[arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

Jo Rhett jrhett at netconsonance.com
Fri Oct 5 00:40:06 EDT 2018


> The change is that ARIN is (or will soon be) no longer accepting DNSSEC DS records for reverse DNS for those resources that are not covered by RSA or LRSA.  This is a change from current operational practice, and it effectively disables the *community's* ability to validate reverse DNS for these holders.

Refusing to authenticate resources used by holders who cannot be validated is a feature, not a bug.

My fees (and everyone elses) pay ARIN to validate and certify the resource holders. They absolutely should not publish resources they cannot validate or certify.  They absolutely should not under any circumstances extended resources to perform validation and certification to people who’ve been playing this game for closing on three decades.

ARIN has real issues to deal with, and the hundred or so resource holders who want to keep stealing the time and effort of everyone involved in ARIN for their little pity party should go away. It doesn’t below on the PPML list, which should be concerned exclusively with the legitimate needs of cooperative and legally contracted entities.

This was an active topic when I was a freakin child. As I near retirement and death, it’s time for this to stop. It’s time for these resources to be 

1. Marked as unknown/unvalidated
2. Added to all abuse tracking DBs as unknown/unmanaged

And it’s time for all the unvalidated resource holders stop whining about their rights. You’ve had decades to join the party. We owe you nothing.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20181004/8ea5d1dc/attachment-0001.html>


More information about the ARIN-PPML mailing list