[ppml] Comments on ARIN's reverse DNS mapping policy
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Tue Sep 11 02:17:09 EDT 2007
On Tue, Sep 11, 2007 at 12:37:49AM -0400, John Von Essen wrote:
>
> Problem is, an AS only has to properly map a single in-addr.arpa to
> satisfy that requirement. What I am saying is just go a bit further,
> and have policy dictate that the AS must properly map ALL in-
> addr.arpa's for advertised prefixes in order for their nameservers to
> not be considered lame. Seems simple enough.
...
>
> The threat of one's reverse DNS server being declared lame is the
> only way to ensure proper reverse DNS mapping. I dont see why 100%
> enforcement across all advertised prefixes for a given AS is a problem.
>
> Lets not forget that reverse DNS plays an important role in the
> proper operation of many protocols throughout the internet, and one
> of ARINs most important jobs is delegation of reverse dns authority.
> ARIN has a responsibility to make sure that the DNS server they are
> delegating reverse authority too is maintained to at least a minimum
> level of efficiency.
>
> -John
>
John,
you point out an interesting conundrum in the administration of
DNS... your forward map is usually owned by you (via a registrar
or in some cases a registry) while the reverse map is owned by
your ISP (in most cases) ...
the use of secure dynamic update allows you to maintain your DNS
entries in a secure fashion, however your ISP is refusing to
update the information (at all, let alone what you want it to be)
one might observe that since address space is not "owned" - that
a stewardship obligation be applied to delegations - and that
ARIN *might* pre-populate the reverse maps before delegation.
for some DNSSEC usage models, having teh forward and reverse
maps converge is highly desirable... e.g.
foo.bar. a 127.0.0.1
1.0.0.127.in-addr.arpa. ptr foo.bar.
which will require the ISP to rethink who it will allow its clients
to update the reverse maps themselves, in a secure fashion.
thoughts for your consideration.
--bill
More information about the ARIN-PPML
mailing list