Procedures for DNS Delegation in the IN-ADDR.ARPA Domain
- Date: Mon, 22 Nov 1993 15:10:10 +0100
European Internet Registry:
Procedures for DNS Delegation
in the IN-ADDR.ARPA Domain
Daniel Karrenberg
Marten Terpstra
November 1993
Document-ID: ripe-zz
Obsoletes: ripe-85
ABSTRACT
This document describes the procedures for the
delegation of zones in European subdomains of
IN-ADDR.ARPA.
Introduction
The domain tree below IN-ADDR.ARPA is used to facilitate "reverse"
mapping from IP addresses to domain names [RFC883, RFC1033]. This
document describes the procedures for the delegation of zones in
European subdomains of IN-ADDR.ARPA.
Randomly Assigned Numbers
There are two groups of European network numbers: hierarchically
assigned numbers and randomly assigned ones. The hierarchically
assigned numbers are part of the 193.x.y.0 and 194.x.y.0 network
blocks. All other network numbers, class A, class B and 192.x.y.0
class Cs are randomly assigned.
Subdomains of IN-ADDR.ARPA describing reverse mappings for randomly
assigned networks have to be handled globally and are handled by the
InterNIC hostmaster@localhost.
ripe-zz.txt
� - 2 -
Hierarchically Assigned Numbers
The subdomains of IN-ADDR.ARPA corresponding to the hierarchically
assigned network numbers are administered by the RIPE NCC. These
network numbers currently are
193.0.0.0 - 194.255.255.0
Although the procedures described below refer to the 193.x.y block
of addresses, for clarity they apply to all such blocks.
With the assignment of class C network numbers following RFC1466,
large chunks of the address space are delegated to regional Internet
Registries. The regional registries delegate blocks of class C net-
work numbers to local Internet Registries. In this way a hierarchy
in the address space is created, which is similar to the hierarchy
in the domain name space. Due to this hierarchy the reverse DNS map-
ping can also be delegated in a similar model as used for the
normal Domain Name System.
For instance, the RIPE NCC has been delegated the complete class C
address space starting with 193. It is therefore possible to
delegate the 193.IN-ADDR.ARPA domain completely to the RIPE NCC,
instead of each and every reverse mapping in the 193.IN-ADDR.ARPA
domain to be registered with the InterNIC. This implies that all
193.IN-ADDR.ARPA delegations in turn will be done by the RIPE NCC.
Even better, since local registries usually receive blocks of 256
class C networks from the RIPE NCC, the NCC can delegate the reverse
registrations for such complete blocks to these local regis-
tries. This implies that customers of these service providers no
longer have to register their reverse domain mapping with the
InterNIC or the NCC, but the service providers have authority over
that part of the reverse mapping. This decreases the workload on
the InterNIC and the RIPE NCC, and at the same time improves the
service a provider can offer its customers by improving response
times for reverse mapping changes.
In order to provide a reliable service some procedures have been
agreed and must be followed in order to avoid confusion and
inconsistencies. These procedures are covered in the next section.
Procedures
1. A secondary nameserver at ns.ripe.net is mandatory for
immediate subdomains of the 193.IN-ADDR.ARPA domain.
ripe-zz.txt
� - 3 -
2. Because of the importance of correct reverse address mapping,
for all delegated blocks a good set of secondaries must be
defined. There should be at least 2 nameservers for all blocks
delegated, excluding the RIPE NCC secondary. Operators of the
primary nameservers should be familiar with RFC1537.
3. The delegation of an immediate subdomain of 193.IN-ADDR.ARPA
domain corresponding to a block of 256 class C network numbers
can be requested by sending a request confirming that the
procedures described in this document will be followed to
hostmaster@localhost. The request should be accompanied by a
domain object for the RIPE database with all necessary contact
and nameserver information. An example domain object can be
found at the end of this document.
4. When receiveing such a request the RIPE NCC will forward data
about any currently registered reverse zones inside this block
to the registry. After addition of these by the registry,
the NCC will check the working of the reverse server.
5. Once everything is set up properly, the NCC will set up
ns.ripe.net as secondary nameserver, delegate the block, and
include the domain object in the RIPE database.
6. All reverse servers for blocks must be reachable from the
the Internet. In short, all servers must meet similar connec-
tivity requirements as top-level domain servers.
7. As with all domain name space, running the reverse server for
class C blocks does not imply that one controls that part
of the reverse domain. It only implies that one administers
that part of the reverse domain. If after repeated complaints
the delegated name space is still not administered properly the
RIPE NCC has to revoke the delegation.
8. Before adding individual nets, the administrator of a reverse
domain must check whether all servers to be added for these
nets are indeed set up properly.
9. There are some serious implications when a customer that uses
address space out of the service provider class C blocks, moves
to another service provider. The previous service provider
cannot force its ex-customer to change network addresses, and
will have to continue to provide the appropriate delegation
records for reverse mapping of these addresses, even though
they are no longer belonging to a customer.
ripe-zz.txt
� - 4 -
10. The registration of the reverse zones for individual class C
networks will usually be done by the registry administering
the class C block this network has been assigned from. The
registry will make the necessary changes to the zone files.
The registry will also make sure that the network objects in
the RIPE database for these networks are updated with the
correct "rev-srv" attributes.
11. In case the RIPE NCC receives a request for the reverse zone of
an individual class C network out of a block that has been
delegated, the request will be forwarded to the mail address
specified in the SOA RR for the zone concerned.
12. The NCC advises the following timers and counters for direct
subdomains of 193.IN-ADDR.ARPA: 8 hours refresh (28800
seconds), 2 hours retry (7200 seconds), 7 days expire (604800
seconds) and 1 day Time To Live (86400 seconds). The retry
counter should be lowered where connectivity is unstable.
Above procedures are defined to ensure the necessary high availabil-
ity for the reverse domains, and to minimise confusion. The NCC
will ensure fast response times for addition requests, and will
in principle update the 193.IN-ADDR.ARPA domain at least once per
working day, if needed.
Example domain object to request a block delegation
domain: 202.193.in-addr.arpa
descr: Pan European Organisations class C block
admin-c: Daniel Karrenberg
tech-c: Marten Terpstra
zone-c: Marten Terpstra
nserver: ns.eu.net
nserver: sunic.sunet.se
nserver: ns.ripe.net
changed: marten@localhost 930319
source: RIPE
Delegation of Individual Network Zones
The registration of the reverse zones for individual class C net-
works will usually be done by the registry administering the
class C block this network has been assigned from.
ripe-zz.txt
� - 5 -
If the subdomain has not yet been delegated to the registry con-
cerned the RIPE NCC will register the individual networks. However
this service is only provided at a "best-effort" level and no ser-
vice guarantees are given. The local registries should whenever
possible provide this service locally.
The NCC uses the following procedures for the delegation of indivi-
dual network zones. Local registries should use similar guidelines.
1. Because of the importance of correct reverse address map-
ping, for all delegated networks a good set of secondaries
must be defined. There should be at least two nameservers for
all networks delegated.
2. Each "rev-srv" attribute in the RIPE database should ONLY con-
tain one fully qualified domain name of a nameserver which
is authoritative for the reverse zone for this network. There
should be one "rev-srv" attribute for each nameserver.
3. If a network has or is going to have any external connec-
tivity, it is strongly recommended that it has at least one
reverse nameserver that can be reached from all of the Inter-
net.
4. Although we do our best to check the setup of the nameservers,
these do not receive the same level of scrutiny as
nameservers for blocks of class C network numbers. It is the
responsibility of the network contacts to ensure proper opera-
tion.
5. Any problems regarding the reverse zones in 193.IN-ADDR.ARPA
should be reported to hostmaster@localhost.
The NCC also suggests that similar procedures are set up for the
delegation of reverse zones for individual class C networks from
the registries to individual organisations.
If you have any questions or suggestions concerning this document,
please contact the RIPE NCC at hostmaster@localhost.
ripe-zz.txt
|
you are here: 
