[ppml] Comments on ARIN's reverse DNS mapping policy

Edward Lewis Ed.Lewis at neustar.biz
Tue Sep 11 12:13:28 EDT 2007

At 10:34 -0400 9/11/07, John Von Essen wrote:

>All I am saying is simply state in policy, that if an AS advertises a
>prefix and uses an IP range, that in-addr.arpa zone for those IPs has to
>be at least be configured to return an SOA and avoid this problem of
>timeouts. If they dont, that AS is violating policy, and if they dont
>resolve it, the dns delegation would be removed all together - with a
>specified time table (say within 30 days).

2005-3 kind of already answers this, but it does say "lame" 
delegations.  If we expand the scope to include all name servers that 
fail to respond we have to define what fail to respond means.  "Fail 
to respond over an X day window, tested a few times daily."  "Fail to 
respond to queries issued from set point/s in the public Internet." 
(UDP is pain when it comes to specifying what constitutes a failure 
case because the protocol is inherently unreliable.)

The irritation is where to draw the line between policy and specifics 
of the implementation.
Edward Lewis                                                +1-571-434-5468

Think glocally.  Act confused.

More information about the ARIN-PPML mailing list