[ppml] Policy Proposal: Authentication of Legacy Resources

James Hess mysidia at gmail.com
Tue Jul 10 21:11:46 EDT 2007


> I can see how your arguments would apply to removing whois records from
> the database, but after re-reading the proposal I see that Andrew only
> proposed removing DNS delegation.  Can you explain how you depend on
> ARIN publishing information on the allocation of address space in DNS
> (rather than WHOIS)?  It would seem to me that ARIN members like you and
> me benefit primarily from having WHOIS information on legacy netblocks.

Providing answers to automated DNS and WHOIS queries and providing
 the information period are two different things.  Legacy information could
be provided in just a slightly different manner solely to separate it, and to
make sure anyone who looks up the addresses will know "the X address
space assigned to region Y is not up-to-date and in good standing with
the RIR (hasn't signed an RSA, for the space, for instance)".


Consider this alternative possibility...  address space users who have
signed an
RSA, or are in good standing with the RIR in another region continue to have
full access to the WHOIS.

The "legacy" addresses get banned or restricted.

Users who are in known legacy address space are blocked from accessing
the WHOIS servers and from putting queries to the reverse DNS servers.

It's not that people can't look them up -- it's that they can't look stuff up --
i.e. no user whose source address is in the legacy IP space is allowed
to make any
lookups at all, except perhaps for  their own  record (so they can see
that up-to-date
contact information has been provided).

The information is still public, it's just that there are some
exceptions as to from
where it can be requested directly online, without payment of a
nominal fee to cover
the costs for maintaining the WHOIS server(s).

Their names can still be reverse-resolved, but DNS resolvers operating from the
legacy network are not allowed to reverse resolve any address.


Chances are they do not care the least bit about this, but their users
may complain about it, particularly when a WHOIS attempt fails and
alerts the user that was trying to perform the lookup with a
meaningful explanation that their Service Provider is not in good
standing with their Regional Registry, and includes the last known
contact information regarding "who is responsible for the address
space".


Follow that up with ammendment for the RSA to require that networks who
DO sign a RSA agree not to proxy reverse DNS or WHOIS requests to the
ARIN servers on behalf of  a user of any address that  according to
WHOIS is part of
a  non-RSA historic address block...

--
-J



More information about the ARIN-PPML mailing list