[ppml] Comments on ARIN's reverse DNS mapping policy

John Von Essen john at quonix.net
Tue Sep 11 12:29:07 EDT 2007


Identical issues to what I am experiencing. If people look deeply  
enough, I am confident there are many Org's who operate AS's with no  
in-addr.arpa SOA on there DNS servers.

If anything, can we agree on the fact the current policy is too  
vague. I had to email ARIN's hostmaster 2 or 3 times to understand it  
- it can be read many ways. And the explanation I got from hostmaster  
was if an AS properly configures at least one in-addr.arpa zone, then  
Arin will bless the entire delegation and not consider the dns server  
as lame. To be honest, I have no idea how one draws that conclusion  
from the wording on the policy.

DNS is a standard protocol. The policy should specifically state the  
dns servers must return a valid SOA for each in-addr.arpa in their IP  
prefix that they advertise from their AS (i.e. they dont have to do  
it for IPs they dont use). If any in-addr.arpa does not return an  
SOA, then that AS is in violation, and their nameserver will be  
considered lame and suspect for removal from reverse delegation.

I dont think it is a requirement that ARIN proactively seek and find  
AS's that are in violation, but it should be in the policy.

Those 2 or 3 sentences are all that is needed.


On Sep 11, 2007, at 12:08 PM, Sam Weiler wrote:

> dig +trace 79.114.208.in-addr.arpa.

Thanks,
John Von Essen
(800) 248-1736 ext 100
john at quonix.net


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20070911/3e53db74/attachment.html>


More information about the ARIN-PPML mailing list