[dns-operations] 答复: L-Root IPv6 Address renumbering

[Paul Vixie]

Jonathan Stewart wrote:
> At DNS-OARC in in Montreal, October 2015, the Verisign people pointed
> out that J-root's old IP address is still active, 13 years after the new
> address was published, and it gets 100-200 qps, if I recall correctly.
>
> No one was really sure what DNS servers were out there using 13-year old
> root hints files, but they are out there, sending queries.

on my darker days ("too much coffee man!!") i want us to start answering 
NXDOMAIN from any root server address that was decommissioned more than 
ten years ago.

>
> Maybe IPv6 devices will be updated more often than IPv4 devices. Maybe?

that's a double-edged wish. these old queriers are an example of why we 
can't have source address validation -- too much abandonware. but in the 
incoming over-the-air update model, vendors and gov'ts can do as they 
please (see windows 10). there will be heck to pay for that, and also 
for the new attack surface added by the over-the-air mechanisms.

-- 
P Vixie