Skip to main content
  • Legend
  • Added
  • Deleted

 European Internet Registry:

                   Procedures for DNS Delegation

                     in the IN-ADDR.ARPA Domain



                           David Kessens

                             June 1994

                       Document-ID: ripe-105++
                         Obsoletes: ripe-105




                              ABSTRACT

           

Introduction

This document describes the procedures for the delegation of zones in European subdomains of IN-ADDR.ARPA. Introduction The domain tree below IN-ADDR.ARPA is used to facilitate "reverse" mapping from IP addresses to domain names [RFC883, RFC1033]. authority of zones in the 193.in-addr.arpa domain. As of March 16th 1993 the RIPE NCC has been delegated the authority for the 193.in-addr.arpa domain from the root. Due to the fact that in the 193.x.y address space blocks of 256 class C network numbers are further delegated to local registries , the possibility exists to also delegate the zone for these blocks in the 193.in-addr.arpa domain. This document describes the procedures for the delegation of zones in European subdomains of IN-ADDR.ARPA. Randomly Assigned Numbers There are two groups of European network numbers: hierarchically assigned numbers and randomly assigned ones. The hierarchically assigned numbers are part of the 193.x.y.0 and 194.x.y.0 network blocks. All other European network numbers, class A, class B and 192.x.y.0 class Cs are randomly assigned. Hierarchically Assigned Numbers The subdomains of IN-ADDR.ARPA corresponding to the hierarchically assigned network numbers are administered by the RIPE NCC. These numbers are currently: 193.0.0.0 - 194.255.255.255 The other addresses are administered by the other regional registries that might have other procedures for requesting a reverse delegation. For clarity we refer in the procedures and examples as described below to the 193.x block of addresses, although we could have as well used the other block(s) that RIPE administers. some guidelines and procedures for this type of delegation and the delegation of reverse zones for individual class C networks in 193.x.y.

A bit more explained

With the assignment of class C network numbers following RFC1466, the CIDR (RFC 1338) model, in which large chunks of the address space are delegated to regional Internet Registries. The regional registries delegate one region, and within that region blocks of class C net- work numbers to local Internet Registries. In this way a network numbers are delegated to service providers and non-provider registries, some hierarchy in the address space is created, which is similar to the hierarchy in the domain name space. Due to this hierarchy the reverse DNS map- ping Domain Name System mapping can also be delegated in a similar model as used for the normal Domain Name System. For instance, the RIPE NCC has been delegated assigned the complete class C address space starting with 193. It is therefore possible to delegate the 193.IN-ADDR.ARPA 193.in-addr.arpa domain completely to the RIPE NCC, instead of each and every reverse mapping in the 193.IN-ADDR.ARPA 193.in-addr.arpa domain to be registered with the InterNIC. INTERNIC. This implies that all 193.IN-ADDR.ARPA delegations in turn 193.in-addr.arpa resistrations will be done by the RIPE NCC. Even better, since local registries usually receive blocks of 256 class C networks service providers receive complete class C network blocks from the RIPE NCC, the RIPE NCC can delegate the reverse registrations for such complete blocks to these local registries. This implies that customers of these service providers no longer have to register their reverse domain mapping with the InterNIC or the NCC, root, but the service providers provider have authority over that part of the reverse mapping. This decreases the workload on the InterNIC INTERNIC and the RIPE NCC, and at the same time improves increase the service a provider can offer its customers by improving improve response times for reverse mapping changes. In order to provide a reliable service some procedures have been agreed and must be followed in order changes . However there are some things that need to be examined a bit more closely to avoid confusion and inconsistencies. These procedures issues are covered in the procedure section. The registration of the reverse zones for individual class C net- works will usually be done by the registry administering the next section.

Procedures for the delegation of direct subdomains of 193.in-addr.arpa

1. A secondary nameserver at ns.ripe.net is mandatory for all blocks of class C network numbers delegated in the 193.in-addr.arpa domain.

2. Because of the increasing importance of correct reverse address mapping, for all delegated blocks a good set of secondaries must be defined. There should be at least 2 nameservers for all blocks delegated, excluding the RIPE NCC secondary.

3. The delegation of a class C block this network has been assigned from. If the subdomain has not yet been delegated to the registry con- cerned the RIPE NCC will register the individual networks. However this service is only provided at a "best-effort" level and no ser- vice guarantees are given. The local registries should whenever possible provide this service locally. Responsibilities for the DNS administrator of a reverse block delegation: As with all domain name space, running in the 193.in-addr.arpa domain can be requested by sending in a domain object for the RIPE database to <hostmaster@ripe.net> with all necessary contact and nameserver information. The RIPE NCC will then forward all
current reverse zones inside this block to the registry, and after addition of these by the registry, the NCC will check the working of the reverse server. Once everything is setup properly, the NCC will delegate the block, and submit the database object for inclusion in the database. An example domain object can be found at the end of this document.

4. All reverse servers for blocks must be reachable from the whole of the Internet. In short, all servers must meet similar connectivity requirements as top-level domain servers.

5. Running the reverse server for class C blocks does not imply that one controls that part of the reverse domain. It domain, it only implies that one administers that part of the reverse domain. If after repeated complaints the delegated name space is still not administered properly the RIPE NCC has to revoke the delegation. 6. Before adding individual nets, the administrator of a reverse domain must check whether wether all servers to be added for these nets are indeed set up properly. setup properly.7. There are some serious implications when a customer of a service provider that uses address space out of the service provider class C blocks, moves to another service provider. The previous service provider cannot force its ex-customer to change network addresses, and will have to continue to provide the appropriate delegation records for reverse mapping of these addresses, even though it they are no longer belonging to a customer. 8. The registration of the reverse zones for individual class C networks will usually be done by the registry administering the class C block this network has been assigned from. The registry will make the necessary changes to the zone files. The registry will also make sure that zone, and update the network objects in the RIPE database for these networks are updated with networks, to reflect the correct "rev-srv" attributes. fields. In case the RIPE NCC receives a request for the reverse zone of an individual class C network out of a block that has been delegated, the request will be forwarded to the mailbox speci- field in the SOA RR for the zone concerned and to the zone- contact registered in the RIPE database for that zone. The NCC also suggests that similar procedures are set up for the delegation of reverse zones for individual class C networks from the registries to individual organisations. Procedures The procedure for asking the reverse delegation of a block (256 C's) of addresses or network (1 or more C's) addresses is quite similar but there are some differences. Therefor they are described as one procedure with clear remarks when something only applies for block or network delegations. Note that we will be a little bit more stringent on the rules for block delegations since we need to be sure that other people can rely on you for proper operation of the DNS system. zone contact for this reverse block.

9. The NCC advises the following timers and counters for direct subdomains of 193.in-addr.arpa: 8 hours refresh (28800 seconds), 2 hours retry (7200 seconds), 7 days expire (604800 seconds) and 1 day Time To Live (86400 seconds). The retry counter should be
lowered where connectivity is unstable.

Above procedures are defined to ensure the necessary high availabil- ity for the availability for the 193 reverse domains, and to minimise minimize confusion. The NCC will ensure fast response repsonse times for addition requests, and will in principle update the 193.IN-ADDR.ARPA 193.in-addr.arpa domain at least once per working day, if needed. Any problems regarding the reverse zones in 193.IN-ADDR.ARPA should be reported to <inaddr@ripe.net>. 1. We only reverse delegate when all addresses are assigned to you. 2. Your nameservers should be configured and running and should have good reachability on the internet. Nameservers for block delegations must meet similar connectivity requirements as top-level domain servers. The NCC recommends to use the following timers and counters (as advised by RFC1537): 28800 ;refresh period (8 hours) 7200 ;retry interval (2 hours) 604800 ;expire time (1 week) 86400 ;default ttl (1 day) It is mandatory for network (C) reverse delegations: - ns.ripe.net is NOT one of the secondary/primary nameservers - at least two nameservers should be used - We need a RIPE database 'inetnum' object with 'rev-srv:' attributes for the name (not IP address) of each nameserver. It is mandatory for block reverse delegations: - ns.ripe.net is one the secondary (never primary) nameservers - at least two other nameservers that don't reside on the same ethernet are required - Operators of the primary nameservers should be familiar with RFC1537 and this document - We need a RIPE database 'domain' object for each delegation with 'nserver:' attributes for the name (not IP address) of each nameserver 3. Send an E-mail request to <auto-inaddr@ripe.net> with: - In the header (or body if not possible) of your E-mail message: X-NCC-RegID: Country.RegistryName This is not required, though easy for keeping track of the requests. Of course, we don't need your local registry ID if you are not from a RIPE local registry. For network (C) reverse delegations: - We need a RIPE database 'inetnum' object with 'rev-srv:' attributes for the name (not IP address) of each nameserver For block reverse delegations: - State in your request that you know about RFC1537 & this document - A RIPE database 'domain' object for each delegation with 'nserver:' attributes for the name (not IP address) of each nameserver 4. Your request will first go through to an automatic checking program. The program will check your zone files and report you about errors (that should be fixed), warnings (that you might want to change), or that no errors have been found. If errors are found, you will be asked to fix them and resubmit your request and the automatic checks will be done again. If no errors (warnings are allowed, but we strongly suggest that you at least take a look at them) are found your request will be acknowledged and your request will be forwarded to the person in charge of the reverse delegation requests. He/she processes the request further. If no additional problems are found the object will included in the database and the block/network reverse delegated. You will always receive an acknowledgment when the delegation has been done or an explanation why not. Example of a network delegation request: From: "Anne X. Ample" <anne.x.ample@ample.nl> To: RIPE Hostmaster <auto-inaddr@ripe.net> Subject: LONGACK 2.1.193.in-addr.arpa delegation please Please delegate 2.1.193.in-addr.arpa as specified below. Thank you! For the AMPLE Corporation Anne X. Ample inetnum: 193.1.2.0 - 193.1.3.255 netname: AMPLE descr: AMPLE Corporation descr: Amsterdam, Netherlands country: NL admin-c: Anne X. Ample tech-c: G. E. K. Ample aut-sys: 4711 rev-srv: ns.ample.nl rev-srv: ns.elpma.ln changed: anne.x.ample@ample.nl 930101 source: RIPE Example of a block (256 C's) reverse delegation: From: Marten Terpstra <marten@in.ter.net> To: RIPE Hostmaster <auto-inaddr@ripe.net> Subject: LONGACK 202.193.in-addr.arpa delegation please Dear NCC people, I have read and understood ripe-105++ and RFC1537. Could you please delegate 202.193.in-addr.arpa as specified below. Thank you! Marten Terpstra day.

Example domain object to request a block delegation

domain: 202.193.in-addr.arpa descr: Pan European Organisations class C block admin-c: Daniel Karrenberg tech-c: Marten Terpstra zone-c: Marten Terpstra nserver: ns.eu.net nserver: sunic.sunet.se nserver: ns.ripe.net changed: marten@ripe.net 930319 source: RIPE Some notes on the automatic checking program: You can use some keywords in the 'Subject:' line of your E-mail to control the checking process. The use of the LONGACK keyword is very recommended. For changing an existing delegation put the keyword CHANGE in the 'Subject:' line of your E-mail message. HELP - will send you this document CHANGE - is needed if you want to change an existing reverse delegation LONGACK - will give you the most verbose output as possible TEST - will only test your zone files without actually doing the request When you want to to a request for a block delegation and you want to know if there are already reverse zones registered within the zone of the requested block delegation, just send in your request and you will receive an error report that includes a copy of our zone file regarding this zone!

Procedures for the delegation of individual network zones by the RIPE NCC.

The registration of the reverse zones for individual class C networks will usually be done by the registry administering the class C block this network has been assigned from. In case the zone corresponding to the class C block has not been delegated, the RIPE NCC will automatically add the reverse nameserver as specified in the "rev-srv" attribute of the RIPE database object for this network, using the following procedures:

1. Because of the increasing importance of correct reverse address mapping, for all delegated networks a good set of secondaries must be defined. There should be at least two nameservers for all networks delegated.

2. The "rev-srv" field should ONLY contain one fully qualified domain name of a nameserver which is authoritative for the reverse zone for this network.

3. If a network has or is going to have any external connectivity, it is strongly recommended that it has at least one reverse nameserver that can be reached from all of the Internet.

4. The checking and addition of the reverse zones for single networks is completely automated at the RIPE NCC. Although we do our best to check the setup of the nameservers, these does not receive the same level of scrutiny as nameservers for blocks of class C network numbers. It is the responsibility of the network contacts to ensure proper operation.

5. Any problems regarding the reverse zones in 193.in-addr.arpa should be directed to <hostmaster@ripe.net>.

The NCC also suggests that similar procedures are set up for the delegation of reverse zones for individual class C networks from the registries to individual organisations.