Changes to Policy For Reverse Address Delegation of IPv4 And IPv6 Address Space in the RIPE NCC Service Region
| Legend | (+) Added | (-) Deleted |
|---|---|---|
| Changed | Tag Added | Tag Deleted |
Introduction insert: <br />
insert: <br />
This document describes the policy for reverse procedures for the delegation of IPv4 and IPv6 au- insert: <br />
thority of zones in the 193.in-addr.arpa domain. As of March insert: <br />
16th 1993 the RIPE NCC has been delegated the authority for the insert: <br />
193.in-addr.arpa domain from the root. Due to the fact that in insert: <br />
the 193.x.y address space in the RIPE NCC service region. delete: </p> delete: <h3> Contents delete: </h3> delete: <blockquote> delete: <p> delete: <a class="anchor-link" href="#intro"> 1.0 Introduction delete: </a> delete: <br /> delete: <a class="anchor-link" href="#delegation"> 2.0 Obtaining Delegation of an in-addr.arpa or ip6.arpa sub-domain delete: </a> delete: <br /> delete: <a class="anchor-link" href="#procedures"> 3.0 Procedures delete: </a> delete: <br /> delete: <a class="anchor-link" href="#references"> 4.0 References delete: </a> delete: </p> delete: </blockquote> delete: <h2> delete: <a name="intro"> delete: </a> 1.0 Introduction delete: </h2> delete: <p> The RIPE NCC provides, as part of its services, the necessary support to enable the reverse resolution of IPv4 and IPv6 blocks of 256 class C network numbers insert: <br />
are further delegated to local registries , the possibility ex- insert: <br />
ists to also delegate the zone for these blocks in the 193.in- insert: <br />
addr.arpa domain. This document describes some guidelines and insert: <br />
procedures for this type of delegation and the delegation of re- insert: <br />
verse zones for individual class C networks in 193.x.y. insert: <br />
insert: <br />
insert: <br />
A bit more explained insert: <br />
insert: <br />
With the assignment of class C network numbers following the CIDR insert: <br />
(RFC 1338) model, in which large chunks of the address space into domain names. This are insert: <br />
delegated to one region, and within that region blocks of class C insert: <br />
network numbers are delegated to service is implemented under the in-addr.arpa and ip6.arpa sub-domains described in [ delete: <a class="anchor-link" href="#references"> 1 delete: </a> ] and [ delete: <a class="anchor-link" href="#references"> 2 delete: </a> ]. delete: </p> delete: <p> Reverse delegations for IPv4 and IPv6 addresses allocated by the RIPE NCC are made to Local Internet Registries (LIRs) and further delegated by the LIRs to Internet Service Providers or End Users. delete: </p> delete: <h2> delete: <a name="delegation"> delete: </a> 2.0 Obtaining Delegation of an in-addr.arpa or ip6.arpa sub-domain delete: </h2> delete: <p> The RIPE NCC provides reverse delegation for providers and non- insert: <br />
provider registries, some hierarchy in the address space that is insert: <br />
created, similar to the hierarchy in the domain name space. Due insert: <br />
to this hierarchy the reverse Domain Name System mapping can also insert: <br />
be delegated in a similar model as used for the normal Domain insert: <br />
Name System. For instance, the RIPE NCC has been allocated or assigned by the RIPE NCC. It also provides systems to control reverse delegations relating to early registrations that have been transferred to the RIPE Database. Registrants of the insert: <br />
complete class C address space allocations or assignments may starting with 193. It is there- insert: <br />
fore possible to delegate the 193.in-addr.arpa domain completely insert: <br />
to the RIPE NCC, instead of each and every reverse mapping in the insert: <br />
193.in-addr.arpa domain to be registered with the INTERNIC. This insert: <br />
implies that all 193.in-addr.arpa resistrations will be done by insert: <br />
the RIPE NCC. Even better, since service providers receive com- insert: <br />
plete class C network blocks from the RIPE NCC, the RIPE NCC can insert: <br />
delegate the reverse registrations for such complete blocks to insert: <br />
these local registries. This implies that customers of these insert: <br />
service providers no longer have to register their reverse domain insert: <br />
mapping with the root, but the service provider have authority for requesting reverse insert: <br />
over that part of the reverse mapping. This decreases the work- insert: <br />
load on the INTERNIC and the RIPE NCC, and at the same time in- insert: <br />
crease the service a provider can offer its customers by improve insert: <br />
response times for reverse mapping changes . However there are insert: <br />
some things that need to be examined a bit more closely to avoid insert: <br />
confusion and inconsistencies. These issues are covered in the insert: <br />
next section. insert: <br />
insert: <br />
insert: <br />
Procedures for the delegation of direct subdomains of 193.in- insert: <br />
addr.arpa insert: <br />
insert: <br />
1. A secondary nameserver at ns.ripe.net is mandatory for all insert: <br />
blocks of class C network numbers delegated in the 193.in- insert: <br />
addr.arpa domain. insert: <br />
insert: <br />
2. Because of the increasing importance of correct reverse ad- insert: <br />
dress mapping, for all delegated blocks a good set of secondaries insert: <br />
must be defined. There should be at least 2 nameservers for all insert: <br />
blocks delegated, excluding the RIPE NCC secondary. insert: <br />
insert: <br />
3. The delegation of a class C block in the 193.in-addr.arpa insert: <br />
domain can be requested by sending in a domain object for the insert: <br />
RIPE database to <[email protected]> with all necessary contact insert: <br />
and nameserver information. The RIPE NCC will then forward all insert: <br />
current reverse zones inside this block to the registry, and insert: <br />
after addition of these by the registry, the NCC will check the insert: <br />
working of the reverse server. Once everything is setup proper- insert: <br />
ly, the NCC will delegate the block, and submit the database ob- insert: <br />
ject for inclusion in the database. An example domain object can insert: <br />
be found at the end of this document. insert: <br />
insert: <br />
4. All reverse servers for blocks must be reachable from the RIPE NCC. delete: </p> delete: <p> The RIPE NCC accepts requests for reverse delegation for insert: <br />
whole of the Internet. In short, all servers must meet similar insert: <br />
connectivity requirements as top-level domain servers. insert: <br />
insert: <br />
5. Running the reverse server for class C blocks does not imply insert: <br />
that one controls that part of the reverse domain, it only im- insert: <br />
plies that one administers that part of the reverse domain. insert: <br />
insert: <br />
6. Before adding individual nets, the administrator of a reverse insert: <br />
domain must check wether all servers to be added for these nets insert: <br />
are indeed setup properly. insert: <br />
insert: <br />
7. There are some serious implications when a customer of a ser- insert: <br />
vice provider that uses address space that out of the service provider insert: <br />
class C blocks, moves to another service provider. The previous insert: <br />
service provider cannot force its ex-customer to change network insert: <br />
addresses, and will have to continue to provide the appropriate insert: <br />
delegation records for reverse mapping of these addresses, even insert: <br />
though it they are no longer belonging to a customer. insert: <br />
insert: <br />
8. The registration of the reverse zones for individual class C insert: <br />
networks will usually be done by the registry administering the insert: <br />
class C block this network has been allocated by assigned from. The registry insert: <br />
will make the necessary changes to the zone, and update the net- insert: <br />
work objects in the RIPE database for these networks, to reflect insert: <br />
the correct "rev-srv" fields. In case the RIPE NCC to receives a insert: <br />
request for the reverse zone of an LIR or, in the case of PI address space, an assignment individual class C network out insert: <br />
of a block that has been made to an End User. delegated, the request will be forwarded insert: <br />
to the zone contact for this reverse block. insert: <br />
insert: <br />
9. The NCC advises the following timers and counters for direct insert: <br />
subdomains of 193.in-addr.arpa: 8 hours refresh (28800 seconds), insert: <br />
2 hours retry (7200 seconds), 7 days expire (604800 seconds) and insert: <br />
1 day Time To Live (86400 seconds). The retry counter should be insert: <br />
lowered where connectivity is unstable. insert: <br />
insert: <br />
Above procedures are defined to ensure the necessary high availa- insert: <br />
bility for the 193 reverse domains, and to minimize confusion. insert: <br />
The NCC will ensure fast repsonse times for addition requests, insert: <br />
and will in principle update the 193.in-addr.arpa domain at least insert: <br />
once per working day. insert: <br />
insert: <br />
Example domain object to request a block delegation insert: <br />
insert: <br />
domain: 202.193.in-addr.arpa insert: <br />
descr: Pan European Organisations class C block insert: <br />
admin-c: Daniel Karrenberg insert: <br />
tech-c: Marten Terpstra insert: <br />
zone-c: Marten Terpstra insert: <br />
nserver: ns.eu.net insert: <br />
nserver: sunic.sunet.se insert: <br />
nserver: ns.ripe.net insert: <br />
changed: [email protected] 930319 insert: <br />
source: RIPE insert: <br />
insert: <br />
insert: <br />
insert: <br />
Procedures for the delegation of individual network zones by the insert: <br />
RIPE NCC. insert: <br />
insert: <br />
The registration of the reverse zones for individual class C net- insert: <br />
works will usually be done by the registry administering the insert: <br />
class C block this network has been assigned from. In case the insert: <br />
zone corresponding to the class C block has not been delegated, insert: <br />
the RIPE NCC will automatically add the reverse nameserver as insert: <br />
specified in the "rev-srv" attribute of the RIPE database object insert: <br />
for this network, using the following procedures: insert: <br />
insert: <br />
1. Because of the increasing importance of correct reverse ad- insert: <br />
dress mapping, for all delegated networks a good set of secon- insert: <br />
daries must be defined. There should be at least two nameservers insert: <br />
for all networks delegated. insert: <br />
insert: <br />
2. The "rev-srv" field should ONLY contain one fully qualified insert: <br />
domain name of a nameserver which is authoritative for the re- insert: <br />
verse zone for this network. insert: <br />
insert: <br />
3. If a network has or is going to have any external connectivi- insert: <br />
ty, it is strongly recommended that it has at least one reverse insert: <br />
nameserver that can be reached from all of the Internet. insert: <br />
insert: <br />
4. The checking and addition of the reverse zones for single net- insert: <br />
works is completely automated at the RIPE NCC. Although we do insert: <br />
our best to check the setup of the nameservers, these does not insert: <br />
receive the same level of scrutiny as nameservers for blocks of insert: <br />
class C network numbers. It is the responsibility of the network insert: <br />
contacts to ensure proper operation. insert: <br />
insert: <br />
5. Any problems regarding the reverse zones in 193.in-addr.arpa insert: <br />
should be directed to <[email protected]>. insert: <br />
insert: <br />
The NCC also suggests that similar procedures are set up for the insert: <br />
delegation of reverse zones for individual class C networks from insert: <br />
the registries to individual organisations.
