Matt Corallo <[email protected]> writes: [Sorry for the delay -- this was ICANN week and I'm just getting unburied]
> > Perhaps make it a false responder in the last of those 9 years so that > > anybody who is truly that far behind on their software updates gets > > enough of a spanking to stop sending you packets. You'll have problems > > repurposing the address and its subnet until folks stop sending you > > DNS query packets, even if you don't respond to them. > > Not a bad idea, you could also put a nice warning page up informing > them that their DNS resolver is broken and not enforcing DNSSEC while > you're at it :) Responding to this topic specifically: All root server operators have made a strong commitment to only serving the DNS root as managed by IANA [1], I'm afraid this option is off the table. Although you could use some wiggle-ling to try and say this principle doesn't apply to "old addresses", I would not be willing to take that wiggle on behalf of b.root-servers.net. [1] https://www.icann.org/en/system/files/files/rssac-055-07jul21-en.pdf -- Wes Hardaker USC/ISI
