<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1597" name=GENERATOR></HEAD>
<BODY
style="WORD-WRAP: break-word; khtml-nbsp-mode: space; khtml-line-break: after-white-space">
<DIV><SPAN class=313173821-11092007><FONT face=Arial size=2>Hi
John,</FONT></SPAN></DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial size=2> No, I
understood perfectly that is why I took pains to explain that while we don't put
in</FONT></SPAN></DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial size=2>PTR records we do
have the in-addr.arpa stuff setup for our in-use numbers in our
block.</FONT></SPAN></DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial size=2> What I was
trying to make as a point is that your assuming your ISP forgot to
put</FONT></SPAN></DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial size=2>them in. I'm saying
they may be deliberately not putting them in precisely to create
those</FONT></SPAN></DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial size=2>annoying long
timeouts.</FONT></SPAN></DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial size=2>Note this doesen't
qualify as a DDoS attack because the delays don't happen if
the</FONT></SPAN></DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial size=2>recipeint TCP host
doesen't do a PTR query. There's no requirement in the
standard</FONT></SPAN></DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial size=2>that requires a host
like a mailserver or suchlike to do a reverse record lookup.</FONT></SPAN></DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial size=2> I didn't say
this was optimal.</FONT></SPAN></DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=313173821-11092007><FONT face=Arial
size=2>Ted</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> ppml-bounces@arin.net
[mailto:ppml-bounces@arin.net]<B>On Behalf Of </B>John Von
Essen<BR><B>Sent:</B> Tuesday, September 11, 2007 2:33 PM<BR><B>To:</B> Public
Policy Mailing List<BR><B>Subject:</B> Re: [ppml] Comments on ARIN's reverse
DNS mapping policy<BR><BR></FONT></DIV>Ted,
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>Your are making the same incorrect judgement over my original post.</DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>Let me repeat, the issue is NOT about ISP's and forcing them to have
PTRs.</DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>I agree with you, the ISP doesn't need to have a PTR record for DSL IPs.
It even helps curb spam.</DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>But that is not the issue.</DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>The issue is the ISP is operating a given IP range, say 5.5.5.0/24, and
the DNS server that ARIN delegates reverse authority to does NOT have the
5.5.5.in-addr.arpa zone conigured at all, which means there is no SOA or NS
record for in-addr.arpa zone. This is all way before we get to PTR
records.</DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>The problem with this is when you try to reverse the 5.5.5.0/24 IP you
get a long timeout. (See dig +trace 191.161.76.in-addr.arpa.) If they map the
in-addr.arpa zone, and decide to NOT enter any PTR's (which is okay) a reverse
query would immediately return NXDOMAIN error, thereby not causing a
timeout.</DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>So why is this an issue? </DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>Creation of that timeout extends beyond the ISP's local customer base. It
effects 3rd party's that the ISP customer talks to. So the ISP is purposely
creating excessive dns query timeouts on 3rd party resolvers because they
failed to do a simple, and what I believe to be a required task - which is...
mapping all in-addr.arpa's with at least an SOA and NS record. Last time I
checked, causing excessive resource utilization on somebody else's system is
called a DoS attack. </DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>It is my opinion that if large scale abuse like this were to continue and
grow, it could develop into a serious issue affecting global DNS resolver
health. I feel ARIN policy has a responsibility to curb this potentional
anomaly.</DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>So please, no more posts about... "ISP's dont have to have PTR's". If you
are making that statement, you are completely missing the point of the initial
argument.</DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>-John</DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV><BR>
<DIV>
<DIV>On Sep 11, 2007, at 5:07 PM, Ted Mittelstaedt wrote:</DIV><BR
class=Apple-interchange-newline>
<BLOCKQUOTE type="cite">
<DIV style="MARGIN: 0px">John,</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px"><SPAN class=Apple-converted-space></SPAN>Sorry for
the top post but allow me to interject my $0.02 here.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px"><SPAN class=Apple-converted-space></SPAN>The
purpose of this mailing list is to flesh out proposals.<SPAN
class=Apple-converted-space> </SPAN>There have</DIV>
<DIV style="MARGIN: 0px">been enough postings on</DIV>
<DIV style="MARGIN: 0px">this topic for you to get an idea of what would
happen to such a proposal -</DIV>
<DIV style="MARGIN: 0px">it would be voted</DIV>
<DIV style="MARGIN: 0px">down as it's not in the RIR's scope of
responsibilities.<SPAN class=Apple-converted-space> </SPAN>I therefore
think</DIV>
<DIV style="MARGIN: 0px">your wasting your time</DIV>
<DIV style="MARGIN: 0px">filing a proposal.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px"><SPAN class=Apple-converted-space></SPAN>Now I have
read your ranting and some of the responses.<SPAN
class=Apple-converted-space> </SPAN>But there is one</DIV>
<DIV style="MARGIN: 0px">response that I</DIV>
<DIV style="MARGIN: 0px">didn't see and that you obviously didn't
consider.<SPAN class=Apple-converted-space> </SPAN>In my opinion, the</DIV>
<DIV style="MARGIN: 0px">network manager at</DIV>
<DIV style="MARGIN: 0px">your ISP is fully aware of the PTR issues and has
chosen to DELIBERATELY not</DIV>
<DIV style="MARGIN: 0px">entered</DIV>
<DIV style="MARGIN: 0px">the in-addr.arpa zone for your numbers.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px"><SPAN class=Apple-converted-space></SPAN>"Why would
those bozos do this" I hear you ask.<SPAN class=Apple-converted-space>
</SPAN>Very simple.<SPAN class=Apple-converted-space> </SPAN>I am</DIV>
<DIV style="MARGIN: 0px">assuming from the</DIV>
<DIV style="MARGIN: 0px">background information you have posted that your
DSL account is a simple</DIV>
<DIV style="MARGIN: 0px">retail DSL account.</DIV>
<DIV style="MARGIN: 0px">Well, the ISP that your buying it from may not want
you running servers on</DIV>
<DIV style="MARGIN: 0px">that account.</DIV>
<DIV style="MARGIN: 0px">Nor may they not want you making direct SMTP
connections to other people's</DIV>
<DIV style="MARGIN: 0px">mailservers from</DIV>
<DIV style="MARGIN: 0px">that IP address.<SPAN class=Apple-converted-space>
</SPAN>They have their own mailserver - maybe they think if you</DIV>
<DIV style="MARGIN: 0px">want to relay outbound</DIV>
<DIV style="MARGIN: 0px">mail then relay it through their server.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px"><SPAN class=Apple-converted-space></SPAN>Most of
the gloom-and-doom scenarios you describe about the lack of PTR</DIV>
<DIV style="MARGIN: 0px">records</DIV>
<DIV style="MARGIN: 0px">simply do not apply.<SPAN
class=Apple-converted-space> </SPAN>We have NEVER had valid PTR's on our
modem dialup IP</DIV>
<DIV style="MARGIN: 0px">pools</DIV>
<DIV style="MARGIN: 0px">for the simple reason that in any given time at
least 20% of our modem</DIV>
<DIV style="MARGIN: 0px">customers are</DIV>
<DIV style="MARGIN: 0px">running systems that are infected with SMTP mailer
viruses.<SPAN class=Apple-converted-space> </SPAN>If one of our</DIV>
<DIV style="MARGIN: 0px">infected</DIV>
<DIV style="MARGIN: 0px">customers transmits spam to a destination
mailserver, it is very simple for</DIV>
<DIV style="MARGIN: 0px">that server</DIV>
<DIV style="MARGIN: 0px">to reject the SMTP handshake on a failure to have
either a forward or a</DIV>
<DIV style="MARGIN: 0px">reverse record</DIV>
<DIV style="MARGIN: 0px">in the DNS without having to spend lots of CPU time
scanning the message for</DIV>
<DIV style="MARGIN: 0px">spamliness.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">And sure, we could block</DIV>
<DIV style="MARGIN: 0px">outbound SMTP - which then is going to cause other
complaints, plus there is</DIV>
<DIV style="MARGIN: 0px">the</DIV>
<DIV style="MARGIN: 0px">philosophical argument about blocking.<SPAN
class=Apple-converted-space> </SPAN>A dialup user could have a
perfectly</DIV>
<DIV style="MARGIN: 0px">legitimate need for</DIV>
<DIV style="MARGIN: 0px">outbound SMTP so why block.<SPAN
class=Apple-converted-space> </SPAN>By contrast, chances a user would have
a</DIV>
<DIV style="MARGIN: 0px">legitimate</DIV>
<DIV style="MARGIN: 0px">need for in-addr.arpa is far lower, and much easier
to accomodate in any</DIV>
<DIV style="MARGIN: 0px">case.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px"><SPAN class=Apple-converted-space></SPAN>As for our
DSL customers, we do not by default add in PTR records</DIV>
<DIV style="MARGIN: 0px">(although we do</DIV>
<DIV style="MARGIN: 0px">have the in-addr.arpa zones properly setup and
referred to the nameserver)</DIV>
<DIV style="MARGIN: 0px">If you were our</DIV>
<DIV style="MARGIN: 0px">customer and you called complaining I would have a
very serious and long</DIV>
<DIV style="MARGIN: 0px">discussion with</DIV>
<DIV style="MARGIN: 0px">you to figure out exactly what you were doing and
whether you were violating</DIV>
<DIV style="MARGIN: 0px">any of our</DIV>
<DIV style="MARGIN: 0px">AUPs.<SPAN class=Apple-converted-space>
</SPAN>Assuming you were in the category of "home user that wants to
dink</DIV>
<DIV style="MARGIN: 0px">around with</DIV>
<DIV style="MARGIN: 0px">a personal mailserver" I'd set it up for you.<SPAN
class=Apple-converted-space> </SPAN>We have a number of those.</DIV>
<DIV style="MARGIN: 0px">But, if your</DIV>
<DIV style="MARGIN: 0px">trying to scam us, that would be a different
story.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px"><SPAN class=Apple-converted-space></SPAN>We have
had, for example, people in the past who have purchased</DIV>
<DIV style="MARGIN: 0px">RESIDENTIAL</DIV>
<DIV style="MARGIN: 0px">dsl accounts from us then attempted to setup a
mailserver using fetchmail or</DIV>
<DIV style="MARGIN: 0px">some</DIV>
<DIV style="MARGIN: 0px">such at a business site.<SPAN
class=Apple-converted-space> </SPAN>Not all businesses use commercial
buildings or</DIV>
<DIV style="MARGIN: 0px">have business</DIV>
<DIV style="MARGIN: 0px">telephone numbers and it's possible for some of
them to slip in a</DIV>
<DIV style="MARGIN: 0px">residential order without</DIV>
<DIV style="MARGIN: 0px">the ISP knowing.<SPAN class=Apple-converted-space>
</SPAN>Those customers then find a month into it that a large</DIV>
<DIV style="MARGIN: 0px">percentage of their</DIV>
<DIV style="MARGIN: 0px">outbound mail is spam-blocked by other ISPs for
failure to have proper DNS</DIV>
<DIV style="MARGIN: 0px">setup - they</DIV>
<DIV style="MARGIN: 0px">then call us complaining and that flushes them out
of the woodwork.<SPAN class=Apple-converted-space> </SPAN>To get</DIV>
<DIV style="MARGIN: 0px">the desired</DIV>
<DIV style="MARGIN: 0px">DNS mapping they have to pay more money for a
business account, of course.</DIV>
<DIV style="MARGIN: 0px">(and</DIV>
<DIV style="MARGIN: 0px">usually most of them do, with a comment along the
lines of "I guess ya</DIV>
<DIV style="MARGIN: 0px">caught me")</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">Today with organizations like dydns.org who's sole
purpose is to assist</DIV>
<DIV style="MARGIN: 0px">businesses to cheat ISP's, there are not a lot of
tools an ISP has at it's</DIV>
<DIV style="MARGIN: 0px">disposal to</DIV>
<DIV style="MARGIN: 0px">catch cheaters that don't have a lot of side
effects.<SPAN class=Apple-converted-space> </SPAN>Control of</DIV>
<DIV style="MARGIN: 0px">in-addr.arpa records</DIV>
<DIV style="MARGIN: 0px">is one of the few.<SPAN
class=Apple-converted-space> </SPAN>I am not saying it is a great way.<SPAN
class=Apple-converted-space> </SPAN>But dydns.org is a</DIV>
<DIV style="MARGIN: 0px">far, far more horrible</DIV>
<DIV style="MARGIN: 0px">hack.<SPAN class=Apple-converted-space> </SPAN>I
have seen cheaters setting up DNS records with SOA timers set at</DIV>
<DIV style="MARGIN: 0px">under a minute,</DIV>
<DIV style="MARGIN: 0px">causing virtually EVERY SINGLE dns query for their
domain to cause a root</DIV>
<DIV style="MARGIN: 0px">server query -</DIV>
<DIV style="MARGIN: 0px">costing the Internet hundreds of dollars of extra
network load a month just</DIV>
<DIV style="MARGIN: 0px">so the cheater</DIV>
<DIV style="MARGIN: 0px">can save $20 a month on a business DSL line.<SPAN
class=Apple-converted-space> </SPAN>If you want to start throwing</DIV>
<DIV style="MARGIN: 0px">around</DIV>
<DIV style="MARGIN: 0px">policy proposals to police the Internet well then
how about a minimum DNS</DIV>
<DIV style="MARGIN: 0px">expiration</DIV>
<DIV style="MARGIN: 0px">requirement of 6 hours?<SPAN
class=Apple-converted-space> </SPAN>Don't start with the stone throwing if
your sitting</DIV>
<DIV style="MARGIN: 0px">in a</DIV>
<DIV style="MARGIN: 0px">glass house.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">As for your GoDaddy scenario, well the application
controls UDP timeout.<SPAN class=Apple-converted-space> </SPAN>If</DIV>
<DIV style="MARGIN: 0px">GoDaddy</DIV>
<DIV style="MARGIN: 0px">is finding - like we have found with our own
mailservers - that a 5 minute</DIV>
<DIV style="MARGIN: 0px">retry timeout is</DIV>
<DIV style="MARGIN: 0px">to long for a missing PTR check, then it is trivial
to change the sendmail</DIV>
<DIV style="MARGIN: 0px">config to lower</DIV>
<DIV style="MARGIN: 0px">the timeout.<SPAN class=Apple-converted-space>
</SPAN>So, people not loading in-addr.arpa isn't going to be a</DIV>
<DIV style="MARGIN: 0px">problem for them any</DIV>
<DIV style="MARGIN: 0px">more than it's a problem for us for other ISP's who
also don't load</DIV>
<DIV style="MARGIN: 0px">in-addr.arpa</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">As for Telnet and SSH yes well that is an annoyance
if your setting a SSH or</DIV>
<DIV style="MARGIN: 0px">Telnet server</DIV>
<DIV style="MARGIN: 0px">up on your DSL line and you want to telnet into
it.<SPAN class=Apple-converted-space> </SPAN>But the vast majority</DIV>
<DIV style="MARGIN: 0px">of users don't</DIV>
<DIV style="MARGIN: 0px">do this.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">Your story sounds like your just being given the
usual brush-off by your</DIV>
<DIV style="MARGIN: 0px">ISP, they are pretending they are stupid about this
issue, because they</DIV>
<DIV style="MARGIN: 0px">don't want</DIV>
<DIV style="MARGIN: 0px">to engage you in a discussion to explain their
reasons for not setting up</DIV>
<DIV style="MARGIN: 0px">in-addr.arpa</DIV>
<DIV style="MARGIN: 0px">I noticed your mail is coming from 76.161.192.192
so you obviously figured</DIV>
<DIV style="MARGIN: 0px">out how</DIV>
<DIV style="MARGIN: 0px">to get a static IP that doesen't have this
problem.<SPAN class=Apple-converted-space> </SPAN>I would submit that</DIV>
<DIV style="MARGIN: 0px">your real beef</DIV>
<DIV style="MARGIN: 0px">is that you want to pay residential rates on a
dynamic IP not business rates</DIV>
<DIV style="MARGIN: 0px">on a</DIV>
<DIV style="MARGIN: 0px">static IP.<SPAN class=Apple-converted-space>
</SPAN>I would also ask you if you would like it if one of your</DIV>
<DIV style="MARGIN: 0px">business customers on</DIV>
<DIV style="MARGIN: 0px">quonix.net were to setup a bunch of mailboxes
ostensibly for users in their</DIV>
<DIV style="MARGIN: 0px">business,</DIV>
<DIV style="MARGIN: 0px">when in reality they were doing a fetchmail
solution for a bunch of other</DIV>
<DIV style="MARGIN: 0px">companies</DIV>
<DIV style="MARGIN: 0px">and using you merely as a spam filter, and
reselling your service (and</DIV>
<DIV style="MARGIN: 0px">making far more</DIV>
<DIV style="MARGIN: 0px">money doing that then your making from them)</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">Take care!</DIV>
<DIV style="MARGIN: 0px">Ted</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">-----Original Message-----</DIV>
<DIV style="MARGIN: 0px">From: ppml-bounces@arin.net [<A
href="mailto:ppml-bounces@arin.net">mailto:ppml-bounces@arin.net</A>]On
Behalf Of John</DIV>
<DIV style="MARGIN: 0px">Von Essen</DIV>
<DIV style="MARGIN: 0px">Sent: Tuesday, September 11, 2007 11:31 AM</DIV>
<DIV style="MARGIN: 0px">To: Public Policy Mailing List</DIV>
<DIV style="MARGIN: 0px">Subject: Re: [ppml] Comments on ARIN's reverse DNS
mapping policy</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">Well, I for one would like to take on this project.
How does one begin to</DIV>
<DIV style="MARGIN: 0px">submit a policy proposal?</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">-John</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">On Sep 11, 2007, at 2:15 PM, <A
href="mailto:cja@daydream.com">cja@daydream.com</A> wrote:</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">If the policy needs updating I really hope one of
you will take on the</DIV>
<DIV style="MARGIN: 0px">project and submit suggested changes in the form of
a policy proposal. There</DIV>
<DIV style="MARGIN: 0px">are a number of us on the AC who are more than
willing to help and shepherd</DIV>
<DIV style="MARGIN: 0px">it through the process. The great thing about the
policy process is that if</DIV>
<DIV style="MARGIN: 0px">you don't like a policy you can take action and
fix/change it.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">Thanks!</DIV>
<DIV style="MARGIN: 0px">----Cathy</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">On 9/11/07, John Von Essen <<A
href="mailto:john@quonix.net">john@quonix.net</A>> wrote:</DIV>
<DIV style="MARGIN: 0px">Identical issues to what I am experiencing. If
people look deeply enough, I</DIV>
<DIV style="MARGIN: 0px">am confident there are many Org's who operate AS's
with no in-addr.arpa SOA</DIV>
<DIV style="MARGIN: 0px">on there DNS servers.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">If anything, can we agree on the fact the current
policy is too vague. I had</DIV>
<DIV style="MARGIN: 0px">to email ARIN's hostmaster 2 or 3 times to
understand it - it can be read</DIV>
<DIV style="MARGIN: 0px">many ways. And the explanation I got from
hostmaster was if an AS properly</DIV>
<DIV style="MARGIN: 0px">configures at least one in-addr.arpa zone, then
Arin will bless the entire</DIV>
<DIV style="MARGIN: 0px">delegation and not consider the dns server as lame.
To be honest, I have no</DIV>
<DIV style="MARGIN: 0px">idea how one draws that conclusion from the wording
on the policy.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">DNS is a standard protocol. The policy should
specifically state the dns</DIV>
<DIV style="MARGIN: 0px">servers must return a valid SOA for each
in-addr.arpa in their IP prefix</DIV>
<DIV style="MARGIN: 0px">that they advertise from their AS (i.e. they dont
have to do it for IPs they</DIV>
<DIV style="MARGIN: 0px">dont use). If any in-addr.arpa does not return an
SOA, then that AS is in</DIV>
<DIV style="MARGIN: 0px">violation, and their nameserver will be considered
lame and suspect for</DIV>
<DIV style="MARGIN: 0px">removal from reverse delegation.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">I dont think it is a requirement that ARIN
proactively seek and find AS's</DIV>
<DIV style="MARGIN: 0px">that are in violation, but it should be in the
policy.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">Those 2 or 3 sentences are all that is
needed.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">On Sep 11, 2007, at 12:08 PM, Sam Weiler
wrote:</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">dig +trace 79.114.208.in-addr.arpa.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">Thanks,</DIV>
<DIV style="MARGIN: 0px">John Von Essen</DIV>
<DIV style="MARGIN: 0px">(800) 248-1736 ext 100</DIV>
<DIV style="MARGIN: 0px"><A
href="mailto:john@quonix.net">john@quonix.net</A></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV
style="MARGIN: 0px">_______________________________________________</DIV>
<DIV style="MARGIN: 0px">PPML</DIV>
<DIV style="MARGIN: 0px">You are receiving this message because you are
subscribed to the ARIN Public</DIV>
<DIV style="MARGIN: 0px">Policy</DIV>
<DIV style="MARGIN: 0px">Mailing List ( <A
href="mailto:PPML@arin.net">PPML@arin.net</A>).</DIV>
<DIV style="MARGIN: 0px">Unsubscribe or manage your mailing list
subscription at:</DIV>
<DIV style="MARGIN: 0px"><A
href="http://lists.arin.net/mailman/listinfo/ppml">http://lists.arin.net/mailman/listinfo/ppml</A>
Please contact the ARIN Member</DIV>
<DIV style="MARGIN: 0px">Services</DIV>
<DIV style="MARGIN: 0px">Help Desk at <A
href="mailto:info@arin.net">info@arin.net</A> if you experience any
issues.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">Thanks,</DIV>
<DIV style="MARGIN: 0px">John Von Essen</DIV>
<DIV style="MARGIN: 0px">(800) 248-1736 ext 100</DIV>
<DIV style="MARGIN: 0px"><A
href="mailto:john@quonix.net">john@quonix.net</A></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV></BLOCKQUOTE></DIV><BR>
<DIV><SPAN class=Apple-style-span
style="WORD-SPACING: 0px; FONT: 12px Helvetica; TEXT-TRANSFORM: none; COLOR: rgb(0,0,0); TEXT-INDENT: 0px; WHITE-SPACE: normal; LETTER-SPACING: normal; BORDER-COLLAPSE: separate; border-spacing: 0px 0px; khtml-text-decorations-in-effect: none; apple-text-size-adjust: auto; orphans: 2; widows: 2"><SPAN
class=Apple-style-span
style="WORD-SPACING: 0px; FONT: 12px Helvetica; TEXT-TRANSFORM: none; COLOR: rgb(0,0,0); TEXT-INDENT: 0px; WHITE-SPACE: normal; LETTER-SPACING: normal; BORDER-COLLAPSE: separate; border-spacing: 0px 0px; khtml-text-decorations-in-effect: none; apple-text-size-adjust: auto; orphans: 2; widows: 2"><SPAN
class=Apple-style-span
style="WORD-SPACING: 0px; FONT: 12px Helvetica; TEXT-TRANSFORM: none; COLOR: rgb(0,0,0); TEXT-INDENT: 0px; WHITE-SPACE: normal; LETTER-SPACING: normal; BORDER-COLLAPSE: separate; border-spacing: 0px 0px; khtml-text-decorations-in-effect: none; apple-text-size-adjust: auto; orphans: 2; widows: 2"><SPAN
class=Apple-style-span
style="WORD-SPACING: 0px; FONT: 12px Helvetica; TEXT-TRANSFORM: none; COLOR: rgb(0,0,0); TEXT-INDENT: 0px; WHITE-SPACE: normal; LETTER-SPACING: normal; BORDER-COLLAPSE: separate; border-spacing: 0px 0px; khtml-text-decorations-in-effect: none; apple-text-size-adjust: auto; orphans: 2; widows: 2">
<DIV>Thanks, </DIV>
<DIV>John Von Essen</DIV>
<DIV>(800) 248-1736 ext 100</DIV>
<DIV><A href="mailto:john@quonix.net">john@quonix.net</A></DIV><BR
class=Apple-interchange-newline></SPAN></SPAN></SPAN></SPAN></DIV><BR></DIV></BLOCKQUOTE></BODY></HTML>