to ARIN. We do not plan on returning it for precisely the reasons you've specified. Even if we were going to, we would certainly stop responding on it for a long time first. And even if we returned it, I suspect that ARIN itself would consider carefully what to do with a returned address in the critical infrastructure block. TL;DR: we agree and it's covered. -- Wes Hardaker USC/ISI