[ppml] Comments on ARIN's reverse DNS mapping policy
John Von Essen
john at quonix.net
Tue Sep 11 00:37:49 EDT 2007
Randy - Thanks, you are the first person to not write this off as a
"find another ISP" comment.
Maria, I understand your comments, but consider this... The current
policy on reverse dns mapping "almost" does the job - it just needs
to go a tiny bit further.
Current policy dictates that you have to map an in-addr.arpa zone for
your prefix in order for your nameservers to not be considered lame.
Problem is, an AS only has to properly map a single in-addr.arpa to
satisfy that requirement. What I am saying is just go a bit further,
and have policy dictate that the AS must properly map ALL in-
addr.arpa's for advertised prefixes in order for their nameservers to
not be considered lame. Seems simple enough.
The problem goes beyond the ISP-to-customer scenario. Take Verizon
DSL, what if they didn't map the in-addr.arpa's for all their DSL
IP's - thats probably 10 or so /16's easily. That would cause tons of
problems for various 3rd party organizations all throughout the
internet; people like vonage (sip traffic), gmail, postini, or any
large smtp environment or protocol dependent on reverse DNS.
But the current policy would not consider Verizon's reverse DNS
servers as being lame. Because even though there are 1000's of in-
addr.arpa zones not mapped (thereby causing excessive timeout on
resolvers throughout the world), they do have one mapped to meet the
minimum ARIN requirement for non-lameness. That simply doesn't make
The threat of one's reverse DNS server being declared lame is the
only way to ensure proper reverse DNS mapping. I dont see why 100%
enforcement across all advertised prefixes for a given AS is a problem.
Lets not forget that reverse DNS plays an important role in the
proper operation of many protocols throughout the internet, and one
of ARINs most important jobs is delegation of reverse dns authority.
ARIN has a responsibility to make sure that the DNS server they are
delegating reverse authority too is maintained to at least a minimum
level of efficiency.
On Sep 11, 2007, at 12:05 AM, Randy Bush wrote:
>> I understand your desire to make this an ARIN policy. However, it
>> has long been a position of the ARIN Community (for the most part)
>> that ARIN policy is not to dictate or guarantee routing.
> perhaps re-reading the OP's post would reveal that nothing about
> is mentioned.
> my guess is that you are making an inference from routing to reverse
> dns. but such a leap may not be completely defensible, as reverse dns
> is something about which arin does have policy, just not the policy
> which i think the OP wants.
> many fora have looked at reverse mapping policy and not made much
> progress. this is mostly due to a large and loud contingent of "who
> cares? it does not matter. those who check are <bleep>s. etc."
> the problem is that it is the user (that silly person who pays all our
> salaries) who gets screwed, as you can see from the whining of this
> particular screwee. most do not know why they get long hangs when
> simple things, they think crap is normal. perhaps it should not be.
John Von Essen
(800) 248-1736 ext 100
john at quonix.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ARIN-PPML