From Daniel.Karrenberg at ripe.net Mon Mar 1 18:26:45 1993 From: Daniel.Karrenberg at ripe.net (Daniel Karrenberg) Date: Mon, 01 Mar 93 18:26:45 +0100 Subject: in-addr.arpa zone data in RIPE database Message-ID: <9303011726.AA21353@ncc.ripe.net> Folks, since we have observed many inconsistencies between the RIPE database and the DNS regarding reverse mapping zones in in-addr.arpa we have developed a little checking script. The current output can be found in ftp.ripe.net:ripe/ripe-op/in-addr.check It lists all networks for which discrepancies have been detected as follows: First the RIPE database entry in short format: *in: 128.131.0.0 *na: TUNET-F *de: LAN Technical University of Vienna *cy: AT *ac: Johannes Demel *tc: Johannes Demel *co: LOCAL *as: 697 *rz: tunamea.tuwien.ac.at tunameb.tuwien.ac.at *ch: demel at noc.tuwien.ac.at 930202 *so: RIPE Then a list of all reverse servers as listed in the database: DB servers: tunamea.tuwien.ac.at tunameb.tuwien.ac.at Then a list of all reverse servers found in the DNS: DNS servers: Then a diagnostic each server which has something wrong: tunamea.tuwien.ac.at: only in DB and not reverse server for 128.131.0.0! tunameb.tuwien.ac.at: only in DB and not reverse server for 128.131.0.0! Then a list of suggested actions to resolve the inconsistency: DB remove 128.131.0.0: tunamea.tuwien.ac.at tunameb.tuwien.ac.at Note that the recommended actions are not the only way to resolve the problem. In the example above one could also set up the name servers and register them in the DNS. The script tries the shortes path. Please go through the list and see wether any of your nets needs action. Questions: Should we automatically make the suggested changes in the RIPE database? Or should we send mail to the technical contacts asking them to change things? We have asked the NIC accept change notices from us, so that registration of reverse servers in the database would be enough to get them into the DNS. Is this desirable? Daniel By way of example here is the start of the current file: *in: 128.131.0.0 *na: TUNET-F *de: LAN Technical University of Vienna *cy: AT *ac: Johannes Demel *tc: Johannes Demel *co: LOCAL *as: 697 *rz: tunamea.tuwien.ac.at tunameb.tuwien.ac.at *ch: demel at noc.tuwien.ac.at 930202 *so: RIPE DB servers: tunamea.tuwien.ac.at tunameb.tuwien.ac.at DNS servers: tunamea.tuwien.ac.at: is only in DB and is not reverse server for 128.131.0.0! tunameb.tuwien.ac.at: is only in DB and is not reverse server for 128.131.0.0! DB remove 128.131.0.0: tunamea.tuwien.ac.at tunameb.tuwien.ac.at *in: 129.177.0.0 *na: BERGEN-NET *de: Bergen University, Norway *cy: NO *ac: Kenneth Hostland *tc: Kenneth Hostland *co: NORDU RIPE NSF *as: 224 *gw: kth *rz: alf.uib.no eik.ii.uib.no aun.uninet.no *ch: ripe-dbm at ripe.net 920914 *so: RIPE DB servers: alf.uib.no aun.uninet.no eik.ii.uib.no DNS servers: alf.uib.no aun.uninett.no eik.ii.uib.no aun.uninet.no: is only in DB and does not exist! aun.uninett.no: is only in DNS and is OK DB add 129.177.0.0: aun.uninett.no DB remove 129.177.0.0: aun.uninet.no note: obiously a spelling error in the database *in: 129.206.0.0 *na: HD-NET *de: University of Heidelberg *de: BelWue *cy: DE *ac: Michael Hebgen *tc: Lothar Binding *tc: Peter Merdian *co: RIPE NSF WIN *rl: HEPNET *bl: DESY *as: 553 *gw: crn *rz: sun0.URZ.Uni-Heidelberg.DE sun1.URZ.Uni-Heidelberg.DE noc.BelWue.DE ns.Germany.EU.net deins.Informatik.Uni-Dortmund.DE *ch: rv at Informatik.Uni-Dortmund.DE 920530 *ch: ar at deins.Informatik.Uni-Dortmund.DE 920601 *ch: ripe-dbm at ripe.net 920602 *so: RIPE DB servers: deins.informatik.uni-dortmund.de noc.belwue.de ns.germany.eu.net sun0.urz.uni-heidelberg.de sun1.urz.uni-heidelberg.de DNS servers: sun0.urz.uni-heidelberg.de sun1.urz.uni-heidelberg.de deins.informatik.uni-dortmund.de: is only in DB and is OK noc.belwue.de: is only in DB and is OK ns.germany.eu.net: is only in DB and is OK DNS add 129.206.0.0: deins.informatik.uni-dortmund.de noc.belwue.de ns.germany.eu.net note: the DNS is missing some servers *in: 130.37.0.0 *na: VU-NET *de: Vrije Universiteit Amsterdam *de: Amsterdam *cy: NL *ac: Jacques Schuurman *tc: Jacques Schuurman *co: RIPE NSF SARA SURF *gw: cwi *rz: ohrid.cca.vu.nl *rz: star.cs.vu.nl *ch: dfk at cwi.nl 900802 *ch: Erik-Jan.Bos at surfnet.nl 920708 *ch: Erik-Jan.Bos at surfnet.nl 920708 *ch: ripe-dbm at ripe.net 920708 *ch: martijn at nluug.nl 921110 *so: RIPE DB servers: ohrid.cca.vu.nl star.cs.vu.nl DNS servers: hardy.nat.vu.nl ohrid.cca.vu.nl star.cs.vu.nl hardy.nat.vu.nl: is only in DNS and is OK DB add 130.37.0.0: hardy.nat.vu.nl *in: 130.192.0.0 *na: TORINO-IT-LAN *de: Politecnico di Torino *de: CISIP *cy: IT *ac: Silvano Gai *tc: Antonio Lioy *co: GARR *as: 137 *rz: 130.192.2.91 leonardo.polito.it *rz: 130.192.2.117 galileo.polito.it *rz: 130.192.3.1 ercole.polito.it *rz: 192.12.192.5 dns.nis.garr.it *rm: LAN's and MAN connecting University departments and *rm: research institutes located in or near Torino *rm: fully managed *ch: ip-reg at nis.garr.it 930115 *so: RIPE DB servers: dns.nis.garr.it ercole.polito.it galileo.polito.it jolly.nis.garr.it leonardo.polito.it DNS servers: dns.nis.garr.it ercole.polito.it galileo.polito.it leonardo.polito.it jolly.nis.garr.it: is only in DB and is OK DNS add 130.192.0.0: jolly.nis.garr.it note: the addresses in the database are not conforming to the database format, but the script resolves them and deletes duplicate entries *in: 130.231.0.0 *na: OUNET *de: University Ethernet network *de: Oulu University *de: Oulu *cy: FI *ac: Kaisu Ranta *tc: Raimo Salo *co: NORDU RIPE NSF FUNET *as: 1741 *rz: ousrvr.oulu.fi *ch: lk-kr at finou.oulu.fi 930119 *so: RIPE DB servers: ousrvr.oulu.fi DNS servers: hydra.helsinki.fi ousrvr.oulu.fi hydra.helsinki.fi: is only in DNS and is OK DB add 130.231.0.0: hydra.helsinki.fi *in: 130.251.0.0 *na: GENUANET *de: Universita' degli Studi di Genova *cy: IT *ac: Pier Paolo Puliafito *tc: Tiziana Podesta' *co: GARR *as: 137 *rz: 192.148.193.8 sun.cisi.unige.it SUN UNIX *rz: 130.251.1.4 dist.dist.unige.it SUN UNIX *rm: Multiple interconnected LANs of academic institutes *rm: located in Genoa *ch: ip-reg at nis.garr.it 930210 *so: RIPE DB servers: dist.dist.unige.it sun sun.cisi.unige.it unix DNS servers: carla.dist.unige.it dist.dist.unige.it nameserver.cnr.it carla.dist.unige.it: is only in DNS and is not responding! nameserver.cnr.it: is only in DNS and is OK sun: is only in DB and does not exist! sun.cisi.unige.it: is only in DB and is OK unix: is only in DB and does not exist! DB add 130.251.0.0: nameserver.cnr.it DNS add 130.251.0.0: sun.cisi.unige.it DB remove 130.251.0.0: sun unix note: "interesting" syntax server data seems out of date *in: 131.114.0.0 *na: PISA-NET *de: Consiglio Nazionale delle Ricerche *de: Pisa *cy: IT *ac: Marco Sommani *tc: Vittorio Miori *co: GARR *as: 137 *rz: 192.12.192.4 nameserver.cnr.it *rz: 128.84.254.152 odin.cs.cornell.edu *rz: 131.114.1.32 itgbox.cnuce.cnr.it *rz: 192.65.81.6 ns.surfnet.nl *rz: 131.114.21.10 serra.unipi.it *rm: Multiple-Lan of CNR institutes and University departments in Pisa *rm: This net belongs to the nation-wide CNRnet, coordinated *rm: thru the cnr-core working group. CNRnet is member of GARR. *ch: ip-reg at nis.garr.it 930204 *so: RIPE DB servers: itgbox.cnuce.cnr.it nameserver.cnr.it ns.surfnet.nl odin.cs.cornell.edu serra.unipi.it survey.surfnet.nl DNS servers: itgbox.cnuce.cnr.it nameserver.cnr.it ns.surfnet.nl odin.cs.cornell.edu serra.unipi.it survey.surfnet.nl: is only in DB and is OK DNS add 131.114.0.0: survey.surfnet.nl *in: 131.155.0.0 *na: TUENET1 *de: Technische Universiteit Eindhoven *de: Eindhoven *cy: NL *ac: Joop Schillemans *tc: Joep Brand *co: RIPE NSF SURF *ni: 1=590 *rz: tuegate.tue.nl *ch: piet at cwi.nl 910501 *so: RIPE DB servers: tuegate.tue.nl DNS servers: rc6.urc.tue.nl tuegate.tue.nl rc6.urc.tue.nl: is only in DNS and is OK DB add 131.155.0.0: rc6.urc.tue.nl *in: 131.174.0.0 *na: NUNET *de: Universiteit Nijmegen *de: Nijmegen *cy: NL *ac: Jos Alsters *ac: Peter van Campen *tc: Jos Alsters *tc: Peter van Campen *co: RIPE NSF SURF *ni: 1=590 *rz: wn1.sci.kun.nl *rz: wn3.sci.kun.nl *ch: piet at cwi.nl 910501 *so: RIPE DB servers: wn1.sci.kun.nl wn3.sci.kun.nl DNS servers: wn0.sci.kun.nl wn3.sci.kun.nl wn0.sci.kun.nl: is only in DNS and is OK wn1.sci.kun.nl: is only in DB and does not exist! DB add 131.174.0.0: wn0.sci.kun.nl DB remove 131.174.0.0: wn1.sci.kun.nl *in: 131.211.0.0 *na: RUUNET *de: Universiteit Utrecht *de: Utrecht *cy: NL *ac: Dre Hopmans *tc: Dre Hopmans *co: RIPE NSF SURF *ni: 1=590 *rz: accucx.cc.ruu.nl *rz: praxis.cs.ruu.nl *ch: piet at cwi.nl 910501 *so: RIPE DB servers: accucx.cc.ruu.nl praxis.cs.ruu.nl DNS servers: accucx.cc.ruu.nl infix.cs.ruu.nl kali.cc.ruu.nl infix.cs.ruu.nl: is only in DNS and is OK kali.cc.ruu.nl: is only in DNS and is OK praxis.cs.ruu.nl: is only in DB and is not responding! DB add 131.211.0.0: infix.cs.ruu.nl kali.cc.ruu.nl From Piet.Beertema at mcsun.EU.net Tue Mar 2 11:03:09 1993 From: Piet.Beertema at mcsun.EU.net (Piet.Beertema at mcsun.EU.net) Date: Tue, 02 Mar 1993 11:03:09 +0100 Subject: in-addr.arpa zone data in RIPE database In-Reply-To: Your message of Mon, 01 Mar 93 18:26:45 +0100 . <9303011726.AA21353@ncc.ripe.net> Message-ID: <9303021003.AA26628@mcsun.EU.net> Questions: Should we automatically make the suggested changes in the RIPE database? No. Or should we send mail to the technical contacts asking them to change things? Yes. We have asked the NIC accept change notices from us, so that registration of reverse servers in the database would be enough to get them into the DNS. Is this desirable? NO!! These actions would bring RIPE on the edge of interfering with the responsabilities of the authoritative persons for a given zone, be it for "forward" or reverse mapping. The best RIPE can do is to send a notification to the authority of a given zone in case of obvious *errors*, NOT if servers are missing in the DB, since there may be good reason why they are "missing". Suppose I would be in foo.XX and I would have a large network with, say, 10 internal and 2 external nameservers for my domain; if I would loose connectivity to the outside world, those 10 internal nameservers would be unreachable and it would be pointless to have nameservers all over the Internet try to query them all. Therefore I would have only, say, 2 internal and the 2 external servers listed for foo.XX in the XX zone file and in the RIPE DB and I would absolutely not appreciate it if RIPE would send me time and again a notification that there are more servers for foo.XX than actually listed in the XX zone or the DB. Piet From Piet.Beertema at mcsun.EU.net Tue Mar 2 13:12:05 1993 From: Piet.Beertema at mcsun.EU.net (Piet.Beertema at mcsun.EU.net) Date: Tue, 02 Mar 1993 13:12:05 +0100 Subject: in-addr.arpa zone data in RIPE database In-Reply-To: Your message of Tue, 2 Mar 93 13:00:57 MET . <9303021200.AA15094@jolly.nis.garr.it> Message-ID: <9303021212.AA01817@mcsun.EU.net> > > We have asked the NIC accept change notices from us, so tha t > registration of reverse servers in the database would be > enough to get them into the DNS. Is this desirable? > NO!! I do not agree, I think it would be very useful to the European networking community to interact with RIPE-NCC only instead of having to interact with both RIPE-NCC and the US NIC Interaction is fine. But RIPE stepping into someone else's authority is quite something different! I don't see the point in what Piet says: ..... If you "have only, say, 2 internal and the 2 external servers listed for foo.XX in the XX zone file" how could the RIPE-NCC script discover the other 8 internal servers? Looking in glass ball? Reread the original message: it explicitly contained a sentence: Then a list of all reverse servers found in the DNS: which implies that DNS is queried to find all (in this case reverse) nameservers. How that's done is irrelevant. Piet From bonito at nis.garr.it Tue Mar 2 13:00:57 1993 From: bonito at nis.garr.it (Antonio_Blasco Bonito) Date: Tue, 2 Mar 93 13:00:57 MET Subject: in-addr.arpa zone data in RIPE database In-Reply-To: <9303021003.AA26628@mcsun.EU.net>; from "Piet.Beertema@mcsun.EU.net" at Mar 2, 93 11:03 am Message-ID: <9303021200.AA15094@jolly.nis.garr.it> > > Questions: > Should we automatically make the suggested changes in the > RIPE database? > No. I agree because there could be some cases which are not properly detected by the automated scripts or other cases where a dns-manager is voluntarily keeping things disalligned > > Or should we send mail to the technical contacts asking them > to change things? > Yes. I agree because many dns-managers do not even know of their registration problems. > > We have asked the NIC accept change notices from us, so that > registration of reverse servers in the database would be > enough to get them into the DNS. Is this desirable? > NO!! I do not agree, I think it would be very useful to the European networking community to interact with RIPE-NCC only instead of having to interact with both RIPE-NCC and the US NIC I don't see the point in what Piet says: > > These actions would bring RIPE on the edge of interfering > with the responsabilities of the authoritative persons for > a given zone, be it for "forward" or reverse mapping. The > best RIPE can do is to send a notification to the authority > of a given zone in case of obvious *errors*, NOT if servers > are missing in the DB, since there may be good reason why > they are "missing". Suppose I would be in foo.XX and I would > have a large network with, say, 10 internal and 2 external > nameservers for my domain; if I would loose connectivity to > the outside world, those 10 internal nameservers would be > unreachable and it would be pointless to have nameservers > all over the Internet try to query them all. Therefore I > would have only, say, 2 internal and the 2 external servers > listed for foo.XX in the XX zone file and in the RIPE DB > and I would absolutely not appreciate it if RIPE would send > me time and again a notification that there are more servers > for foo.XX than actually listed in the XX zone or the DB. If you "have only, say, 2 internal and the 2 external servers listed for foo.XX in the XX zone file" how could the RIPE-NCC script discover the other 8 internal servers? Looking in glass ball? ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito at nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 (50) 593246 Via S. Maria, 36 Telex: 500371 CNUCE I 56126 PISA Italy Fax: +39 (50) 904052 ---------- ---------- From bonito at nis.garr.it Tue Mar 2 14:35:57 1993 From: bonito at nis.garr.it (Antonio_Blasco Bonito) Date: Tue, 2 Mar 93 14:35:57 MET Subject: in-addr.arpa zone data in RIPE database In-Reply-To: <9303021212.AA01817@mcsun.EU.net>; from "Piet.Beertema@mcsun.EU.net" at Mar 2, 93 1:12 pm Message-ID: <9303021335.AA15428@jolly.nis.garr.it> > > > > > We have asked the NIC accept change notices from us, so tha > t > > registration of reverse servers in the database would be > > enough to get them into the DNS. Is this desirable? > > NO!! > I do not agree, I think it would be very useful to the European > networking community to interact with RIPE-NCC only instead of > having to interact with both RIPE-NCC and the US NIC > Interaction is fine. But RIPE stepping into someone > else's authority is quite something different! I don't see any problem with that as long as we (european networking people) agree to send update to the RIPE-NCC instead of sending them to the NIC. This is exactly what we already do when registering new networks. Is there anybody who liked more the previous situation (having to wait many days, frequent errors in the database, etc) than the present one? I don't see any difference between registering a new network and registrering inverse nameservers for a network. I only need a place where to send my updates that can guarantee that they are put in the proper servers... > > I don't see the point in what Piet says: > ..... > If you "have only, say, 2 internal and the 2 external servers > listed for foo.XX in the XX zone file" how could the RIPE-NCC script > discover the other 8 internal servers? Looking in glass ball? > Reread the original message: it explicitly contained > a sentence: > Then a list of all reverse servers found in the DNS: > which implies that DNS is queried to find all (in this > case reverse) nameservers. How that's done is irrelevant. If you do not list server in the authoritative zone file they ARE NOT FOUND in the DNS. In fact it makes no sense to list Internet unreachable servers in a zone file which is exported to the world by an Internet connected server ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito at nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 (50) 593246 Via S. Maria, 36 Telex: 500371 CNUCE I 56126 PISA Italy Fax: +39 (50) 904052 ---------- ---------- From Piet.Beertema at mcsun.EU.net Tue Mar 2 14:47:08 1993 From: Piet.Beertema at mcsun.EU.net (Piet.Beertema at mcsun.EU.net) Date: Tue, 02 Mar 1993 14:47:08 +0100 Subject: in-addr.arpa zone data in RIPE database In-Reply-To: Your message of Tue, 2 Mar 93 14:35:57 MET . <9303021335.AA15428@jolly.nis.garr.it> Message-ID: <9303021347.AA06706@mcsun.EU.net> Interaction is fine. But RIPE stepping into someone else's authority is quite something different! I don't see any problem with that as long as we (european networking people) agree to send update to the RIPE-NCC instead of sending them to the NIC. RIPE-DB and DNS are entirely different objects. I would like RIPE to notify me *in some cases* about discrepancies between my entries in the RIPE-DB and my DNS entries, but I do *NOT* want RIPE to step into my authority by asking or telling the NIC to change *MY* DNS info because they found discrepancies: I may well have good reason why those discrepancies exist. Piet From bonito at nis.garr.it Tue Mar 2 15:44:09 1993 From: bonito at nis.garr.it (Antonio_Blasco Bonito) Date: Tue, 2 Mar 93 15:44:09 MET Subject: in-addr.arpa zone data in RIPE database In-Reply-To: <9303021347.AA06706@mcsun.EU.net>; from "Piet.Beertema@mcsun.EU.net" at Mar 2, 93 2:47 pm Message-ID: <9303021444.AA15669@jolly.nis.garr.it> > > Interaction is fine. But RIPE stepping into someone else's > authority is quite something different! > I don't see any problem with that as long as we (european > networking people) agree to send update to the RIPE-NCC > instead of sending them to the NIC. > RIPE-DB and DNS are entirely different objects. Yes, indeed. Nonetheless I think it would be extremely useful for network managers in Europe to send their DNS updates to the RIPE-NCC only, knowing that they interface the NIC about the DNS root servers updates. Daniel, you can poll RIPErs on this, can you? > I would > like RIPE to notify me *in some cases* about discrepancies > between my entries in the RIPE-DB and my DNS entries, but > I do *NOT* want RIPE to step into my authority by asking > or telling the NIC to change *MY* DNS info because they > found discrepancies: I may well have good reason why those > discrepancies exist. If someone in Europe likes to have discrepancies, for whatever reason, he can certainly tell to RIPE-NCC: please do not forward my updates to the NIC! ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito at nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 (50) 593246 Via S. Maria, 36 Telex: 500371 CNUCE I 56126 PISA Italy Fax: +39 (50) 904052 ---------- ---------- From keith at pipex.net Tue Mar 2 16:27:31 1993 From: keith at pipex.net (Keith Mitchell) Date: Tue, 2 Mar 1993 15:27:31 GMT Subject: in-addr.arpa zone data in RIPE database In-Reply-To: Piet.Beertema@mcsun.EU.net "Re: in-addr.arpa zone data in RIPE database" (Mar 2, 2:47pm) References: <9303021347.AA06706@mcsun.EU.net> Message-ID: <9303021527.AA12207@brimstone.unipalm.co.uk> In <9303021347.AA06706 at mcsun.EU.net>, wrote: > Interaction is fine. But RIPE stepping into someone else's > authority is quite something different! > I don't see any problem with that as long as we (european > networking people) agree to send update to the RIPE-NCC > instead of sending them to the NIC. > RIPE-DB and DNS are entirely different objects. I would > like RIPE to notify me *in some cases* about discrepancies > between my entries in the RIPE-DB and my DNS entries, but > I do *NOT* want RIPE to step into my authority by asking > or telling the NIC to change *MY* DNS info because they > found discrepancies: I may well have good reason why those > discrepancies exist. This is a bit of an aside to the debate above, but there is something that has struck me as obvious which would make the management of in-addr.arpa much easier for everyone, and help with the above issue. Why not get all of 193.in-addr.arpa delegated to the RIPE NCC, and have it in turn delegate xx.193.in-addr.arpa to the service providers ? That way we don't have to deal directly with the creaking NIC, but authority is still delineated clearly by existing DNS mechanisms. This has not been possible in the past, due to the restriction of in-addr DNS delegations needing to be on byte boundaries, *but* that is exactly how the RIPE supernet block is being assigned. Or have I missed a good reason why this won't work ? Keith Mitchell Network Manager Public IP Exchange keith at pipex.net 216 The Science Park keith at unipalm.co.uk Cambridge, UK Phone: +44 223-424616 Fax: +44 223-426868 From Daniel.Karrenberg at ripe.net Tue Mar 2 16:38:36 1993 From: Daniel.Karrenberg at ripe.net (Daniel Karrenberg) Date: Tue, 02 Mar 93 16:38:36 +0100 Subject: in-addr.arpa zone data in RIPE database In-Reply-To: Your message of Tue, 02 Mar 93 15:27:31 GMT. <9303021527.AA12207@brimstone.unipalm.co.uk> Message-ID: <9303021538.AA03257@ncc.ripe.net> > keith at pipex.net (Keith Mitchell) writes: > > Why not get all of 193.in-addr.arpa delegated to the RIPE NCC, and > have it in turn delegate xx.193.in-addr.arpa to the service > providers ? We are working on this one too! It will be in place soon, NIC permitting. But a lot of nets are not in 193 ..... Daniel From Marten.Terpstra at ripe.net Tue Mar 2 16:42:32 1993 From: Marten.Terpstra at ripe.net (Marten Terpstra) Date: Tue, 02 Mar 93 16:42:32 +0100 Subject: in-addr.arpa zone data in RIPE database In-Reply-To: Your message of Tue, 02 Mar 93 15:27:31 GMT. <9303021527.AA12207@brimstone.unipalm.co.uk> Message-ID: <9303021542.AA03273@ncc.ripe.net> keith at pipex.net (Keith Mitchell) writes: * * This is a bit of an aside to the debate above, but there is * something that has struck me as obvious which would make the * management of in-addr.arpa much easier for everyone, and help with * the above issue. * * Why not get all of 193.in-addr.arpa delegated to the RIPE NCC, and * have it in turn delegate xx.193.in-addr.arpa to the service * providers ? * * That way we don't have to deal directly with the creaking NIC, but * authority is still delineated clearly by existing DNS mechanisms. * This has not been possible in the past, due to the restriction of * in-addr DNS delegations needing to be on byte boundaries, *but* * that is exactly how the RIPE supernet block is being assigned. * * Or have I missed a good reason why this won't work ? You have not missed anything. Even better yet, currently there is a dummy 193.in-addr.arpa server running at the NCC all in preparation of the full delegation of 193.in-addr.arpa from the NIC. We are indeed planning to further delegate blocks down to service providers. So, good idea, and almost implemented. We are just waiting for the NIC to officially delegate the zone, then all of that will be done. We are in the process of writing some guidelines for further delegation of blocks, because there are things like: a customer of yours has IP numbers from your block, and has properly registered in-addr through you (you have the block in-addr). What happens with the in-addr for this customer if he decides to go to the provider next door, because he is much cheaper ? Of course you will have to continue providing the delegateion RRs for this customer, but then what if the other provider cannot or will not talk to you (IP wise). There is more of these things that need to be written down carefully. Still, there are the issues of the DNS versus the DB, but I feel that others are already dealing with that one ;-) -Marten From Havard.Eidnes at runit.sintef.no Tue Mar 2 18:02:41 1993 From: Havard.Eidnes at runit.sintef.no (Havard Eidnes) Date: Tue, 02 Mar 1993 18:02:41 +0100 Subject: in-addr.arpa zone data in RIPE database In-Reply-To: Your message of "Tue, 02 Mar 1993 15:44:09 +0700." <9303021444.AA15669@jolly.nis.garr.it> Message-ID: <9303021702.AA06545@spurv> Hi, I think that the current apparent disagreement between Piet Beertema and Antonio Blasco Bonito is no real disagreement. What I think Piet objects to, is that the RIPE NCC, after querying the DNS (which in far, far too many cases is misconfigured), would take the results and automatically 1) carry out a database update in the RIPE DB 2) forward a change request to the US NIC on the basis of the DNS information I fully agree with Piet that this is a bad idea. Nevertheless, I think it is a good idea to sometimes carry out a "consistency check" between what is in the RIPE database and what is actually registered in the DNS. In that case, it would probably be nice to register "known inconsistencies" (in the vein that Piet suggested, and which is in use for eg. dec.com -- use your favourite lookup tool), so that one is not reminded of the same "error" lots of times. What I think Antonio is saying, is that it would be nice to only have to send in registration for a network to the RIPE NCC, and include the "rev-srv" attribute, and that this information could be forwarded to the US NIC for them to do the corresponding addition/change in in-addr.arpa. I also happen to agree with Antonio that this is a good idea. As for the 129.177 network, umm... :-) I'll send in an update. Regards, - Havard From Piet.Beertema at cwi.nl Tue Mar 2 18:51:03 1993 From: Piet.Beertema at cwi.nl (Piet Beertema) Date: Tue, 02 Mar 1993 18:51:03 +0100 Subject: in-addr.arpa zone data in RIPE database In-Reply-To: Your message of Tue, 02 Mar 1993 18:02:41 +0100 . <9303021702.AA06545@spurv> Message-ID: <9303021751.AA01517=piet@kraai.cwi.nl> What I think Piet objects to, is that the RIPE NCC, after querying the DNS (which in far, far too many cases is misconfigured), would take the results and automatically 1) carry out a database update in the RIPE DB 2) forward a change request to the US NIC on the basis of the DNS information That's indeed exactly what I'm objection to, since that comes down to RIPE stepping into the authority of the really responsible persons. Nevertheless, I think it is a good idea to sometimes carry out a "consistency check" between what is in the RIPE database and what is actually registered in the DNS. In that case, it would probably be nice to register "known inconsistencies" (in the vein that Piet suggested, and which is in use for eg. dec.com -- use your favourite lookup tool), so that one is not reminded of the same "error" lots of times. Fully agreed. What I think Antonio is saying, is that it would be nice to only have to send in registration for a network to the RIPE NCC, and include the "rev-srv" attribute, and that this information could be forwarded to the US NIC for them to do the corresponding addition/ change in in-addr.arpa. I also happen to agree with Antonio that this is a good idea. I agree that this would indeed be a good idea, on the provision that not RIPE, but the person submitting the registrations/changes is taken to be authoritative in the NIC's database. Piet From bonito at nis.garr.it Tue Mar 2 19:06:17 1993 From: bonito at nis.garr.it (Antonio_Blasco Bonito) Date: Tue, 2 Mar 93 19:06:17 MET Subject: in-addr.arpa zone data in RIPE database In-Reply-To: <9303021751.AA01517=piet@kraai.cwi.nl>; from "Piet Beertema" at Mar 2, 93 6:51 pm Message-ID: <9303021806.AA16584@jolly.nis.garr.it> > > What I think Piet objects to, is that the RIPE NCC, after querying > the DNS (which in far, far too many cases is misconfigured), would > take the results and automatically > 1) carry out a database update in the RIPE DB > 2) forward a change request to the US NIC on > the basis of the DNS information > That's indeed exactly what I'm objection to, since > that comes down to RIPE stepping into the authority > of the really responsible persons. > > Nevertheless, I think it is a good idea to sometimes carry out a > "consistency check" between what is in the RIPE database and what > is actually registered in the DNS. In that case, it would probably > be nice to register "known inconsistencies" (in the vein that Piet > suggested, and which is in use for eg. dec.com -- use your favourite > lookup tool), so that one is not reminded of the same "error" lots > of times. > Fully agreed. > > What I think Antonio is saying, is that it would be nice to only > have to send in registration for a network to the RIPE NCC, and > include the "rev-srv" attribute, and that this information could > be forwarded to the US NIC for them to do the corresponding addition/ > change in in-addr.arpa. I also happen to agree with Antonio that > this is a good idea. > I agree that this would indeed be a good idea, on the > provision that not RIPE, but the person submitting > the registrations/changes is taken to be authoritative > in the NIC's database. > > > Piet > > Many thanks to Havard !!! I agree on everything above. ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito at nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 (50) 593246 Via S. Maria, 36 Telex: 500371 CNUCE I 56126 PISA Italy Fax: +39 (50) 904052 ---------- ---------- From jalm at spirou.puug.pt Wed Mar 3 19:34:21 1993 From: jalm at spirou.puug.pt (Jose Legatheaux Martins) Date: Wed, 3 Mar 93 10:34:21 PST Subject: in-addr.arpa zone data in RIPE database Message-ID: <9303031834.AA02000@spirou.puug.pt> ...... Still, there are the issues of the DNS versus the DB, but I feel that others are already dealing with that one ;-) In the previous discussion concerning DNS and RIPE database coherence, I think that we should try to keep separate different issues (DNS and RIPE dbm). 1) We have a system designed to deal with addressing, naming servers, etc. the DNS. We should concentrate on this system for this purpose. It should be considered the real source of information for the data it as been designed to deal with. So, the place were I can find the information about servers, addresses, etc. is in the DNS. Well, DNS has been designed to be managed in a decentralized way. This is a very good point but it has a very bad point: in general it contains lots of errors and inconsistencies. Conclusion: we should invest in tools to detect such errors and notify the administrators concerned. There are some of these tools available in the archive of RIPE. Anyway, I, as an administrator, would prefer to have a single point of focus for stating which are the servers running authoritative for my domain or for the reverse mapping of my network and that is the DNS, nothing more. 2) We have the RIPE database: this is a very good tool to deal with some administrative data. Well, lets use it for this purpose. Anyway, we should avoid to have to deal manually with DUPLICATE data. So, we should avoid to have information about servers and addresses of those servers in the RIPE dbm. My suggestion is: use the RIPE dbm to deal * only * with those informations that cannot be effectively registered in the DNS. If we decide to maintain in the RIPE dbm information about DNS servers, those fields should be automatically updated from the DNS on a (for example) monthly basis. And its semantics should be seen as "the vison about this subject that the tools of the RIPE NCC have been able to extract from the DNS some XXX days ago". I do not believe on centralized repositories and management unless I have no other way to avoid it. I do not believe in consistency maintained mannually by hundreds (thousands ?) of administrators. Jose' From Daniel.Karrenberg at ripe.net Wed Mar 3 12:02:51 1993 From: Daniel.Karrenberg at ripe.net (Daniel Karrenberg) Date: Wed, 03 Mar 93 12:02:51 +0100 Subject: in-addr.arpa zone data in RIPE database In-Reply-To: Your message of Tue, 02 Mar 93 18:02:41 +0100. <9303021702.AA06545@spurv> Message-ID: <9303031102.AA05793@ncc.ripe.net> To summarise and conclude from the discussion: All comments -also the ones sent to me privately- were unanimous on this: There will be no automatic updates of the RIPE DB. If database information is believed to be inconsistent the rechnical contact persons will be notified together with suggested corrections. They can then decide whether to send in the suggested corrections. What remains open is the question on whether in-addr.arpa zone registrations should be effected automatically by registering the 'rev-srv' field in the RIPE database. I have had quite a few comments from people who want this and I personally agree it would be a nice feature. Some people actually assumed this was the way it was working already and complained that they had to register in-addr.arpa separately with the NIC! I do not see Piet's argument that this would mean a loss of authority of the network contacts. They have the same authority for changing the RIPE database than they have for changing the NIC database which then generates the in-addr.arpa zone information. Just the procedure would be different, and easier: One stop shopping with no additional cost (and no warranty of agency :-), sorry inside joke). So my proposal would be to do this in steps: First clean up the inconsistencies in the RIPE database using the procedure above. Then populate the database with the current in-addr.arpa information, notifying the tech contacts of each change. After these two steps the information in in-addr.arpa and both the NIC and RIPE databases is consistent. Then initiate changes of in-addr.arpa whenever the 'rev-srv' attribute in the RIPE DB is changed. This means the one stop shopping is effective. Until confidence is built we can notify the tech contacts whenever such a change is made. Is this acceptable? Daniel From Daniel.Karrenberg at ripe.net Wed Mar 3 12:18:35 1993 From: Daniel.Karrenberg at ripe.net (Daniel Karrenberg) Date: Wed, 03 Mar 93 12:18:35 +0100 Subject: in-addr.arpa zone data in RIPE database In-Reply-To: Your message of Wed, 03 Mar 93 10:34:21 PST. <9303031834.AA02000@spirou.puug.pt> Message-ID: <9303031118.AA05845@ncc.ripe.net> > jalm at spirou.puug.pt (Jose Legatheaux Martins) writes: > Conclusion: we should invest in tools to detect such errors and > notify the administrators concerned. There are some of these > tools available in the archive of RIPE. Anyway, I, as an administrator, > would prefer to have a single point of focus for stating which > are the servers running authoritative for my domain or for > the reverse mapping of my network and that is the DNS, nothing more. Fully agree and the proposal is to use the RIPE DB for this in Eurpe. > 2) We have the RIPE database: this is a very good tool to deal > with some administrative data. Well, lets use it for this purpose. > Anyway, we should avoid to have to deal manually with DUPLICATE > data. So, we should avoid to have information about servers > and addresses of those servers in the RIPE dbm. Of course there is a chicken and egg problem here. In order to use the DNS for anything, the appropriate NS RRs have to be put in somewhere. One has to keep a record of which NS RRs go where. Currently in-addr.arpa is centralised and this means that we need a centralised registry. > My suggestion is: use the RIPE dbm to deal * only * with those > informations that cannot be effectively registered in the DNS. Wholeheartedly agree. Remember I proposed to get rid of the domain object in the RIPE DB? Well I was told that there is some information in those objects that connot be represented in the DNS. So we kept it. > If we decide to maintain in the RIPE dbm information about > DNS servers, those fields should be automatically updated from > the DNS on a (for example) monthly basis. See "chicken and egg" above. > I do not believe on centralized repositories and management unless > I have no other way to avoid it. In general you are right. > I do not believe in consistency maintained mannually by hundreds > (thousands ?) of administrators. That's why you are right only "in general". Daniel From bonito at nis.garr.it Wed Mar 3 13:13:52 1993 From: bonito at nis.garr.it (Antonio_Blasco Bonito) Date: Wed, 3 Mar 93 13:13:52 MET Subject: in-addr.arpa zone data in RIPE database In-Reply-To: <9303031102.AA05793@ncc.ripe.net>; from "Daniel Karrenberg" at Mar 3, 93 12:02 pm Message-ID: <9303031213.AA01094@jolly.nis.garr.it> Daniel Karrenberg says: > What remains open is the question on whether in-addr.arpa zone > registrations should be effected automatically by registering the > 'rev-srv' field in the RIPE database. I have had quite a few > comments from people who want this and I personally agree it would be a > nice feature. Some people actually assumed this was the way it was working > already and complained that they had to register in-addr.arpa separately > with the NIC! > > I do not see Piet's argument that this would mean a loss of authority of > the network contacts. They have the same authority for changing the > RIPE database than they have for changing the NIC database which then > generates the in-addr.arpa zone information. Just the procedure would > be different, and easier: One stop shopping with no additional cost > (and no warranty of agency :-), sorry inside joke). > > So my proposal would be to do this in steps: > > First clean up the inconsistencies in the RIPE database using the > procedure above. > > Then populate the database with the current in-addr.arpa information, > notifying the tech contacts of each change. > > After these two steps the information in in-addr.arpa and both the NIC > and RIPE databases is consistent. > > Then initiate changes of in-addr.arpa whenever the 'rev-srv' attribute > in the RIPE DB is changed. This means the one stop shopping is > effective. Until confidence is built we can notify the tech contacts > whenever such a change is made. > > Is this acceptable? YES, I very much agree with this plan. I have to say, commenting some other mail on the subject, that the DNS is a distributed database BUT the in-addr.arpa registration is indeed a centralized service, so I prefer very much to have the RIPE-NCC as my counterpart in this tedious matter, rather than the US NIC. The NCC has proven to much more efficient and responsive than the US NIC. Full stop. ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito at nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 (50) 593246 Via S. Maria, 36 Telex: 500371 CNUCE I 56126 PISA Italy Fax: +39 (50) 904052 ---------- ---------- From Piet.Beertema at mcsun.EU.net Wed Mar 3 13:44:18 1993 From: Piet.Beertema at mcsun.EU.net (Piet.Beertema at mcsun.EU.net) Date: Wed, 03 Mar 1993 13:44:18 +0100 Subject: in-addr.arpa zone data in RIPE database In-Reply-To: Your message of Wed, 03 Mar 93 12:02:51 +0100 . <9303031102.AA05793@ncc.ripe.net> Message-ID: <9303031244.AA28816@mcsun.EU.net> What remains open is the question on whether in-addr.arpa zone registrations should be effected automatically by registering the 'rev-srv' field in the RIPE database. I have had quite a few comments from people who want this and I personally agree it would be a nice feature. I do not see Piet's argument that this would mean a loss of authority of the network contacts. This form of "indirect registration" would indeed not mean loss of authority. The problem remains though that separate functions - DB and DNS - become intermixed here. And then whom do you contact/tell/flame if the root servers contain wrong information? An indirect way of correcting things via submissions to the RIPE DB in my view is far from ideal, as it may well introduce unnecessary delays. And once you start doing such things for the reverse servers, the next step may well be doing the same for "forward servers"; then how can e.g. a top level domain registrar determine whether a given change is valid, e.g. comes from an authoritative person? Piet From Havard.Eidnes at runit.sintef.no Wed Mar 3 14:36:09 1993 From: Havard.Eidnes at runit.sintef.no (Havard Eidnes) Date: Wed, 03 Mar 1993 14:36:09 +0100 Subject: in-addr.arpa zone data in RIPE database In-Reply-To: Your message of "Wed, 03 Mar 1993 13:44:18 +0100." <9303031244.AA28816@mcsun.EU.net> Message-ID: <9303031336.AA18977@spurv> > An indirect way of correcting things via submissions to the RIPE DB in my > view is far from ideal, as it may well introduce unnecessary delays. Soon this argument will be moot for at least 193.in-addr.arpa... > And once you start doing such things for the reverse servers, the next > step may well be doing the same for "forward servers"; then how can e.g. > a top level domain registrar determine whether a given change is valid, > e.g. comes from an authoritative person? Call (ie. phone) the supplied administrative contact person? How do you ensure authority today? - Havard From Piet.Beertema at cwi.nl Wed Mar 3 15:55:29 1993 From: Piet.Beertema at cwi.nl (Piet Beertema) Date: Wed, 03 Mar 1993 15:55:29 +0100 Subject: in-addr.arpa zone data in RIPE database In-Reply-To: Your message of Wed, 03 Mar 1993 14:36:09 +0100 . <9303031336.AA18977@spurv> Message-ID: <9303031455.AA02871=piet@kraai.cwi.nl> An indirect way of correcting things via submissions to the RIPE DB in my view is far from ideal, as it may well introduce unnecessary delays. Soon this argument will be moot for at least 193.in-addr.arpa... True. Now if only the world consisted solely of 193.in-addr.arpa... ....then how can e.g. a top level domain registrar determine whether a given change is valid, e.g. comes from an authoritative person? How do you ensure authority today? By checking against my TLD admin files. Piet From bonito at nis.garr.it Wed Mar 3 19:09:48 1993 From: bonito at nis.garr.it (Antonio_Blasco Bonito) Date: Wed, 3 Mar 93 19:09:48 MET Subject: in-addr.arpa zone data in RIPE database In-Reply-To: <9303031244.AA28816@mcsun.EU.net>; from "Piet.Beertema@mcsun.EU.net" at Mar 3, 93 1:44 pm Message-ID: <9303031809.AA03972@jolly.nis.garr.it> > > What remains open is the question on whether in-addr.arpa zone > registrations should be effected automatically by registering the > 'rev-srv' field in the RIPE database. I have had quite a few > comments from people who want this and I personally agree it would > be a nice feature. > I do not see Piet's argument that this would mean a loss of authority > of the network contacts. > This form of "indirect registration" would indeed not mean > loss of authority. The problem remains though that separate > functions - DB and DNS - become intermixed here. And then > whom do you contact/tell/flame if the root servers contain > wrong information? An indirect way of correcting things via > submissions to the RIPE DB in my view is far from ideal, as > it may well introduce unnecessary delays. And once you start > doing such things for the reverse servers, the next step may > well be doing the same for "forward servers"; then how can > e.g. a top level domain registrar determine whether a given > change is valid, e.g. comes from an authoritative person? There no need to do that for forward servers because they are structured as a distributed three and the authority is delegated at each level. In practice today the US NIC does not check at all if a rev-srv change comes from an "authoritative person" because they do not check where the mail request comes from and it is practically impossible for them to pick a phone an call someone in Europe. So this is not the point. ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito at nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 (50) 593246 Via S. Maria, 36 Telex: 500371 CNUCE I 56126 PISA Italy Fax: +39 (50) 904052 ---------- ---------- From Marten.Terpstra at ripe.net Thu Mar 18 16:01:21 1993 From: Marten.Terpstra at ripe.net (Marten Terpstra) Date: Thu, 18 Mar 93 16:01:21 +0100 Subject: 193.in-addr.arpa block delegation procedures (draft) In-Reply-To: Your message of Tue, 16 Mar 93 15:58:01 +0100. <9303161458.AA28212@spurv> Message-ID: <9303181501.AA03643@ncc.ripe.net> [Comments from Havard] * - how do one request delegation of a subdomain of 193.in-addr.arpa. * Contact hostmaster at ripe.net with a free-form text message, or should we * bother to create a form? Ahh, no extra forms please !!! All we need to know is class C block, and all the servers. I do not think we need another form for that ... Please just contact hostmaster at ripe.net with the needed information. We will be able to parse it ;-) Or maybe the suggestions below ... * - How will the domain administrators for the subdomains of 193.in-addr.arpa * be made aware of a desire to have delegation installed for a subdomain? * There was some talk about doing this semi-automatically with the nic when * a RIPE network registration form was sent in to ripe-dbm at ripe.net or * assign at ripe.net, could this be used here (in addition to other means)? In fact we have the following in mind. For blocks that are not yet delegated, we intend to use the information people supply in the "rev-srv:" field to update the 193.in-addr.arpa domain. For blocks that have been delegated, the people that have been assigned class C nets from such a block should be made aware that reverse registration should be done by either the NCC is the local registry does NOT run the delegated block, or by the local registry. We could look into extending our "rev-srv:" program to notify maintainers of blocks in 193.in-addr.arpa if the information in the database has changed. They could then update their zones if needed. This however does imply that the "rev-srv:" field becomes authoritative for reverse mapping (and not vice versa) [Suggestions from Blasco] * 2a. The names of the reverse nameserver which are delegated by RIPE-NCC * to act as authoritative servers for a 256-class C block are sent * to the RIPE-NCC and registered in the RIPE db using a template * like this: * * inetnum: 193.x.0.0 (where x is the block number) * * zone-c: * rev-srv: * rev-srv: * rev-srv: ns.ripe.net * * as soon as the Local IR receives from RIPE-NCC a new block to * administer. I do not quite like this idea. 193.x.0.0 is a normal class C network number that just could be used (although we recommend not to do so) and I hate having information in the database with "some special meaning you have to know". The other thing would be to just have an extra entry for the complete block in the database (so you would get two answers if you queried a network inside the block), but that I do not like because you are not responsible for individual nets inside the block... If you really want to put it in the database, why not send in an object like: domain: 204.193.in-addr.arpa descr: blah zone-c: nserver: nserver: nserver: ns.ripe.net .... It is a domain, so why not pick the right object for it ? * 7. Usually the registration of reverse servers for individual class C nets * or class C subblocks is done by the service provider who is administering * the whole 256-class C block who in turn notifies the RIPE-NCC sending * an updated network template for inclusion in the RIPE db. * However should the RIPE-NCC receive any template for a single class C net * or subblock not from the service provider, they must forward the template * to the authoritative zone-c for the 256-class C block. Totally agree. We will not "overrule" delegations by putting them directly in 193.in-addr.arpa, like we expect hostmaster at nic.ddn.mil to do the same. We will of course forward such requests. I will update the document with regard to the last point, and the other point if we can each agreement on the "how to notify I want a block delegated". An object like above could be used as a request for delegation of a block. -Marten From bonito at nis.garr.it Thu Mar 18 17:30:30 1993 From: bonito at nis.garr.it (Antonio_Blasco Bonito) Date: Thu, 18 Mar 93 17:30:30 MET Subject: 193.in-addr.arpa block delegation procedures (draft) In-Reply-To: <9303181501.AA03643@ncc.ripe.net>; from "Marten Terpstra" at Mar 18, 93 4:01 pm Message-ID: <9303181630.AA18345@jolly.nis.garr.it> Uhmmm, may be I'm wrong but I see some inconsistencies in your considerations: > * - How will the domain administrators for the subdomains of 193.in-addr.arpa > * be made aware of a desire to have delegation installed for a subdomain? > * There was some talk about doing this semi-automatically with the nic when > * a RIPE network registration form was sent in to ripe-dbm at ripe.net or > * assign at ripe.net, could this be used here (in addition to other means)? > > In fact we have the following in mind. For blocks that are not yet delegated, > we intend to use the information people supply in the "rev-srv:" field to > update the 193.in-addr.arpa domain. For blocks that have been delegated, the > people that have been assigned class C nets from such a block should be made > aware that reverse registration should be done by either the NCC is the local > registry does NOT run the delegated block, or by the local registry. > We could look into extending our "rev-srv:" program to notify maintainers of > blocks in 193.in-addr.arpa if the information in the database has changed. > They could then update their zones if needed. This however does imply that > the "rev-srv:" field becomes authoritative for reverse mapping (and not vice > versa) Here you are saying to use rev-srv which is a network tag in the database. > [Suggestions from Blasco] > > * 2a. The names of the reverse nameserver which are delegated by RIPE-NCC > * to act as authoritative servers for a 256-class C block are sent > * to the RIPE-NCC and registered in the RIPE db using a template > * like this: > * > * inetnum: 193.x.0.0 (where x is the block number) > * > * zone-c: > * rev-srv: > * rev-srv: > * rev-srv: ns.ripe.net > * > * as soon as the Local IR receives from RIPE-NCC a new block to > * administer. > > I do not quite like this idea. 193.x.0.0 is a normal class C network number > that just could be used (although we recommend not to do so) and I hate > having information in the database with "some special meaning you have to > know". The other thing would be to just have an extra entry for the complete > block in the database (so you would get two answers if you queried a network > inside the block), but that I do not like because you are not responsible for > individual nets inside the block... If you really want to put it in the > database, why not send in an object like: > > domain: 204.193.in-addr.arpa > descr: blah > zone-c: > nserver: > nserver: > nserver: ns.ripe.net > .... > > It is a domain, so why not pick the right object for it ? Here you say that the nserver (domain tag) should be used. What you say is right, so I can agree to use domains in the database to give reverse servers information but then we should always use them to be consistent. In this case the decision should be to avoid the usage of rev-srv network tags in the future and to use nserver domain tag instead for each network regardless of being it class B, single or block class C. Moreover it makes no sense to register reverse servers for a block of class C because the DNS doesn't have any knowledge of blocks: any nameserver manager has to register every single network in a block in the DNS. If we adopt this way of registering reverse-servers it would be wise to issue a recommendation to convert old rev-srv network tags into domain entries with nserver tags. ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito at nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 (50) 593246 Via S. Maria, 36 Telex: 500371 CNUCE I 56126 PISA Italy Fax: +39 (50) 904052 ---------- ---------- From bonito at nis.garr.it Thu Mar 18 17:58:50 1993 From: bonito at nis.garr.it (Antonio_Blasco Bonito) Date: Thu, 18 Mar 93 17:58:50 MET Subject: 193.in-addr.arpa block delegation procedures (draft) In-Reply-To: <9303181648.AA04267@ncc.ripe.net>; from "Marten Terpstra" at Mar 18, 93 5:48 pm Message-ID: <9303181658.AA18479@jolly.nis.garr.it> > Yes and no inconsistent. I was just brainstorming a bit here, and since it > would be nice for some people to have the delegated blocks in the database I > was looking for a way to include them in the database. I do NOT want to > suggest here that all the rev-srv fields should be changed by sending in > in-addr,arpa domains for individual nets, just for the blocks. This might be > a bit confusing. I am just looking for possibilities that are both easy and > clear ... > > -Marten OK, but at least we have to decide about 193.something networks. Either we use rev-srv network tags or we use nserver domain tags. Using both is certainly tedious and confusing. ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito at nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 (50) 593246 Via S. Maria, 36 Telex: 500371 CNUCE I 56126 PISA Italy Fax: +39 (50) 904052 ---------- ---------- From Marten.Terpstra at ripe.net Thu Mar 18 17:48:18 1993 From: Marten.Terpstra at ripe.net (Marten Terpstra) Date: Thu, 18 Mar 93 17:48:18 +0100 Subject: 193.in-addr.arpa block delegation procedures (draft) In-Reply-To: Your message of Thu, 18 Mar 93 17:30:30 +0700. <9303181630.AA18345@jolly.nis.garr.it> Message-ID: <9303181648.AA04267@ncc.ripe.net> bonito at nis.garr.it (Antonio_Blasco Bonito) writes: * Uhmmm, may be I'm wrong but I see some inconsistencies in your consideration * of * > blocks in 193.in-addr.arpa if the information in the database has changed. * > They could then update their zones if needed. This however does imply that * > the "rev-srv:" field becomes authoritative for reverse mapping (and not vi * ce * > versa) * * Here you are saying to use rev-srv which is a network tag in the database. * * > nserver: ns.ripe.net * > .... * > * > It is a domain, so why not pick the right object for it ? * * Here you say that the nserver (domain tag) should be used. * * What you say is right, so I can agree to use domains in the database to give * reverse servers information but then we should always use them to be consist * ent. * * In this case the decision should be to avoid the usage of rev-srv network ta * gs * in the future and to use nserver domain tag instead for each network * regardless of being it class B, single or block class C. * Moreover it makes no sense to register reverse servers for a block of class * C * because the DNS doesn't have any knowledge of blocks: any nameserver * manager has to register every single network in a block in the DNS. * * If we adopt this way of registering reverse-servers it would be wise * to issue a recommendation to convert old rev-srv network tags into * domain entries with nserver tags. Yes and no inconsistent. I was just brainstorming a bit here, and since it would be nice for some people to have the delegated blocks in the database I was looking for a way to include them in the database. I do NOT want to suggest here that all the rev-srv fields should be changed by sending in in-addr,arpa domains for individual nets, just for the blocks. This might be a bit confusing. I am just looking for possibilities that are both easy and clear ... -Marten From woeber at cc.univie.ac.at Fri Mar 19 00:06:32 1993 From: woeber at cc.univie.ac.at (Wilfried Woeber, UniVie/ACOnet, +43 1 436111 355) Date: Thu, 18 Mar 1993 18:06:32 EST Subject: 193.in-addr.arpa block delegation procedures (draft) Message-ID: <00969B40.855A53A0.9816@cc.univie.ac.at> > individual nets inside the block... If you really want to put it in the > database, why not send in an object like: > > domain: 204.193.in-addr.arpa > descr: blah > zone-c: > nserver: > nserver: > nserver: ns.ripe.net > .... > I'm really in favour of this approach, because it seems to fit nicely into the system and we can access the information with tools that need not have any special knowledge, as Marten pointed out already. Wilfried. From Marten.Terpstra at ripe.net Fri Mar 19 12:17:22 1993 From: Marten.Terpstra at ripe.net (Marten Terpstra) Date: Fri, 19 Mar 93 12:17:22 +0100 Subject: 193.in-addr.arpa block delegation procedures (draft) In-Reply-To: Your message of Thu, 18 Mar 93 17:58:50 +0700. <9303181658.AA18479@jolly.nis.garr.it> Message-ID: <9303191117.AA06591@ncc.ripe.net> bonito at nis.garr.it (Antonio_Blasco Bonito) writes: * > Yes and no inconsistent. I was just brainstorming a bit here, and since it * > would be nice for some people to have the delegated blocks in the database * I * > was looking for a way to include them in the database. I do NOT want to * > suggest here that all the rev-srv fields should be changed by sending in * > in-addr,arpa domains for individual nets, just for the blocks. This might * be * > a bit confusing. I am just looking for possibilities that are both easy an * d * > clear ... * > * > -Marten * * OK, but at least we have to decide about 193.something networks. * Either we use rev-srv network tags or we use nserver domain tags. * Using both is certainly tedious and confusing. Blasco, I agree and I do not agree here (maybe I should make up my mind ;-) I agree that using both can be confusing, but they are used for different purposes. I would not like to see individual nets as in-addr.arpa domains in the database, because that information is superfluous in my view. There are no delegated blocks in the database yet, so I kind of like the idea of putting them (and only them) as in-addr.arpa domains in the db. The only ones that have to deal with these domains are registries, who I hope are not too easily confused. I could be wrong here. Anyone else with bright ideas ? Another thing would be to create YADO (Yet Another Database Object) for delegated blocks only, but I do not quite like that idea either. -Marten From bonito at nis.garr.it Fri Mar 19 13:29:36 1993 From: bonito at nis.garr.it (Antonio_Blasco Bonito) Date: Fri, 19 Mar 93 13:29:36 MET Subject: 193.in-addr.arpa block delegation procedures (draft) In-Reply-To: <9303191117.AA06591@ncc.ripe.net>; from "Marten Terpstra" at Mar 19, 93 12:17 pm Message-ID: <9303191229.AA25316@jolly.nis.garr.it> > > bonito at nis.garr.it (Antonio_Blasco Bonito) writes: > * > Yes and no inconsistent. I was just brainstorming a bit here, and since it > * > would be nice for some people to have the delegated blocks in the database > * I > * > was looking for a way to include them in the database. I do NOT want to > * > suggest here that all the rev-srv fields should be changed by sending in > * > in-addr,arpa domains for individual nets, just for the blocks. This might > * be > * > a bit confusing. I am just looking for possibilities that are both easy an > * d > * > clear ... > * > > * > -Marten > * > * OK, but at least we have to decide about 193.something networks. > * Either we use rev-srv network tags or we use nserver domain tags. > * Using both is certainly tedious and confusing. > > Blasco, > > I agree and I do not agree here (maybe I should make up my mind ;-) > I agree that using both can be confusing, but they are used for different > purposes. I would not like to see individual nets as in-addr.arpa domains in > the database, because that information is superfluous in my view. Maybe, but: - some individual net has already been registered in ripe db as in-addr.arpa domain and you have no way to avoid that, I guess. - when using inetnum entries and rev-srv tags an important information is missing: the zone-contact. > There are > no delegated blocks in the database yet, so I kind of like the idea of > putting them (and only them) as in-addr.arpa domains in the db. The only ones > that have to deal with these domains are registries, who I hope are not too > easily confused. What you are suggesting is to store in the database only one level of delegation (between RIPE-NCC and local registries). OK but the registries need to further delegate reverse resolution. If the ripe db cannot store the information about individual nets, local registries have to use some other tool, likely to be different for each registry. > I could be wrong here. Anyone else with bright ideas ? I don't think is a bright idea, but at this point I'm in favour of definining rev-srv tags obsolete and use only in-addr.arpa domains at any level. > Another thing would be to create YADO (Yet Another Database Object) for > delegated blocks only, but I do not quite like that idea either. me too. ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito at nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 (50) 593246 Via S. Maria, 36 Telex: 500371 CNUCE I 56126 PISA Italy Fax: +39 (50) 904052 ---------- ---------- From Marten.Terpstra at ripe.net Fri Mar 19 15:25:02 1993 From: Marten.Terpstra at ripe.net (Marten Terpstra) Date: Fri, 19 Mar 93 15:25:02 +0100 Subject: Use of RIPE DNS registration form In-Reply-To: Your message of Fri, 19 Mar 93 15:12:08 +0100. <9303191412.AA03856@spurv> Message-ID: <9303191425.AA07104@ncc.ripe.net> Havard Eidnes writes: * Hi, * * a question has recently arisen concerning the use of the RIPE form for * registering DNS domains in relation to registering names which only have MX * records associated with themselves. In this case, several of the mandatory * fields defined in the RIPE document ripe-49. In particular, we wonder what * we should do about these fields: Questions have been raised before. I have put in some comments given by people: * zone-c: * Should be zone contact of closest parent domain with a separate SOA * record? Why duplicate the information? According to some the zone-c for the closest SOA should be mentioned here. Other suggest that for MX only domains have no zone-c. * nserver: * Same as above? Each domain has a nserver, even an MX only domain. The MX records must be somewhere. This domain has no SOA though. * sub-dom: * Is it really necessary to list the sub-names in use (this also goes * for the general case, but also for the MX-only case) If you wish so. Most people do. Last meeting the DNS working group decided that the first level of useful domain names should be stored in the database, below that is for your own choice. You van in this way restrict the number of objects you have. Most useful level is usually 2, 3 in cases where co, ac and other second level domains are used: Useful: nikhef.nl ulcc.ac.uk ... Database and DNS working group, what say you ? -Marten From Marten.Terpstra at ripe.net Fri Mar 19 15:19:25 1993 From: Marten.Terpstra at ripe.net (Marten Terpstra) Date: Fri, 19 Mar 93 15:19:25 +0100 Subject: 193.in-addr.arpa block delegation procedures (draft) In-Reply-To: Your message of Fri, 19 Mar 93 13:29:36 +0700. <9303191229.AA25316@jolly.nis.garr.it> Message-ID: <9303191419.AA07083@ncc.ripe.net> bonito at nis.garr.it (Antonio_Blasco Bonito) writes: * > * > the database, because that information is superfluous in my view. * * Maybe, but: * - some individual net has already been registered in ripe db as in-addr.arpa * domain and you have no way to avoid that, I guess. Noop, if people have the need to send in in-addr.arpa domains for individual nets, please do so. No way we can and will avoid that ... * - when using inetnum entries and rev-srv tags an important information * is missing: the zone-contact. This is even more confusing if you ask me. Because the zone-c would only have a meaning relative to the rev-srv fields, not to the inetnum itself. I bet you a lot of people will fill in wrong information here, or simply not even understand what to put in here. * What you are suggesting is to store in the database only one level * of delegation (between RIPE-NCC and local registries). OK but the registries * need to further delegate reverse resolution. If the ripe db cannot store * the information about individual nets, local registries have to use * some other tool, likely to be different for each registry. In my opinion the rev-srv entry is enough information to store. Do you really want to generate an extra object for the reverse domains, where all the information (except the zone-c) is already in the inetnum object. You are of course free to do so. * > Another thing would be to create YADO (Yet Another Database Object) for * > delegated blocks only, but I do not quite like that idea either. After some in-house discussion here we would like to following: - requests for delegation of a block in 193.in-addr.arpa should be done by sending in the xxx.193.in-addr.arpa domain object to HOSTMASTER. - we will then forward all entries that are already in the 193.in-addr.arpa zone that belong to this block - we will check that the existing entries are put into the delegated zone. - we will delegate authority, and pass object to the database - we will forward any request for reverse registration inside this block to the zone-c for this reverse block. The question about zone-c in the inetnum object and/or removing the rev-srv field and replace it by an individual net.block.193.in-addr.arpa domain is something for the database and dns working group. We really would like to get the block delegation going. If noone has strong objections against the above procedure for block delegation (not the net things), I will update the document and send out a new version later today (probably tonight). -Marten From Havard.Eidnes at runit.sintef.no Fri Mar 19 15:44:04 1993 From: Havard.Eidnes at runit.sintef.no (Havard Eidnes) Date: Fri, 19 Mar 1993 15:44:04 +0100 Subject: Use of RIPE DNS registration form In-Reply-To: Your message of "Fri, 19 Mar 1993 15:25:02 +0100." <9303191425.AA07104@ncc.ripe.net> Message-ID: <9303191444.AA03988@spurv> > Questions have been raised before. I have put in some comments given by > people: > > * zone-c: > * Should be zone contact of closest parent domain with a separate SOA > * record? Why duplicate the information? > > According to some the zone-c for the closest SOA should be mentioned here. > Other suggest that for MX only domains have no zone-c. Since the MX-only domain is not a zone, there is really no need for a zone-c. > * nserver: > * Same as above? > > Each domain has a nserver, even an MX only domain. The MX records must be > somewhere. This domain has no SOA though. Same as above -- only zones have name servers, and MX-only domains do not have "name servers" of their own, they live in the parent zone. Thus, this will be duplication of information, and will be harder to maintain consistently whenever anything changes in the name server list of the parent zone. > * sub-dom: > * Is it really necessary to list the sub-names in use (this also goes > * for the general case, but also for the MX-only case) > > If you wish so. Most people do. Ouch! This is also duplication of information. If you are interested in all domains under a given top-level country domain registered in the RIPE database, you can perform this search by transferring the RIPE database and doing "agrep" on it, no? Or, if people insist that this information should be contained in a single object in the RIPE database, the list of subdomains of a domain could be automatically generated by the RIPE database software (more work for the database software hackers, I know...) - Havard From woeber at cc.univie.ac.at Fri Mar 19 22:01:10 1993 From: woeber at cc.univie.ac.at (Wilfried Woeber, UniVie/ACOnet, +43 1 436111 355) Date: Fri, 19 Mar 1993 16:01:10 EST Subject: 193.in-addr.arpa block delegation procedures (draft) Message-ID: <00969BF8.2C4C7000.9910@cc.univie.ac.at> | * > Another thing would be to create YADO (Yet Another Database Object) for | * > delegated blocks only, but I do not quite like that idea either. | |After some in-house discussion here we would like to following: | |- requests for delegation of a block in 193.in-addr.arpa should be done | by sending in the xxx.193.in-addr.arpa domain object to HOSTMASTER. |- we will then forward all entries that are already in the 193.in-addr.arpa | zone that belong to this block |- we will check that the existing entries are put into the delegated zone. |- we will delegate authority, and pass object to the database |- we will forward any request for reverse registration inside this block | to the zone-c for this reverse block. I like it. |The question about zone-c in the inetnum object and/or removing the rev-srv |field and replace it by an individual net.block.193.in-addr.arpa domain is |something for the database and dns working group. We really would like to get |the block delegation going. I think this is the essential thing. I propose to go ahead _doing_ it. Otherwise I'd even like to suggest a "back to square one" approach for the DB issues. I think we have to back up and figure out/define _what_ we want to organize for _which_ group of people. Generally my feeling is that we should try to - use _existing_ procedures wherever possible without "bending" them - invent new and _simple_ things if there is a need (the KISS principle) - keep the procedure for the "users" as simple as possible. Personally I prefer additional "small" objects that can be cross-checked automatically for consistency against "huge" multi-purpose objects with a lot of options and implied semantics. But that's probably a question of taste... |If noone has strong objections against the above procedure for block |delegation (not the net things), I will update the document and send out a |new version later today (probably tonight). My vote in favour. wilfried. -------------------------------------------------------------------------------- Wilfried Woeber : E-m: Wilfried.Woeber at CC.UniVie.ac.at (Internet) Computer Center - ACOnet : Z00WWR01 at AWIUNI11.BITNET (EARN) Vienna University : [ woeber at can.aconet.ada.at (X.400) ] Universitaetsstrasse 7 : [ S O P A C ] A-1010 Vienna, Austria, Europe : Tel: +43 1 436111 355, Fax: +43 1 436111 170 -------------------------------------------------------------------------------- From Marten.Terpstra at ripe.net Fri Mar 19 16:41:41 1993 From: Marten.Terpstra at ripe.net (Marten Terpstra) Date: Fri, 19 Mar 93 16:41:41 +0100 Subject: Use of RIPE DNS registration form In-Reply-To: Your message of Fri, 19 Mar 93 15:44:04 +0100. <9303191444.AA03988@spurv> Message-ID: <9303191541.AA07513@ncc.ripe.net> Havard Eidnes writes: * > * sub-dom: * > * Is it really necessary to list the sub-names in use (this also * goes * > * for the general case, but also for the MX-only case) * > * > If you wish so. Most people do. * * Ouch! This is also duplication of information. If you are interested in * all domains under a given top-level country domain registered in the RIPE * database, you can perform this search by transferring the RIPE database and * doing "agrep" on it, no? Or, if people insist that this information should * be contained in a single object in the RIPE database, the list of * subdomains of a domain could be automatically generated by the RIPE * database software (more work for the database software hackers, I know...) For top-level domain administrators it is not much work is it ? With all other administrativia it should be easy to update the top-level domain as well as the domain itself. I assume that a top-level domain administrator is the person that should send in domain entries for a top-level. Since he has to keep all objects himself, it cannot be very difficult to make a little tool to automatically generate the top-level domain. If you want us to make the tool, I'd be happy to ;-) I kind of like it to do the thing below, and not having to "agrep" through the complete database. -Marten % whois nl domain: nl descr: Top level domain for the Netherlands descr: c/o CWI, Kruislaan 413, NL 1098 SJ Amsterdam admin-c: P.C. Baayen tech-c: Piet Beertema zone-c: Daniel Karrenberg nserver: sering.cwi.nl mcsun.eu.net sunic.sunet.se nserver: brouilly.inria.fr ns.uu.net aos.brl.mil sub-dom: 400net sub-dom: aasup abd ace agro agrobtc aha ahold aie akam alliant amolf and sub-dom: antenna archis artmediatech ascad ashton-tate asml asser atcmp sub-dom: audacter azn azr sub-dom: baan baltzer bazis bimbv bmc borsu brinkman bso bssi bull sub-dom: can cbm cbs cbsc ccsom chess chw cipher comcons compunication comtecno sub-dom: consul convex cpb cpu cri ctg cti-software cwi sub-dom: dasc dataman dcmr delftgeot delgeo dg digicash digitalis diho dobdh sub-dom: dupaco sub-dom: ecn eim elsevier encore esa eur sub-dom: fokker fom force5 fourc fousupp foxim frame franciscus sub-dom: gbsp gbu getronics geveke ghbo gig gli gobe group gti-ia sub-dom: hacktic harris hbg hbo-raad hcsvt hen hes-rdam hhg hhs hivnet sub-dom: hkl hku hmb hny hobby hro hsa hsbos hsdehorst hse hut hwb hzeeland sub-dom: iaf iahl iamcr ibmx400 ice icgned icim icin icl icodo ict idg ifla sub-dom: ihe impact inducom ingres integrity ioo irdeto isc island ita itc sub-dom: ittpub ixonet sub-dom: jason jrc sub-dom: kap kema khzeist kim kitlv knaw-bibl kncv knmi koha konbib ksepl sub-dom: ksla ktibv kub kun kvi sub-dom: leidenuniv li logos sub-dom: marin meteocon mey mh minow mmph motorola mpi sub-dom: nacee nbd nblc nboi ncs neabbs neddata nedlloyd neogeo nfra nhl nhtv sub-dom: nias nidi nih nijenrode nikhef nimex niob nioz nki nlbb nlbc nlr nluug sub-dom: nmi nota nrv ns nuclint nucphys nwo sub-dom: oba obdov obr obtilburg oce oceonics olivetti open-i oracle origin ouh sub-dom: pact parcom pbf pecoma pggm philips pica positronika prismia propell sub-dom: prvnh psyline ptt pttnwb pttrnl sub-dom: q8 sub-dom: rabo radix raet rare rcc-ivev rdm repko rgd rhg rhij rigo rijnh riks sub-dom: rivm rodelco rtm rug rulimburg ruu rvb rws sub-dom: sagan sara scp serc sgi sierra signaal skferc source spc spex stam stc sub-dom: stegge stork stw suaa sun surfbureau surfdiensten surfnet suub svo swets sub-dom: swidoc swov syllogic sub-dom: tasking technolution term1 thijssen thu-k tmu tno tpsc transfer sub-dom: translogic trc trendbox tudelft tue txbase sub-dom: uniface unisys univforhuman usn utwente uva sub-dom: valkieser vdl vdvalk vimec vmx vsnu vu sub-dom: wau west wkap wldelft wlink wmt wsf sub-dom: xelion xirion sub-dom: y-net yaupon remarks: fully-managed changed: piet at cwi.nl 930303 source: RIPE From Algirdas.Pakstas at idt.unit.no Fri Mar 19 16:56:50 1993 From: Algirdas.Pakstas at idt.unit.no (Dr Algirdas Pakstas) Date: Fri, 19 Mar 93 16:56:50 +0100 Subject: Use of RIPE DNS registration form In-Reply-To: Your message of "Fri, 19 Mar 93 16:41:41 +0100." <9303191541.AA07513@ncc.ripe.net> Message-ID: <199303191556.AA20998@loke.idt.unit.no> >I kind of like it to do the thing below, and not having to "agrep" through >the complete database. > >-Marten > >% whois nl > Of course, it is good example, but it seems that NL domain is more exception than rule. Other domains are usually described very poor. -- Algirdas From Marten.Terpstra at ripe.net Mon Mar 22 09:49:49 1993 From: Marten.Terpstra at ripe.net (Marten Terpstra) Date: Mon, 22 Mar 93 09:49:49 +0100 Subject: Blocks in 193.in-addr.arpa domain document Message-ID: <9303220849.AA11902@ncc.ripe.net> Folks, Here's the updated document. I was planning on sending this out over the weekend, but forgot the modem cable ;-( Anyway, let's see if we can get agreement on this. Please note that the database specific things I do not want to spend too much on, this should be done at the RIPE meeting. A few more days to comment. Want to start delegating blocks end of the week, and during next week (although I will be at the IETF). -Marten Guidelines for the delegation of class C blocks in the 193.in-addr.arpa domain Marten Terpstra March 1993 V1.1 Introduction This document describes the procedures for the delegation of authority of zones in the 193.in-addr.arpa domain. As of March 16th 1993 the RIPE NCC has been delegated the authority for the 193.in-addr.arpa domain from the root. Due to the fact that in the 193.x.y address space blocks of 256 class C network numbers are further delegated to local registries and national registries, the possibility exists to also delegate the zone for these blocks in the 193.in-addr.arpa domain. This document describes some guidelines and procedures for this type of delegation. A bit more explained With the assignment of class C network numbers following the CIDR (RFC 1338) model, in which large chunks of the address space are delegated to one region, and within that region blocks of class C network numbers are delegated to service providers and national registries, some hierarchy in the address space is created, similar to the hierarchy in the domain name space. Due to this hierarchy the reverse Domain Name System mapping can also be delegated in a similar model as used for the normal Domain Name System. For instance, the RIPE NCC has been delegated the complete class C address space starting with 193. It is therefore possible to delegate the 193.in-addr.arpa domain completely to the RIPE NCC, in stead of each and every reverse mapping in the 193.in-addr.arpa domain to be registered with the INTERNIC. This implies that all 193.in-addr.arpa resistrations will be done by the RIPE NCC. Even better, since service providers receive complete class C network blocks from the RIPE NCC, the RIPE NCC can delegate the reverse registrations for such complete blocks to these local registries. This implies that customers of these service providers no longer have to register their reverse domain mapping with the root, but the service provider have authority over that part of the reverse mapping. This decreases the workload on the INTERNIC and the RIPE NCC, and at the same time increase the service a provider can offer its customers and response times for such additions. However there are some things that need to be examined a bit more closely to avoid confusion and inconsistencies. These issues are covered in the next section. Procedures 1. A secondary nameserver at ns.ripe.net is mandatory for all blocks of class C network numbers delegated in the 193.in-addr.arpa domain. 2. Because of the increasing importance of correct reverse address mapping, for all delegated blocks a good set of secondaries must be defined. There should be at least 2 nameservers for all blocks delegated, excluding the RIPE NCC secondary. 3. The delegation of a class C block in the 193.in-addr.arpa domain can be requested by sending in a domain object for the RIPE database to with all necessary contact and nameserver information. The RIPE NCC will then forward all current reverse zones inside this block to the registry, and after addition by the registry, the NCC will check the working of the reverse server. Once everything is setup properly, the NCC will delegate the block, and submit the database object for inclusion in the database. An example domain object can be at the end of this document. 4. All reverse servers for blocks must be reachable from the whole of the Internet. In short, all servers must meet similar connectivity requirements as top-level domain servers. 5. Running the reverse server for class C blocks does not imply that one controls that part of the reverse domain, it only implies that one administers that part of the reverse domain. 6. Before adding individual nets, the administrator of a reverse domain must check wether all servers to be added for these nets are indeed setup properly. 7. There are some serious implications when a customer of a service provider that uses address space out of the service provider class C blocks, moves to another service provider. The service provider cannot force its ex-customer to change network addresses, and will have to continue to provide the appropriate delegation records for reverse mapping of these addresses, even though it is no longer a customer of his. 8. The registration of the reverse zones for individual class C networks will usually be done by the registry administering the class C block this network has been assigned from. The registry will make the necessary changes to the zone, and update the network objects in the RIPE database for these networks, to reflect the correct "rev-srv" fields. In case the RIPE NCC receives a request for the reverse zone of an individual class C network out of a block that has been delegated, the request will be forwarded to the zone contact for this reverse block. Above procedures are defined to ensure the necessary high availability for the 193 reverse domains, and to minimize confusion. The NCC will ensure fast repsonse times for addition requests, and will in principle update the 193.in-addr.arpa domain at least once per working day. The NCC also suggests that similar procedures are set up for the delegation of reverse zones from the registries to individual organisations. Example domain object to request a block delegation domain: 202.193.in-addr.arpa descr: Pan European Organisations class C block admin-c: Daniel Karrenberg tech-c: Marten Terpstra zone-c: Marten Terpstra nserver: ns.eu.net nserver: sunic.sunet.se nserver: ns.ripe.net changed: marten at ripe.net 930319 source: RIPE From bonito at nis.garr.it Tue Mar 23 18:56:07 1993 From: bonito at nis.garr.it (Antonio_Blasco Bonito) Date: Tue, 23 Mar 93 18:56:07 MET Subject: Blocks in 193.in-addr.arpa domain document In-Reply-To: <9303220849.AA11902@ncc.ripe.net>; from "Marten Terpstra" at Mar 22, 93 9:49 am Message-ID: <9303231756.AA08801@jolly.nis.garr.it> > > > Folks, > > Here's the updated document. I was planning on sending this out over the > weekend, but forgot the modem cable ;-( Anyway, let's see if we can get > agreement on this. Please note that the database specific things I do not > want to spend too much on, this should be done at the RIPE meeting. > > A few more days to comment. Want to start delegating blocks end of the week, > and during next week (although I will be at the IETF). Sorry, but I think the document is still missing some detail. Altough implicit I think it should clearly say that delegation can be done either for each single class-C net or for a 256-block. Unfortunately no delegation is possible for smaller blocks. > 8. The registration of the reverse zones for individual class C networks > will usually be done by the registry administering the class C block > this network has been assigned from. The registry will make the > necessary changes to the zone, and update the network objects in the > RIPE database for these networks, to reflect the correct "rev-srv" > fields. In case the RIPE NCC receives a request for the reverse zone of > an individual class C network out of a block that has been delegated, > the request will be forwarded to the zone contact for this reverse > block. OK, but it is not said how the RIPE-NCC should receive (in a network template?) a request for a network belonging to a block which has not been delegated to any local registry and what happens then. Suppose you get: inetnum: 193.204.64.0 - 193.204.67.0 rev-srv: rev-srv: But server1 and server2 only have data for 64.204.193.in-addr.arpa. because the remaining three nets in the block are not yet active. What will you do? > Above procedures are defined to ensure the necessary high availability for > the 193 reverse domains, and to minimize confusion. The NCC will ensure fast > repsonse times for addition requests, and will in principle update the > 193.in-addr.arpa domain at least once per working day. > > The NCC also suggests that similar procedures are set up for the delegation > of reverse zones from the registries to individual organisations. I think this sentence should be expanded/clarified: no block delegation is possible from a local registry to individual organization, only single networks are under a 256-block. > > Example domain object to request a block delegation > > domain: 202.193.in-addr.arpa > descr: Pan European Organisations class C block > admin-c: Daniel Karrenberg > tech-c: Marten Terpstra > zone-c: Marten Terpstra > nserver: ns.eu.net > nserver: sunic.sunet.se > nserver: ns.ripe.net > changed: marten at ripe.net 930319 > source: RIPE > ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito at nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 (50) 593246 Via S. Maria, 36 Telex: 500371 CNUCE I 56126 PISA Italy Fax: +39 (50) 904052 ---------- ---------- From Marten.Terpstra at ripe.net Wed Mar 24 12:03:09 1993 From: Marten.Terpstra at ripe.net (Marten Terpstra) Date: Wed, 24 Mar 93 12:03:09 +0100 Subject: Blocks in 193.in-addr.arpa domain document In-Reply-To: Your message of Tue, 23 Mar 93 18:56:07 +0700. <9303231756.AA08801@jolly.nis.garr.it> Message-ID: <9303241103.AA18700@ncc.ripe.net> bonito at nis.garr.it (Antonio_Blasco Bonito) writes: * > * * Sorry, but I think the document is still missing some detail. * Altough implicit I think it should clearly say that delegation can be * done either for each single class-C net or for a 256-block. Unfortunately * no delegation is possible for smaller blocks. No need to be sorry, this is what comment periods are for ;-) I will only put in that this document deals with the 256 class C delegation. As you can make up from the title, this only deals with blocks delegations, not with single C delegations. We have to write a short document how we handle single class C delegations (probably just a description that we will use the rev-srv fields. * > 8. The registration of the reverse zones for individual class C networks * > will usually be done by the registry administering the class C block * > this network has been assigned from. The registry will make the * > necessary changes to the zone, and update the network objects in the * > RIPE database for these networks, to reflect the correct "rev-srv" * > fields. In case the RIPE NCC receives a request for the reverse zone of * > an individual class C network out of a block that has been delegated, * > the request will be forwarded to the zone contact for this reverse * > block. * OK, but it is not said how the RIPE-NCC should receive (in a network templat * e?) * a request for a network belonging to a block which has not been delegated to * any local registry and what happens then. * Suppose you get: * inetnum: 193.204.64.0 - 193.204.67.0 * * rev-srv: * rev-srv: * But server1 and server2 only have data for 64.204.193.in-addr.arpa. because * the remaining three nets in the block are not yet active. * What will you do? My gut feeling would be we add them anyway. If the nets are not yet active, there is probably no need to do reverse lookups anyway, so noone would notice. On the other hand this would clash with the constraint that we would like to see all servers working before we add them ... I think we can put some intelligence in the rev-srv field to DNS record generator to get around these things. Daniel ? * > Above procedures are defined to ensure the necessary high availability for * > the 193 reverse domains, and to minimize confusion. The NCC will ensure fa * st * > repsonse times for addition requests, and will in principle update the * > 193.in-addr.arpa domain at least once per working day. * > * > The NCC also suggests that similar procedures are set up for the delegatio * n * > of reverse zones from the registries to individual organisations. * I think this sentence should be expanded/clarified: no block delegation is * possible from a local registry to individual organization, only single * networks are under a 256-block. OK, has been changed to: The NCC also suggests that similar procedures are set up for the delegation of reverse zones for individual class C networks from the registries to individual organisations. From Daniel.Karrenberg at ripe.net Wed Mar 24 13:32:25 1993 From: Daniel.Karrenberg at ripe.net (Daniel Karrenberg) Date: Wed, 24 Mar 93 13:32:25 +0100 Subject: Blocks in 193.in-addr.arpa domain document In-Reply-To: Your message of Wed, 24 Mar 93 12:03:09 +0100. <9303241103.AA18700@ncc.ripe.net> Message-ID: <9303241232.AA18931@ncc.ripe.net> > Marten Terpstra writes: > * Suppose you get: > * inetnum: 193.204.64.0 - 193.204.67.0 > * > * rev-srv: > * rev-srv: > * But server1 and server2 only have data for 64.204.193.in-addr.arpa. beca > use > * the remaining three nets in the block are not yet active. > * What will you do? > > My gut feeling would be we add them anyway. If the nets are not yet active, > there is probably no need to do reverse lookups anyway, so noone would > notice. On the other hand this would clash with the constraint that we woul > d > like to see all servers working before we add them ... I think we can put > some intelligence in the rev-srv field to DNS record generator to get aroun > d > these things. Daniel ? We could but the standard answer of course is: Multiple networks can only be folded into one RIPE DB object if all their attributes are the same. So either the reverse servers are up, or there need to be two objects: 193.204.64 and 192.204.65 - 192.204.67. Daniel From Marten.Terpstra at ripe.net Thu Mar 25 11:02:07 1993 From: Marten.Terpstra at ripe.net (Marten Terpstra) Date: Thu, 25 Mar 93 11:02:07 +0100 Subject: 193.in-addr.arpa procedures V1.3 Message-ID: <9303251002.AA22167@ncc.ripe.net> Folks, One last go. I think we folded in most of the comments from Blaso and others. We have included the procedures for single class C reverse zones, not via block zones. We are already doing our first trials with block delegations, all seems to work fine. Please let's get this document accepted and delegate these blocks. -Marten Guidelines for the delegation of zones in the 193.in-addr.arpa domain Marten Terpstra March 1993 V1.3 Introduction This document describes the procedures for the delegation of authority of zones in the 193.in-addr.arpa domain. As of March 16th 1993 the RIPE NCC has been delegated the authority for the 193.in-addr.arpa domain from the root. Due to the fact that in the 193.x.y address space blocks of 256 class C network numbers are further delegated to local registries , the possibility exists to also delegate the zone for these blocks in the 193.in-addr.arpa domain. This document describes some guidelines and procedures for this type of delegation and the delegation of reverse zones for individual class C networks in 193.x.y. A bit more explained With the assignment of class C network numbers following the CIDR (RFC 1338) model, in which large chunks of the address space are delegated to one region, and within that region blocks of class C network numbers are delegated to service providers and non-provider registries, some hierarchy in the address space is created, similar to the hierarchy in the domain name space. Due to this hierarchy the reverse Domain Name System mapping can also be delegated in a similar model as used for the normal Domain Name System. For instance, the RIPE NCC has been assigned the complete class C address space starting with 193. It is therefore possible to delegate the 193.in-addr.arpa domain completely to the RIPE NCC, instead of each and every reverse mapping in the 193.in-addr.arpa domain to be registered with the INTERNIC. This implies that all 193.in-addr.arpa resistrations will be done by the RIPE NCC. Even better, since service providers receive complete class C network blocks from the RIPE NCC, the RIPE NCC can delegate the reverse registrations for such complete blocks to these local registries. This implies that customers of these service providers no longer have to register their reverse domain mapping with the root, but the service provider have authority over that part of the reverse mapping. This decreases the workload on the INTERNIC and the RIPE NCC, and at the same time increase the service a provider can offer its customers by improve response times for reverse mapping changes . However there are some things that need to be examined a bit more closely to avoid confusion and inconsistencies. These issues are covered in the next section. Procedures for the delegation of direct subdomains of 193.in-addr.arpa 1. A secondary nameserver at ns.ripe.net is mandatory for all blocks of class C network numbers delegated in the 193.in-addr.arpa domain. 2. Because of the increasing importance of correct reverse address mapping, for all delegated blocks a good set of secondaries must be defined. There should be at least 2 nameservers for all blocks delegated, excluding the RIPE NCC secondary. 3. The delegation of a class C block in the 193.in-addr.arpa domain can be requested by sending in a domain object for the RIPE database to with all necessary contact and nameserver information. The RIPE NCC will then forward all current reverse zones inside this block to the registry, and after addition of these by the registry, the NCC will check the working of the reverse server. Once everything is setup properly, the NCC will delegate the block, and submit the database object for inclusion in the database. An example domain object can be found at the end of this document. 4. All reverse servers for blocks must be reachable from the whole of the Internet. In short, all servers must meet similar connectivity requirements as top-level domain servers. 5. Running the reverse server for class C blocks does not imply that one controls that part of the reverse domain, it only implies that one administers that part of the reverse domain. 6. Before adding individual nets, the administrator of a reverse domain must check wether all servers to be added for these nets are indeed setup properly. 7. There are some serious implications when a customer of a service provider that uses address space out of the service provider class C blocks, moves to another service provider. The previous service provider cannot force its ex-customer to change network addresses, and will have to continue to provide the appropriate delegation records for reverse mapping of these addresses, even though it they are no longer belonging to a customer. 8. The registration of the reverse zones for individual class C networks will usually be done by the registry administering the class C block this network has been assigned from. The registry will make the necessary changes to the zone, and update the network objects in the RIPE database for these networks, to reflect the correct "rev-srv" fields. In case the RIPE NCC receives a request for the reverse zone of an individual class C network out of a block that has been delegated, the request will be forwarded to the zone contact for this reverse block. Above procedures are defined to ensure the necessary high availability for the 193 reverse domains, and to minimize confusion. The NCC will ensure fast repsonse times for addition requests, and will in principle update the 193.in-addr.arpa domain at least once per working day. Example domain object to request a block delegation domain: 202.193.in-addr.arpa descr: Pan European Organisations class C block admin-c: Daniel Karrenberg tech-c: Marten Terpstra zone-c: Marten Terpstra nserver: ns.eu.net nserver: sunic.sunet.se nserver: ns.ripe.net changed: marten at ripe.net 930319 source: RIPE Procedures for the delegation of individual network zones The registration of the reverse zones for individual class C networks will usually be done by the registry administering the class C block this network has been assigned from. In case the zone corresponding to the class C block has not been delegated, the RIPE NCC will automatically add the reverse nameserver as specified in the "rev-srv" attribute of the RIPE database object for this network, using the following procedures: 1. Because of the increasing importance of correct reverse address mapping, for all delegated networks a good set of secondaries must be defined. There should be at least two nameservers for all networks delegated. 2. The "rev-srv" field should ONLY contain one fully qualified domain name of a nameserver which is authoritative for the reverse zone for this network. 3. At least two reverse servers must be reachable from the whole of the Internet. In short, these servers must meet similar connectivity requirements as top-level domain servers. 4. The checking and addition of the reverse zones for single networks is completely automated at the RIPE NCC. Although we do our best to check the setup of the nameservers, these does not receive the same level of scrutiny as nameservers for blocks of class C network numbers. It is the responsibility of the network contacts to ensure proper operation. 5. Any problems regarding the reverse zones in 193.in-addr.arpa should be directed to . The NCC also suggests that similar procedures are set up for the delegation of reverse zones for individual class C networks from the registries to individual organisations. From rv at deins.informatik.uni-dortmund.de Thu Mar 25 11:57:35 1993 From: rv at deins.informatik.uni-dortmund.de (rv at deins.informatik.uni-dortmund.de) Date: Thu, 25 Mar 93 11:57:35 N Subject: 193.in-addr.arpa procedures V1.3 In-Reply-To: Your message of Thu, 25 Mar 93 11:02:07 +0100. <9303251002.AA22167@ncc.ripe.net> Message-ID: <9303251057.AA29123@meins.informatik.uni-dortmund.de> Hi Marten, > One last go. I think we folded in most of the comments from Blaso and others. In general looks fine. There is one point where I ould make use of a bit more options. I have been working on how to use the data base to generate some parts of my name server configuration (and in particular preparing for this by inserting *rev-srv: fields in quite a number of records). > 2. The "rev-srv" field should ONLY contain one fully qualified domain > name of a nameserver which is authoritative for the reverse zone for > this network. I suggest to change the rule here slightly; I would find it useful to allow the single domain name to be followed by optional dotted-quad IP address(es) that can be used as glue. Sure, reverse mapping zones never should carry glue records - but the addresses are needed for generating named.boot on secondaries, and I see cases where I would like to have the address[es] from the data base. However please note, I'm saying "CAN be used" not "will/should/are"! Also I assume you are quietly implying (a) that the primary server will be listed first, or rather that secondaries configured automatically out of the data base will hook up to the first listed server as their source (b) that the database software will keep the relative order of fields with the same tag. Assumptions/assertions like these need to be made explicit. BTW the rules for "rev-srv:" and "nserver:" should be the same; however I think the proposed new rules for "nserver:" differ from documented rules - but IMHO make **much** more sense (for a long time I intended to suggest changing the rules in this direction). BTW, I will not be able to reformat my "segment" of the database according to the new rules before leaving for Columbus (though I'm quite well prepared for such tasks). Cheers, Ruediger Ruediger Volk Universitaet Dortmund, Informatik IRB DE-NIC Postfach 500 500 D-W-4600 Dortmund 50 Germany E-Mail: rv at Informatik.Uni-Dortmund.DE Phone: +49 231 755 4760 Fax: +49 231 755 2386 From bonito at nis.garr.it Thu Mar 25 18:29:04 1993 From: bonito at nis.garr.it (Antonio_Blasco Bonito) Date: Thu, 25 Mar 93 18:29:04 MET Subject: 193.in-addr.arpa procedures V1.3 In-Reply-To: <9303251002.AA22167@ncc.ripe.net>; from "Marten Terpstra" at Mar 25, 93 11:02 am Message-ID: <9303251729.AA17389@jolly.nis.garr.it> > > > Folks, > > One last go. I think we folded in most of the comments from Blaso and others. > We have included the procedures for single class C reverse zones, not via > block zones. > > We are already doing our first trials with block delegations, all seems to > work fine. Please let's get this document accepted and delegate these blocks. Sorry for this late comment, but it has come now to my mind: I think it would be wise to include recommended values for SOA fields (refresh, retry, etc). This could save problems to ns.ripe.net when acting as secondary. Blasco From Marten.Terpstra at ripe.net Fri Mar 26 14:30:58 1993 From: Marten.Terpstra at ripe.net (Marten Terpstra) Date: Fri, 26 Mar 93 14:30:58 +0100 Subject: 193.in-addr.arpa procedures V1.3 In-Reply-To: Your message of Thu, 25 Mar 93 18:29:04 +0700. <9303251729.AA17389@jolly.nis.garr.it> Message-ID: <9303261330.AA26493@ncc.ripe.net> bonito at nis.garr.it (Antonio_Blasco Bonito) writes: * > * > * > Folks, * > * > One last go. I think we folded in most of the comments from Blaso and othe * rs. * > We have included the procedures for single class C reverse zones, not via * > block zones. * > * > We are already doing our first trials with block delegations, all seems to * > work fine. Please let's get this document accepted and delegate these bloc * ks. * * Sorry for this late comment, but it has come now to my mind: * I think it would be wise to include recommended values for SOA fields * (refresh, retry, etc). This could save problems to ns.ripe.net * when acting as secondary. What do you think recommended values are ? I know have for everything in 193.in-addr.arpa: @ IN SOA ns.ripe.net. hostmaster.ripe.net. ( 1.20 ; Serial 14400 ; Refresh 4 hours 3600 ; Retry 1 hours 604800 ; Expire 7 days 518400 ; TTL 6 days ) which in my view is reasonable, since these things (just delegations) do not change too often. For the actual class C zones, we have for 45.87.192.in-addr.arpa (RIPE NCC net): @ IN SOA ns.ripe.net. hostmaster.ripe.net. ( 1.4 ; Serial 28800 ; Refresh 8 hours 7200 ; Retry 2 hours 604800 ; Expire 7 days 86400 ; Minimum 1 day ) Are these fine to be recommended ? -Marten From bonito at nis.garr.it Mon Mar 29 15:41:44 1993 From: bonito at nis.garr.it (Antonio_Blasco Bonito) Date: Mon, 29 Mar 93 15:41:44 MET DST Subject: 193.in-addr.arpa procedures V1.3 In-Reply-To: <9303261330.AA26493@ncc.ripe.net>; from "Marten Terpstra" at Mar 26, 93 2:30 pm Message-ID: <9303291341.AA25803@jolly.nis.garr.it> > > > bonito at nis.garr.it (Antonio_Blasco Bonito) writes: > * > > * > > * > Folks, > * > > * > One last go. I think we folded in most of the comments from Blaso and othe > * rs. > * > We have included the procedures for single class C reverse zones, not via > * > block zones. > * > > * > We are already doing our first trials with block delegations, all seems to > * > work fine. Please let's get this document accepted and delegate these bloc > * ks. > * > * Sorry for this late comment, but it has come now to my mind: > * I think it would be wise to include recommended values for SOA fields > * (refresh, retry, etc). This could save problems to ns.ripe.net > * when acting as secondary. > > What do you think recommended values are ? I know have for everything in > 193.in-addr.arpa: > > @ IN SOA ns.ripe.net. hostmaster.ripe.net. > ( > 1.20 ; Serial > 14400 ; Refresh 4 hours > 3600 ; Retry 1 hours > 604800 ; Expire 7 days > 518400 ; TTL 6 days > ) > > which in my view is reasonable, since these things (just delegations) do not > change too often. For the actual class C zones, we have for > 45.87.192.in-addr.arpa (RIPE NCC net): > > @ IN SOA ns.ripe.net. hostmaster.ripe.net. > ( > 1.4 ; Serial > 28800 ; Refresh 8 hours > 7200 ; Retry 2 hours > 604800 ; Expire 7 days > 86400 ; Minimum 1 day > ) > > Are these fine to be recommended ? > > -Marten > I think the following could be reasonable values and rules to recommended. Refresh and retry have a direct impact on how much ns.ripe.net will have to do when acting as secondary for delegated 256-Cblocks. Maybe Piet Berteema has something more to say on this subject. ( yymmddv ; Serial 28800 ; Refresh 8 hours 3600 ; Retry 1 hour 604800 ; Expire 7 days 172800 ; Default TTL 2 days ) where yyddmmv is the recommended way to hold the update serial number with yy being the two-digit year number (to become four-digits on year 2000) mm being the two-digit month number dd being the two-digit day number v being a one digit serial number ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito at nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 (50) 593246 Via S. Maria, 36 Telex: 500371 CNUCE I 56126 PISA Italy Fax: +39 (50) 904052 ---------- ---------- From Piet.Beertema at cwi.nl Mon Mar 29 16:11:55 1993 From: Piet.Beertema at cwi.nl (Piet Beertema) Date: Mon, 29 Mar 1993 16:11:55 +0200 Subject: 193.in-addr.arpa procedures V1.3 In-Reply-To: Your message of Mon, 29 Mar 93 15:41:44 MET DST . <9303291341.AA25803@jolly.nis.garr.it> Message-ID: <9303291411.AA00571=piet@kraai.cwi.nl> > What do you think recommended values are ? I know have for everything > in 193.in-addr.arpa: > > @ IN SOA ns.ripe.net. hostmaster.ripe.net. > ( > 1.20 ; Serial > 14400 ; Refresh 4 hours > 3600 ; Retry 1 hours > 604800 ; Expire 7 days > 518400 ; TTL 6 days > ) > > which in my view is reasonable, since these things (just delegations) > do not change too often. For the actual class C zones, we have for > 45.87.192.in-addr.arpa (RIPE NCC net): > > @ IN SOA ns.ripe.net. hostmaster.ripe.net. > ( > 1.4 ; Serial > 28800 ; Refresh 8 hours > 7200 ; Retry 2 hours > 604800 ; Expire 7 days > 86400 ; Minimum 1 day > ) > > Are these fine to be recommended ? > > -Marten > I think the following could be reasonable values and rules to recommended. Refresh and retry have a direct impact on how much ns.ripe.net will have to do when acting as secondary for delegated 256-Cblocks. Maybe Piet Berteema has something more to say on this subject. For the real name of the sender see the From: line... ;-) ( yymmddv ; Serial 28800 ; Refresh 8 hours 3600 ; Retry 1 hour 604800 ; Expire 7 days 172800 ; Default TTL 2 days ) where yyddmmv is the recommended way to hold the update serial number - Serial: I can't recommend a specific format for the Serial, since what people choose for it depends amongst other things on the means they use to maintain the zone file. As long as: - the Serial is incremented with each change, - the Serial doesn't become too large (after conversion to an integer when maintained in dotted decimal notation) so it becomes negative on queries and on secondaries, it's all fine with me. - Refresh: 8 hours is fine with me; for 193.in-addr.arpa itself 1 day would even be enough. - Retry: could be 2 hours, to be brought down in case of lousy connectivity, but I'd say not less than 30 mins. - Expire: 7 days is fine, but for 193.in-addr.arpa I'd suggest to raise it to 30 days. - Default TTL: depends on how frequent the expected changes are; anywhere between 1 day ("subdomain") and 7 days (193.in-addr) should be fine. Piet