[arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

Steven Ryerse SRyerse at eclipse-networks.com
Fri Oct 5 10:00:03 EDT 2018


It would be interesting to know how many of each size legacy holders that haven't signed are still out there.  What about the big holders like AT&T and others that have /8's and other large sized blocks?  Have they all signed an LSRA/RSA?  I think legacy holders want to be treated the same way (equally) - so if even one of the /8 holders hasn't signed then the /24 holders should not be forced to sign.  The /8 holders have legions of attorneys but the /24 holders don't.  


Steven Ryerse
President
100 Ashford Center North, Suite 110, Atlanta, GA  30338
770.656.1460 - Cell
770.399.9099 - Office
770.392.0076 - Fax

℠ Eclipse Networks, Inc.
                     Conquering Complex Networks℠

-----Original Message-----
From: ARIN-PPML <arin-ppml-bounces at arin.net> On Behalf Of hostmaster at uneedus.com
Sent: Friday, October 5, 2018 8:30 AM
To: arin-ppml at arin.net
Subject: Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

He did not mention an AS number.  Being a small player, he might like myself get away with using one of the AS's in the private network range, or might just be single homed, in which case he does not need it.

As to spinning off the Legacy holders to another registry, I do not think this is fair either.  ARIN knew from its beginning that there would be legacy holders to be served, and that they could not "force" them to pay.

As to the amount of "work" that is required to maintain reverse dns, it is certainly true there is very little without signing.  In most cases, as long as the reverse name servers do not change names, it would be many years between any updates.  With signing, there would be a bit more, but is not that done with the same automation that was written to support the RSA holders?  Annual verification is ARIN policy.  Since it was not required when legacy holders received their numbers, that cost is solely an ARIN cost.  If ARIN does not want to pay it, simply stop verifying the legacy holders.

In order to calculate fair costs to "use" the ARIN systems to update the signing keys I need to know some facts.  What is the number of these "legacy" holders, and what is the total number of holders in total?  Also, what is the cost to operate this system per year?

I suspect we are talking a small number when the numbers are calculated.

I ask these things in respect to ALL legacy holders.  While inspired by the recent discussion, putting this person aside does not change the overall issue in addressing signing in regard to legacy holders.

The complete answer lies in retirement of IPv4, but I doubt we will get there in my lifetime.

Albert Erdmann
Network Administrator
Paradise On Line Inc.


On Fri, 5 Oct 2018, William Herrin wrote:

> On Fri, Oct 5, 2018 at 12:13 AM Jo Rhett <jrhett at netconsonance.com> wrote:
>> What’s happening here is that you desire to not only continue to 
>> freeload when ARIN has spent decades trying to get you to play nice 
>> with others, but you want ARIN to create brand new services and then give those to you for free.
>
> Every time the toxic arguments about legacy holders rear their head on 
> PPML I become more convinced that the legacy holdings should be forked 
> off to a distinct registry. Let legacy registrants sign a contract (or
> not) which establishes no obligations on the registrant's part and buy 
> services (or not) as they choose. And let ARIN be ARIN without the 
> baggage.
>
> As long as the legacy registrants are within ARIN, the fairness 
> question will remain unresolvable. It's not fair that modern 
> registrants face compulsions under an adhesion contract while older 
> registrants do not. Nor is it fair to expect older registrants to 
> accept an adhesion contract whose compulsive nature was not so much as 
> a gleam in anyone's eye when they joined the ranks of TCP/IP users.
>
> Regards,
> Bill Herrin
>
>
> --
> William Herrin ................ herrin at dirtside.com  bill at herrin.us 
> Dirtside Systems ......... Web: <http://www.dirtside.com/> 
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to the ARIN 
> Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>


More information about the ARIN-PPML mailing list