Matt Corallo <nanog@as397444.net> writes: [Sorry for the delay -- this was ICANN week and I'm just getting unburied]
Perhaps make it a false responder in the last of those 9 years so that anybody who is truly that far behind on their software updates gets enough of a spanking to stop sending you packets. You'll have problems repurposing the address and its subnet until folks stop sending you DNS query packets, even if you don't respond to them.
Not a bad idea, you could also put a nice warning page up informing them that their DNS resolver is broken and not enforcing DNSSEC while you're at it :)
Responding to this topic specifically: All root server operators have made a strong commitment to only serving the DNS root as managed by IANA [1], I'm afraid this option is off the table. Although you could use some wiggle-ling to try and say this principle doesn't apply to "old addresses", I would not be willing to take that wiggle on behalf of b.root-servers.net. [1] https://www.icann.org/en/system/files/files/rssac-055-07jul21-en.pdf -- Wes Hardaker USC/ISI