[ppml] Comments on ARIN's reverse DNS mapping policy

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Tue Sep 11 02:17:09 EDT 2007


On Tue, Sep 11, 2007 at 12:37:49AM -0400, John Von Essen wrote:
> 
> Problem is, an AS only has to properly map a single in-addr.arpa to  
> satisfy that requirement. What I am saying is just go a bit further,  
> and have policy dictate that the AS must properly map ALL in- 
> addr.arpa's for advertised prefixes in order for their nameservers to  
> not be considered lame. Seems simple enough.
...
> 
> The threat of one's reverse DNS server being declared lame is the  
> only way to ensure proper reverse DNS mapping. I dont see why 100%  
> enforcement across all advertised prefixes for a given AS is a problem.
> 
> Lets not forget that reverse DNS plays an important role in the  
> proper operation of many protocols throughout the internet, and one  
> of ARINs most important jobs is delegation of reverse dns authority.   
> ARIN has a responsibility to make sure that the DNS server they are  
> delegating reverse authority too is maintained to at least a minimum  
> level of efficiency.
> 
> -John
> 

    John, 
        you point out an interesting conundrum in the administration of
        DNS...  your forward map is usually owned by you (via a registrar
        or in some cases a registry) while the reverse map is owned by 
        your ISP (in most cases) ...  

        the use of secure dynamic update allows you to maintain your DNS
        entries in a secure fashion, however your ISP is refusing to 
        update the information (at all, let alone what you want it to be)
	
	one might observe that since address space is not "owned" - that
	a stewardship obligation be applied to delegations - and that
 	ARIN *might* pre-populate the reverse maps before delegation.

	for some DNSSEC usage models, having teh forward and reverse
	maps converge is highly desirable...  e.g.

		foo.bar.	a	127.0.0.1
		1.0.0.127.in-addr.arpa.  ptr foo.bar.

	which will require the ISP to rethink who it will allow its clients
	to update the reverse maps themselves, in a secure fashion.

	thoughts for your consideration.

--bill



More information about the ARIN-PPML mailing list