[arin-ppml] New Version of ARIN-prop-126: Compliance Requirement

David Farmer farmer at umn.edu
Wed Feb 16 11:47:54 EST 2011 

I support the the intended result of this proposal and this is text is 
an improvement.  However, I have a problem with the removal of DNS 
service without some kind of signal to third parties.

As a third party under this proposal all I see is reverse DNS breaking 
and have no clue why.  Is it an action by ARIN, a lame delegation, a 
temporary problem of some other kind.

One option would be some kind of status field associated with the Whois 
record stating the DNS service is suspended.

Another option, could be to change the DNS pointer records in Whois and 
the production DNS, referring to a DNS service operated by ARIN for 
suspended DNS.  Maybe with a wildcard returning "Suspended.DNS.ARIN.net" 
as the PTR record for all recursive look-ups for resources that have the 
DNS suspended.  This provides in-band feed back and feedback through 
Whois in the nameserver field.

A final option, ARIN could simply publish a list of resource for which 
it has suspended DNS.  This is my least preferred option, it is out-of 
band and I have to go look someplace else then Whois.  But it might be a 
good stop-gap solution allowing ARIN time to implement one or both of 
the above solutions.

Breaking DNS in a way that is invisible to third parties is not good 
operational practice.  In this case the cure might be worse then the 
disease.  So find a way to operationally signal that DNS has been 
suspended then I'll support the proposal.  This might not require any 
change to the policy text itself, this may simply need to be an 
implementation note in the rationale.

On 2/16/11 09:34 CST, Chris Grundemann wrote:
> Hail PPML!
>
> I am the primary AC shepherd for ARIN-prop-126: Compliance Requirement
> and I would like to hear your comments and feedback on this new
> version of the proposal (included below). If the community is happy
> with this text; I will take the necessary steps as shepherd to advance
> it to the next stage of the process, which would be getting the AC to
> promote it to a draft policy (https://www.arin.net/policy/pdp.html).
>
> One thing to note: This proposal updates existing policy and as such
> not all of the text is new or a change. Please review the current
> policy language when evaluating this proposal:
> https://www.arin.net/policy/nrpm.html#twelve.
>
> Thanks in advance for your input!
>
> Cheers,
> ~Chris
>
> ####
>
> ARIN-prop-126: Compliance Requirement
>
> Proposal Originator: Marla Azinger
>
> Proposal Version: 2
>
> Date: 16 February 2011
>
> Proposal type: new
>
> Policy term: permanent
>
> Policy statement:
>
> Resource Review
> Update the following NRPM Sections:
>
> 12.4 - Update to: Organizations found by ARIN to be out of compliance
> with current ARIN policy shall be required to update reassignment
> information or return resources as needed to bring them into (or
> reasonably close to) compliance.
>
> 1. The degree to which an organization may remain out of compliance
> shall be based on the reasonable judgment of the ARIN staff and shall
> balance all facts known, including the organization's utilization
> rate, available address pool, and other factors as appropriate so as
> to avoid forcing returns which will result in near-term additional
> requests or unnecessary route de-aggregation.
> 2. To the extent possible, entire blocks should be returned. Partial
> address blocks shall be returned in such a way that the portion
> retained will comprise a single aggregate block.
>
> (leave 12.5 as is)
>
> 12.6 - Update to: Except in cases of fraud, an organization shall be
> given a minimum of thirty (30) days to respond. If an organization
> does not respond within those thirty (30) days, ARIN may cease
> providing reverse DNS services to that organization. If progress of
> resource returns or record corrections is not visible within sixty
> (60) days after correspondence with ARIN began, ARIN will cease
> providing reverse DNS services for the resources in question. At any
> time after ninety (90) days have passed, ARIN may initiate resource
> revocation as allowed in paragraph 12.5. ARIN shall negotiate a longer
> term with the organization if ARIN believes the organization is
> working in good faith to substantially restore compliance and has a
> valid need for additional time to renumber out of the affected blocks.
>
> Rationale:
>
> Version 2 addresses several staff and legal concerns with the original
> text of this policy by clarifying the language and making it more
> concrete.
>
> To date the community has not documented or firmly established use of
> an effective enforcement mechanism. This policy will support current
> policy and compel those who are allocated ARIN resources to maintain
> the proper WHOIS records in accordance with ARIN NRPM. While it is
> recognized this is not an absolute solution to ensure compliance, it
> is the best method under current ARIN policies.
>
> Timetable for implementation: Immediate
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.


-- 
===============================================
David Farmer               Email:farmer at umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota	
2218 University Ave SE	    Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

More information about the ARIN-PPML mailing list