[ppml] Policy Proposal: Modification to Reverse Mapping Policy

Scott Leibrand sleibrand at internap.com
Wed Sep 12 17:15:19 EDT 2007 

Dean Anderson wrote:
> This proposal is misguided since it decides lameness on a per-nameserver 
> basis rather than a per zone basis.
>
> A DNS zone is working if even one nameserver responds to queries for
> that zone.
>
> It doesn't matter if a nameserver serves multiple zones, some of which
> it actually is configured to serve, and thus is not lame for some zones.  
> Nor does it matter if a nameserver serves multiple zones, and does not
> respond for any of those zones.
>   
True.

> The current policy properly identifies lameness by zone, and removes
> delegation records when the _zone_ is lame. A zone is only lame when
> _no_ nameservers respond to queries for that zone.  In that case, ARIN
> can, after appropriate steps, remove delegation records.

Not quite.  ARIN's current operational policy requires that all zones 
for a given registration be lame before considering the registration 
lame, and triggering the notification and removal process.  If a 
registrant gets a /22, and only sets up reverse DNS for one /24, ARIN 
does not take action against the other three zones (/24's).  This seems 
to be an artifact of the fact that you define a single set of DNS server 
per registration, not per zone (/24, /16, or /8), so ARIN only takes 
action at the level of the registration, not the level of the zone 
(where the problems actually arise).

> The current
> policy is proper so that ARIN nameservers can give out NXDomain
> responses (which are also cached) for those zones that won't be
> supported anyway.
>
> However, if even one nameserver responds for a zone, there is no reason
> for ARIN to take any steps at all: The zone is not lame.  It is not
> ARIN's responibility to monitor the uptime of all delegated namesevers,
> or otherwise ensure that all nameservers are working for a zone, or for
> any group of zones.  There is no harm to ARIN if the zone is not lame,
> but some of the nameservers for that zone are not working.
>   

Agreed.

-Scott

More information about the ARIN-PPML mailing list