[arin-ppml] ARIN-prop-167 Removal of Renumbering Requirement for Small Multihomers

Jo Rhett jrhett at netconsonance.com
Wed May 2 00:35:22 EDT 2012

On May 1, 2012, at 9:52 AM, William Herrin wrote:
> First there's DNS pinning. Because of DNS pinning, web browsers won't
> follow your new IP address when the DNS TTL runs out. In some cases,
> not until the browser is completely stopped and restarted, such as
> with a reboot. If you keep the old IP address alive, you'll notice the
> occasional request from a perfectly ordinary web browser come in
> months after you changed the IP.

Yeah, so I just went through testing exactly this failover with extensive logs of every packet received and I can assure you that you won't miss a single HTTP hit that you care to receive. After 2 minutes post TTL expiration, the queries which were received at the old IPs were in the following list:

1. Yahoo search bots. It took about 4 hours for Yahoo search bots to update with new content.

2. Google search bots -- NOTE: they noticed and did index the new IPs right on schedule, they simply apparently also try the old IPs. There was no outage for Google, as new results showed up within 10 minutes.

3. A wide variety of other bots, some of whom claim to be versions of Internet Explorer that never existed.

4. A small variety of Internet sites using MSIE 6 or older. Querying back to the IPs on these sites, many appeared to be running MS DNS servers. 

You'll note that in our update we didn't see a single delayed query from Google Chrome, Firefox, Safari, MSIE, iOS, Android or Blackberry. Not a single one. No, DNS pinning is not a real issue. Yes, there are hits on the old address, and no you don't care about not receiving them.

> Then there's the email spam control systems. They're heavily based on
> IP addresses. Start emitting a lot of email from an address that
> didn't previously do so? Spammer. Blocked. And tracking down all the
> various whitelist and feedback loops (all of them IP based) that you
> talked your way in to over the years is a major chore.

I didn't say easy, and I didn't say 100% fall over. If you are a production e-mail site you know how to build trust in your IPs. I just did exactly this at $dayjob and it took me less than 14 days to get high-volume delivery working through all our channels.

> And that's before you deal with all the myriad custom applications
> where the developer was  too inexperienced or too lazy to implement
> DNS in the first place.

I'm really not sure what this has to do with the top.

> It may not be possible to overstate just how bad renumbering is.

Bogus.  Yes, it is hard.  But we are all network engineers, and the work involved in migrations like this simply don't take that much effort.

Do you find driving to the store and getting groceries equally hard?  I do.  It's a pain.  But I do it all the time, it's how I feed myself / how I do my job as a network engineer.

Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

More information about the ARIN-PPML mailing list