[ppml] Comments on ARIN's reverse DNS mapping policy
Brian Dickson
briand at ca.afilias.info
Wed Sep 12 11:24:08 EDT 2007
- Previous message: [ppml] Comments on ARIN's reverse DNS mapping policy
- Next message: [ppml] Comments on ARIN's reverse DNS mapping policy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Randy Bush wrote: > arin delegates 42.666.in-addr.arpa to the member isp. the servers > properly respond for that delegation. this seems to be about as far as > current policy goes; though there are reported gaps in implementation. > > the op wants us to say that, if the delegatee further delegates > sub-zones, then the service for those sub-zones must not be lame. > > aside from issues of whether the community has the right to descend into > the delegation, how would we text the sub-delegations? if they are on > byte boundaries, we can probe for them. but goddesses help us if they > use rfc 2317. and is it our prerogative to probe 256 sub-delegations of > a /16? 64k of a /8? and how many of a /32 in ipv6 space? > The "probing" is in fact, an exercise in tree-walking. Writing a script to handle this should be within the capabilities of ARIN, given the scope of other tools they no doubt need to handle administration of address assignments. The basic tree-walking should be limited to following delegations of expected form (numeric subzones within the expected ranges, either 0-1 or 0-255). Those are the only sub-delegations "of interest", i.e. which would otherwise have been directly delegated by ARIN. Optimizations can be done, since the expectation is one of positive responses to SOA queries. Low timeouts may generate false negatives, but no false positives. Re-testing false negatives with longer timeouts, produces the true negatives. The *main* question is, since in rfc 2317 the distance from ARIN in delegations can be >2, what should be done? I think the classic "him or you" answer scales best. Arin requests the delegatee to fix the subordinate, or have their delegation pulled, with the recommendation that they use the same tactic. At the leaf, the broken delegatee must either fix the problem or get pruned. If the delegator does not prune a still-broken leaf, then *his* delegator must do the same, or face being pruned him/herself. Etc. The responsibility with ARIN rests only in running test scripts, and contacting direct delegatees. All further communication is between third parties, within some set time frame. I *think* this would be able to be codified in the NRPM, as well as passing the scaling, sanity, and legitimacy/legality tests. Thoughts? Brian Dickson
- Previous message: [ppml] Comments on ARIN's reverse DNS mapping policy
- Next message: [ppml] Comments on ARIN's reverse DNS mapping policy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the PPML mailing list