A server generation is about 3 years before it's obsolete and is
generally replaced. I suggest making the old address operable for two .
generations (6 years) and black-holed for another generation (3 more ....
As you mention.. there is No TTL for the root hints. The TTL is Infinite. And not
all users will be retired after 3 years... there are DNS resolvers online running
10-year old code and there are DNS resolvers on the internet that may not see a roots hint
update in the next 10 years. It is unlikely that there is any practical way of giving notice
to the operators of such servers.
Therefore, I would suggest IP Addresses that ever appeared in the official root hints
should be reserved permanently and exclusively for official root service, then blackholed indefinitely once service
is not in operation anymore to prevent any DNS service other than an official root server appearing at
that IP at any point in time in the future no matter how many years have elapsed (Infinite TTL).
A major concern would be if the IP address were eventually re-assigned to something else that
ended up reporting false answers due to a malicious or misconfigured DNS service.
DNS resolvers can handle no answer by trying other servers, but
a false answer from an unauthorized and malicious root service being received by non-validating
resolvers would be fairly certain to be capable of causing total failure in the resolver;
while an IP address being offline would more likely only cause impairment or delays.
It's understandable if some root service IP addresses stop providing service years after
the end of service, and resolvers should still be able to function at some level with
reduced resiliency and increased errors if only a small number have changed.
Regards,
Bill Herrin
--
-JH