[ppml] Policy Proposal 2005-3: Lame Delegations
Edward Lewis
Ed.Lewis at neustar.biz
Sun Mar 20 09:26:45 EST 2005
At 0:04 -0800 3/20/05, Owen DeLong wrote:
>> What if:
>> o if a server for one zone out of "many" for an address range is lame
>> but the rest are okay, is the one zone "delisted?"
>[snip]
>
>If the server to which ARIN delegates answers with either referrals for
>more specifics (2317 or /24 from /16, etc.) or Zone Data (SOA, PTR, etc.),
>then, that server is not LAME. Servers to which that server delegates are
>not and should not be part of what is considered in this proposal. The
>entity running the delegating server should develop and implement their
>own policy towards their downstreams. Hopefully this would be consistent
>with BCP and standards.
There's a misunderstanding here. To try to clear this up, I'll use a
fictional example.
Let's say I, an ISP, am allocated 365.29.0.0-365.29.31.255, which is
equivalent to 365.29.0/19, and I register "ns0.example". as my name
server for this range. (I'm using one name server to keep the
example simple.)
ARIN's 365.in-addr.arpa zone will then that the following records for me:
0.29.365.in-addr.arpa. NS ns0.example.
1.29.365.in-addr.arpa. NS ns0.example.
2.29.365.in-addr.arpa. NS ns0.example.
...
31.29.365.in-addr.arpa. NS ns0.example.
The question is: What happens if, after a few months, I've
"reassigned-simple" the first 10 "/24's" worth of space and set up
reverse for them, but haven't set up reverse for the the remaining
zones?
I.e., [0,1,2,3,4,5,6,7,8,9].29.365.in-addr.arpa are configured and
running on ns0.example. The zones from [10..31.29.365].in-addr.arpa
are not configured.
(The proper action is to set up all 32 zones, even though there are
no entries in the "unused" zones.)
The question I posed has nothing to do with any delegation record not
published by ARIN. If my ISP had a /16, there would be just one NS
record to my server. I think it would be out of bounds for ARIN to
test whether referrals issued by my machine referenced lame servers.
>[summary:]
>Question of Purpose:
> o Global DNS Protect
> o WHOIS Cleanup
>[snip]
>
>I do not see this proposal as targeted specifically at either of these
>concerns, and, I don't see them as mutually exclusive. I would like to
>see this as a start towards both issues. I think that leaving the NS
>information in WHOIS with a "LAME" marker on it, and, removing it from
>the DNS is the ideal solution if contact and resolution cannot be achieved.
I think this proposal ought to be targeted at something, it makes a
difference when trying to engineers a solution. ARIN staff is to be
given the latitude in making implementation decisions, but the
membership ought to given the staff an indication of "what to
optimize for."
I agree with you that leaving lame servers marked as such in WhoIs.
But look at my example above. What happens if I get an answer for
dig -x 365.29.4.138
and a lame response (which looks like a referral "up" the DNS tree) for
dig -x 365.29.14.138?
Is this server marked a lame in WhoIs or not?
>Again, I do not think that ARIN should take any action in regards to
>data or DNS entries which are not delgated by ARIN (e.g. LAME SWIPs
>should not be modified by ARIN, although it would be good if ARIN
>contacted the upstream supplying the SWIP under the first part of
>this policy).
That's a good bounding for the policy. On the one hand, such
lameness is also a problem and ARIN has the data to test for it, on
the other hand, this would be unmanageable. Maybe in the future, but
definitely not now. And maybe not even in the future.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Achieving total enlightenment has taught me that ignorance is bliss.
More information about the ARIN-PPML
mailing list