[ppml] Comments on ARIN's reverse DNS mapping policy
Edward Lewis
Ed.Lewis at neustar.biz
Tue Sep 11 12:13:28 EDT 2007
At 10:34 -0400 9/11/07, John Von Essen wrote:
>All I am saying is simply state in policy, that if an AS advertises a
>prefix and uses an IP range, that in-addr.arpa zone for those IPs has to
>be at least be configured to return an SOA and avoid this problem of
>timeouts. If they dont, that AS is violating policy, and if they dont
>resolve it, the dns delegation would be removed all together - with a
>specified time table (say within 30 days).
2005-3 kind of already answers this, but it does say "lame"
delegations. If we expand the scope to include all name servers that
fail to respond we have to define what fail to respond means. "Fail
to respond over an X day window, tested a few times daily." "Fail to
respond to queries issued from set point/s in the public Internet."
(UDP is pain when it comes to specifying what constitutes a failure
case because the protocol is inherently unreliable.)
The irritation is where to draw the line between policy and specifics
of the implementation.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Think glocally. Act confused.
More information about the ARIN-PPML
mailing list