From mfendt at eso.org Fri Apr 2 13:17:21 1993 From: mfendt at eso.org (mfendt at eso.org) Date: Fri, 2 Apr 93 13:17:21 +0200 Subject: Question about top-level domains? Message-ID: <9304021117.AA17958@ws9.hq.eso.org> Hello, I have a question or better need a clarification about the report of the DNS working group (on the 14 Ripe meeting in Prag, 25-27.1.1993) One of the topics was the "propper" top-level domain of multinational organizations, like European Parliament. (case of the day) The suggestions were: .org: rejected because it is not a North American organization. My questions are the following: Is there anywhere mentioned that .org top-level domain is only for North America organisations? Or does this rejection have any other reasons? The solution choosen (again for the European Parliament) was using the country top level domain and have the name reserved in every (member?) country. This solution implies for me that any European Institution (which has a similiar status like the European Parliament) should follow that roule (or would it be acceptable that other institutions would achieve different solutions? I hope so,because I hate changing names :-)) Michael Fendt ________________________________________________________________________________ Michael Fendt ESO (European Southern Observatory) Karl-Schwarzschildstr. 2 D-8046 Garching Germany Tel: +49 89 32006 441 Fax: +49 89 32023 62 email: mfendt at eso.org From pietrak at camk.edu.pl Fri Apr 2 14:10:10 1993 From: pietrak at camk.edu.pl (Rafal Pietrak) Date: Fri, 2 Apr 93 14:10:10 +0200 Subject: Question about top-level domains? Message-ID: <9304021210.AA21160@camk.edu.pl> Date: Fri, 2 Apr 93 13:17:21 +0200 From: mfendt at eso.org I have a question or better need a clarification about the report of the DNS working group (on the 14 Ripe meeting in Prag, 25-27.1.1993) One of the topics was the "propper" top-level domain of multinational organizations, like European Parliament. (case of the day) The suggestions were: .org: rejected because it is not a North American organization. My questions are the following: Is there anywhere mentioned that .org top-level domain is only for North America organisations? Or does this rejection have any other reasons? The solution choosen (again for the European Parliament) was using the country top level domain and have the name reserved in every (member?) country. This solution implies for me that any European Institution (which has a similiar status like the European Parliament) should follow that roule (or would it be acceptable that other institutions would achieve different solutions? I hope so,because I hate changing names :-)) Sorry to buzzz with my 0.02$ wirth, but the sulution selected for the European Parlament is a clear misshap. EC meens something above countries so there is no reason to declare it _under_ country codes. A clean way to do it would be to declare such organization in town/country where it has its HQ. For 'migrating HQ' organization may sellect a place. On the other hand; a name is just a name, who cares. -Rafal From Marten.Terpstra at ripe.net Fri Apr 16 15:13:12 1993 From: Marten.Terpstra at ripe.net (Marten Terpstra) Date: Fri, 16 Apr 93 15:13:12 +0200 Subject: Remark on 193.in-addr.arpa procedures Message-ID: <9304161313.AA12368@ncc.ripe.net> Folks, please have a read of the remark below. We sort of feel he Hakan has a point here. Did we miss something ? If not, then I will change the procedures to reflect this remark. -Marten ------- Forwarded Message Date: Thu, 8 Apr 93 12:57:15 +0200 From: hh at tip.net (Hakan Hansson) To: Marten.Terpstra at ripe.net cc: staff at tip.net Subject: Reachability of reverse servers. > Guidelines for the delegation > of zones in the 193.in-addr.arpa domain ... >4. All reverse servers for blocks must be reachable from the whole of >the Internet. In short, all servers must meet similar connectivity >requirements as top-level domain servers. ... >Procedures for the delegation of individual network zones ... >3. At least two reverse servers must be reachable from the whole of the >Internet. In short, these servers must meet similar connectivity >requirements as top-level domain servers. Marten, I've been thinking about the above guidelines. I fully agree with the statements in item 4 for block delegation, but I now realize I don't agree on item 3 for individual networks. I can't see why at least two reverse servers should be reachable from the whole of Internet. It must be enough that they are equally reachable as the actual network they are reverse serving for, or? If a network doesn't have NSFnet connectivity (that is what we are talking about, and should be mentioned in your document!), there is no need for anyone at NSF to lookup the reverse zone for that network either. These requriements don't apply to 192 networks, so why for 193? Regards, Hakan Hansson == Unisource Business Networks Sverige AB == Unidata IP Services * TIPnet NCC * Sweden == phone +46-31-7708072 * fax +46-31-114664 ------- End of Forwarded Message From Piet.Beertema at cwi.nl Mon Apr 19 11:13:45 1993 From: Piet.Beertema at cwi.nl (Piet Beertema) Date: Mon, 19 Apr 1993 11:13:45 +0200 Subject: Remark on 193.in-addr.arpa procedures In-Reply-To: Your message of Fri, 16 Apr 93 15:13:12 +0200 . <9304161313.AA12368@ncc.ripe.net> Message-ID: <9304190913.AA28111=piet@kraai.cwi.nl> please have a read of the remark below. We sort of feel he Hakan has a point here. Did we miss something ? If not, then I will change the procedures to reflect this remark. Hakan has a very valid point here, but I don't agree with all he's saying: I can't see why at least two reverse servers should be reachable from the whole of Internet. It must be enough that they are equally reachable as the actual network they are reverse serving for, or? If a network doesn't have NSFnet connectivity (that is what we are talking about, and should be mentioned in your document!), there is no need for anyone at NSF to lookup the reverse zone for that network either. If a network doesn't have any external connectivity, there is no need for it's in-addr.arpa nameservers to be reachable from all of the Internet. Whether or not a network has NSFnet connectivity is irrelevant in the current context, so this should *not* be mentioned in the document: if a network has RIPE connectivity, then its in-addr.arpa nameservers *must* be reachable from all RIPE networks; in this context it should be noted that there is a root server which can be reached from all RIPE networks, so there is no need for NSFnet connectivity to make nameservers on "RIPE-only" networks work. However, it would be *desirable* if at least one of the in-addr.arpa of a "RIPE-only* network would be reachable from all of the Internet, so including NSFnet. Therefore I would suggest to change item 3 into: 3) If a network has or is going to have any external connectivity, it is strongly recommended that it has at least one reverse nameserver that can be reached from all of the Internet. Piet From Marten.Terpstra at ripe.net Mon Apr 19 17:16:42 1993 From: Marten.Terpstra at ripe.net (Marten Terpstra) Date: Mon, 19 Apr 93 17:16:42 +0200 Subject: 193.in-addr.arpa procedures v1.4 Message-ID: <9304191516.AA17980@ncc.ripe.net> Here's version 1.4 of the 193.in-addr.arpa delegation procedures. I have included Piet's recommended timer values, and the comment on reachability of servers for zones for individual nets. Please note that the second part of these procdures (single net delegations done by the NCC) is NOT yet in operation. Single net delegations in 193.x.y still have to be requested from hostmaster at ripe.net. After next weeks RIPE meeting we hope to implement the automatic procedure as soon as possible. The code is there, the operational environment isn't yet ;-) -Marten Guidelines for the delegation of zones in the 193.in-addr.arpa domain Marten Terpstra April 1993 V1.4 Introduction This document describes the procedures for the delegation of authority of zones in the 193.in-addr.arpa domain. As of March 16th 1993 the RIPE NCC has been delegated the authority for the 193.in-addr.arpa domain from the root. Due to the fact that in the 193.x.y address space blocks of 256 class C network numbers are further delegated to local registries , the possibility exists to also delegate the zone for these blocks in the 193.in-addr.arpa domain. This document describes some guidelines and procedures for this type of delegation and the delegation of reverse zones for individual class C networks in 193.x.y. A bit more explained With the assignment of class C network numbers following the CIDR (RFC 1338) model, in which large chunks of the address space are delegated to one region, and within that region blocks of class C network numbers are delegated to service providers and non-provider registries, some hierarchy in the address space is created, similar to the hierarchy in the domain name space. Due to this hierarchy the reverse Domain Name System mapping can also be delegated in a similar model as used for the normal Domain Name System. For instance, the RIPE NCC has been assigned the complete class C address space starting with 193. It is therefore possible to delegate the 193.in-addr.arpa domain completely to the RIPE NCC, instead of each and every reverse mapping in the 193.in-addr.arpa domain to be registered with the INTERNIC. This implies that all 193.in-addr.arpa resistrations will be done by the RIPE NCC. Even better, since service providers receive complete class C network blocks from the RIPE NCC, the RIPE NCC can delegate the reverse registrations for such complete blocks to these local registries. This implies that customers of these service providers no longer have to register their reverse domain mapping with the root, but the service provider have authority over that part of the reverse mapping. This decreases the workload on the INTERNIC and the RIPE NCC, and at the same time increase the service a provider can offer its customers by improve response times for reverse mapping changes . However there are some things that need to be examined a bit more closely to avoid confusion and inconsistencies. These issues are covered in the next section. Procedures for the delegation of direct subdomains of 193.in-addr.arpa 1. A secondary nameserver at ns.ripe.net is mandatory for all blocks of class C network numbers delegated in the 193.in-addr.arpa domain. 2. Because of the increasing importance of correct reverse address mapping, for all delegated blocks a good set of secondaries must be defined. There should be at least 2 nameservers for all blocks delegated, excluding the RIPE NCC secondary. 3. The delegation of a class C block in the 193.in-addr.arpa domain can be requested by sending in a domain object for the RIPE database to with all necessary contact and nameserver information. The RIPE NCC will then forward all current reverse zones inside this block to the registry, and after addition of these by the registry, the NCC will check the working of the reverse server. Once everything is setup properly, the NCC will delegate the block, and submit the database object for inclusion in the database. An example domain object can be found at the end of this document. 4. All reverse servers for blocks must be reachable from the whole of the Internet. In short, all servers must meet similar connectivity requirements as top-level domain servers. 5. Running the reverse server for class C blocks does not imply that one controls that part of the reverse domain, it only implies that one administers that part of the reverse domain. 6. Before adding individual nets, the administrator of a reverse domain must check wether all servers to be added for these nets are indeed setup properly. 7. There are some serious implications when a customer of a service provider that uses address space out of the service provider class C blocks, moves to another service provider. The previous service provider cannot force its ex-customer to change network addresses, and will have to continue to provide the appropriate delegation records for reverse mapping of these addresses, even though it they are no longer belonging to a customer. 8. The registration of the reverse zones for individual class C networks will usually be done by the registry administering the class C block this network has been assigned from. The registry will make the necessary changes to the zone, and update the network objects in the RIPE database for these networks, to reflect the correct "rev-srv" fields. In case the RIPE NCC receives a request for the reverse zone of an individual class C network out of a block that has been delegated, the request will be forwarded to the zone contact for this reverse block. 9. The NCC advises the following timers and counters for direct subdomains of 193.in-addr.arpa: 8 hours refresh (28800 seconds), 2 hours retry (7200 seconds), 7 days expire (604800 seconds) and 1 day Time To Live (86400 seconds). The retry counter should be lowered where connectivity is unstable. Above procedures are defined to ensure the necessary high availability for the 193 reverse domains, and to minimize confusion. The NCC will ensure fast repsonse times for addition requests, and will in principle update the 193.in-addr.arpa domain at least once per working day. Example domain object to request a block delegation domain: 202.193.in-addr.arpa descr: Pan European Organisations class C block admin-c: Daniel Karrenberg tech-c: Marten Terpstra zone-c: Marten Terpstra nserver: ns.eu.net nserver: sunic.sunet.se nserver: ns.ripe.net changed: marten at ripe.net 930319 source: RIPE Procedures for the delegation of individual network zones by the RIPE NCC. The registration of the reverse zones for individual class C networks will usually be done by the registry administering the class C block this network has been assigned from. In case the zone corresponding to the class C block has not been delegated, the RIPE NCC will automatically add the reverse nameserver as specified in the "rev-srv" attribute of the RIPE database object for this network, using the following procedures: 1. Because of the increasing importance of correct reverse address mapping, for all delegated networks a good set of secondaries must be defined. There should be at least two nameservers for all networks delegated. 2. The "rev-srv" field should ONLY contain one fully qualified domain name of a nameserver which is authoritative for the reverse zone for this network. 3. If a network has or is going to have any external connectivity, it is strongly recommended that it has at least one reverse nameserver that can be reached from all of the Internet. 4. The checking and addition of the reverse zones for single networks is completely automated at the RIPE NCC. Although we do our best to check the setup of the nameservers, these does not receive the same level of scrutiny as nameservers for blocks of class C network numbers. It is the responsibility of the network contacts to ensure proper operation. 5. Any problems regarding the reverse zones in 193.in-addr.arpa should be directed to . The NCC also suggests that similar procedures are set up for the delegation of reverse zones for individual class C networks from the registries to individual organisations.