On Thu, Jun 1, 2023 at 5:59 PM William Herrin <bill@herrin.us> wrote: A server generation is about 3 years before it's obsolete and is
generally replaced. I suggest making the old address operable for two . generations (6 years) and black-holed for another generation (3 more ....
As you mention.. there is No TTL for the root hints. The TTL is Infinite. And not all users will be retired after 3 years... there are DNS resolvers online running 10-year old code and there are DNS resolvers on the internet that may not see a roots hint update in the next 10 years. It is unlikely that there is any practical way of giving notice to the operators of such servers. Therefore, I would suggest IP Addresses that ever appeared in the official root hints should be reserved permanently and exclusively for official root service, then blackholed indefinitely once service is not in operation anymore to prevent any DNS service other than an official root server appearing at that IP at any point in time in the future no matter how many years have elapsed (Infinite TTL). A major concern would be if the IP address were eventually re-assigned to something else that ended up reporting false answers due to a malicious or misconfigured DNS service. DNS resolvers can handle no answer by trying other servers, but a false answer from an unauthorized and malicious root service being received by non-validating resolvers would be fairly certain to be capable of causing total failure in the resolver; while an IP address being offline would more likely only cause impairment or delays. It's understandable if some root service IP addresses stop providing service years after the end of service, and resolvers should still be able to function at some level with reduced resiliency and increased errors if only a small number have changed.
Regards, Bill Herrin
-- -JH