On Fri, Jun 2, 2023 at 10:40 AM William Herrin <bill@herrin.us> wrote:
On Fri, Jun 2, 2023 at 9:57 AM Jim <mysidia@gmail.com> wrote:
A major concern would be if the IP address were eventually re-assigned to something else that ended up reporting false answers due to a malicious or misconfigured DNS service.
Hi Jim,
That's one reason I suggested intentionally making it a false responder for the final year of its post-service hold. Return wildcard A and AAAA records for all queries pointing to a web site which responds to any URL with, "Hey buddy, your DNS software is so grossly out of date that now it's broken and will stay broken until you fix it."
Anybody still sending queries after that gets what they get and deserves it -- as long as the time that passes until the final year is long enough that only the most reckless and incompetent users are still sending queries.
I think you underestimate the time frames involved in some projects. My older brother was deeply involved in the James Webb space telescope project. At one point, while visiting him at the giant clean room in Redondo Beach, we started talking about the specifications on the computers onboard the telescope. I was aghast at how out-of-date the systems being installed were, and noted I could pop over to Fry's and pick up something with 20x the memory, running 10x as fast with pocket money. He countered by pointing out there were thousands of subcontractors involved in the project, and everything had to come together smoothly at the end. Once the design work was completed, *everything* was frozen; no changes were allowed, no matter how well-intentioned, because there could be unanticipated ripple effects on other components being worked on by completely independent subcontractors. The end result being that what was being launched was based on hardware and software that was finalized nearly two decades earlier. It's a bit unkind to think that only "reckless and incompetent users" will still be sending queries years later, when there are plenty of projects like the James Webb space telescope where the elements were locked in years before any decision to renumber root servers might have been made. I agree with Jim. Once a block was in use by a root server instance, encoded in root hints files, it should be forever reserved as such. If we want to make use of different RIRs and distribute responsibility around the planet, transfer the ownership of a block from one RIR to another; don't count on everything on and off the planet being able to update their root hints. Thanks! Matt