About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [dns-wg] Policy for Reverse DNS for End-User PA Addresses?

  • From: Jørgen Elgaard Larsen < >
  • Date: Fri, 09 Jul 2004 21:08:16 +0200
  • Cc: Jim Reid < >
I am delighted to see such an interest in this subject. I would love to write a draft on it, and perhaps even presenting it at a RIPE meeting.

Instead of spamming you all with answers to each posts, I will collect my comments in a single mail. Of course, this messes up threading, but so be it :-)


From the various comments I realise that although I originally related this problem to DSL customers it is also an issue to other end users, regardless of technology. It seems to be a general pattern for all end users with small IP range allocations.

Jim Reid argued that these customers could just switch to another ISP, which of course is true. But even if it theoretically possible, it may not be economically viable. A small company may have to choose between paying, say, €10 a month for a DSL connection or thousands of euros for having some serious provider pulling in a fibre or something.

How many small businesses will be able and willing to pay orders of magnitude extra just to get the "luxury" of reverse DNS?


Jim Reid also wrote:
It could also be painful for ISPs and the NCC: creating
inetnum objects for every /29 or whatever an ISP gives to its DSL
customers.
Certainly.
I did not mean to suggest making new inetnum objects. My idea was that end users that already have inetnum objects might be given the choice of reverse delegation. For end users without inetnum objects, the holder of the inetnum object for the encompassing range (typically the ISP) should handle reverse DNS.

As I see it, it would be enough to make reverse delegation of PA addresses analogous to reverse delegation of PI addresses.

The question here would be whether the RIPE NCC DNS servers can carry the load. Does anyone have an idea of how many inetnum objects there are in the whois database for IPv4 ranges lower than /24 - compared to the total number of inetnum objects?


Peter Koch wrote:
See also draft-ietf-dnsop-inaddr-required-05.txt.
A very interesting draft. If this becomes standard, RIPE should consider this question anyway. Does anyone know the status of this draft?

Interestingly, the draft mentions RIPE as appearing "to have the strongest policy in this area [ripe-185] indicating Local Internet Registries are required to perform IN-ADDR services, and delegate those as appropriate when address blocks are delegated".

ripe-185 is now deprecated, and the new policy does not mention this requirement at all.
The former reverse DNS FAQ said "Each Local Internet Registry (LIR) is obliged to handle administration involved with the reverse delegation for the IP addresses it assigns" - but again, the new reverse delegation pages does not mention it at all.

Prior to mailing this list, I asked ripe-dbm@localhost about this. They answered:
> [...] there is no policy that obliges [the ISPs] to provide this
> service to their customers, it is their own option.
>
> Although the text in our previous F.A.Q. was different, this statement
> was what was always meant.

So until recently, although unintentional, RIPE already demanded for ISPs to provide reverse DNS :-)



Peter Koch also wrote:
Yes, like privacy issues.

Actually, draft-ietf-dnsop-inaddr-required-05.txt mentions that privacy
issues are irrelevant for this, since the information is already partially
accessible through whois.


What I've read between the lines is that in the case of DSL the classless
delegation method may not be sufficient, even if the ISP is able and willing.
Due to dynamic nature of address assignments they'd need something similar
to dyndns (and friends) for the reverse mapping. So, is anyone doing this
already?
It is true that some DSL customers have dynamic addresses, but many have static ones. If someone were to make reverse DNS for dynamic addresses, it would have to be the ISP (or whoever controls the /24 zone). I feel it would be counter-productive to make that mandatory - dynamic addresses and DNS cache do not mix (sufficiently low TTLs would just make too much traffic).



Thank you for all your comments,


Jørgen E. Larsen
CTO
Elgaard Data
jel(at)elgaard.net



<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community