[arin-ppml] ARIN-prop-167 Removal of Renumbering Requirement for Small Multihomers

Ted Mittelstaedt tedm at ipinc.net
Thu May 3 01:06:31 EDT 2012 

On 5/2/2012 9:11 PM, Jimmy Hess wrote:
> 'On 5/1/12, Jo Rhett<jrhett at netconsonance.com>  wrote:
>> On May 1, 2012, at 9:52 AM, William Herrin wrote:
>>> First there's DNS pinning. Because of DNS pinning, web browsers won't
>>> follow your new IP address when the DNS TTL runs out. In some cases,
>
> What?  Web servers are a snap to renumber; DNS pinning is not an
> issue.     Recursive DNS servers are harder to renumber,  because the
> IP addresses are often configured directly by hand  on end user
> systems,

That's not really a problem, though.

Remember, although you are required to turn in the netblock, nothing
prevents you from continuing to use that netblock internally, unless
whoever gets your relinquished netblock decides to use it on something
that your users want to get to.

When I did renumbering of DNS servers I simply took the old netblock 
after turning it in and setup a small network that had just the old
DNS servers on it.  Those servers were configured as caching servers
and forwarders to the new DNS servers.

I setup new DNS servers on the new IP addresses.  Users who had
the old numbers hard-coded would do queries to the old server IPs
which I would route internally to my small network.  I did this
for years and then finally when the volume of traffic had dropped
enough, I started selectively blocking parts of my network from
this little subnet every few weeks.  I'd institute a block on
Monday, and get a few calls from people complaining things didn't
work, I'd tell them to renumber their DNS servers, they would do it,
and life would go on.  In a few cases where the users had extenuating
circumstances I'd lift the block and give them 30 days or whatever.

  which means that a  per-system cost must be incurred  if
> this activity cannot be automated,  IT staff time must be consumed to
> reconfigure DNS server settings on each network device,   costs are
> incurred to the END user of the ISP,  and they may be  annoyed that
> their ISP's  renumbering  requires that they expend  man hours to
> update configurations of their equipment.
>

Not really true since this renumbering can be done as old equipment dies
and is cycled out of service.

> Unfortunately, the DNS RFCs don't provide a method for a  recursive
> DNS server to tell the end user client system to   permanently
> reconfigure the IP address of the server queried to the new one
> (without end user intervention).
>

Captain Kirk to Saavik, Wrath of Kahn:

"You have to learn why things work on a starship"

You have to learn why things work in TCP/IP.  Once you do you will
understand how trivial this problem is to get around and why they
didn't bother cluttering up DNS with something like that.

>
>
> A standard method of renumbering is to  transition services.
> Web servers get configured with both old and new IP addresses.
> The DNS records are updated, and both new and old IP addresses are
> valid until renumbering is completed.
>
> DNS pinning beyond a normal DNS TTL period would be an anomaly,  and
> is likely a unique issue to be addressed by the end user   (by
> rebooting their equipment).
>
> But beyond a few days, its an imaginary problem.
> Note that the ARIN /24 policy allows a 12 month transition period,
> which is plenty of time
> to have DNS changes to a webserver hostname take effect.
>
> Browser windows don't get left open for 3 months.    Even if the DNS
> pinning _DID_ happen to be broken in some version of a major browser
> in use by users;    that can be addressed by the amount of time  that
> the renumbering is performed over.
>
> It is not as if the /24 assignment policy requirement is that the ISP
> complete their renumbering  within 30 days.
>

Let me say that years ago Microsoft produced a DNS server that IGNORED
expiration TTL's.  They quickly fixed that in a service pack, but I have 
- once - run into a commercial entity that was using an unpatched
Windows server that had this bug.

Your correct this is an imaginary problem if everyone followed the
standards.  Unfortunately not everyone does.  It is a real problem.
But, it is only a real problem to people who aren't following the rules,
and I don't cotton on to the idea of helping those kinds of people
make their lives easier.

Ted

> --
> -JH
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list