From andrei at ripe.net Mon Aug 2 19:42:58 2004 From: andrei at ripe.net (Andrei Robachevsky) Date: Mon, 02 Aug 2004 19:42:58 +0200 Subject: [dns-wg] IPv6 access to K-root Message-ID: <410E7D22.70904@ripe.net> Colleagues, K-root server has now IPv6 transport enabled. k.root-servers.net. AAAA 2001:7fd::1 A 193.0.14.129 This information is also available from www.root-servers.org webiste. Regards, Andrei Robachevsky RIPE NCC From andrei at ripe.net Tue Aug 3 06:06:55 2004 From: andrei at ripe.net (Andrei Robachevsky) Date: Tue, 03 Aug 2004 06:06:55 +0200 Subject: [dns-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <20040803032147.GA40146@kb.pinguino.dk> References: <410E7D22.70904@ripe.net> <20040803032147.GA40146@kb.pinguino.dk> Message-ID: <410F0F5F.40503@ripe.net> Hi Robert, Robert Martin-Leg?ne wrote: [...] > And.. do you consider to get this into the root-servers.net zone itself? > I suppose it would then actually get picked up as a glue and upset > conservative parties? (but it might make the root v6-reachable - except > at bootstrap). > Definitely. And not only in the root-servers.net but also in the hints file and in the root zone itself. And not only for K, but for all other root servers that have IPv6 transport enabled. But as we know it's more complex than just updating relevant files. This requires careful consideration of possible technical issues, so that RSSAC can provide clear recommendations to IANA. As far as I know this work in underway. > And finally, why is it that k.root-servers.net and k.root-servers.org > has different IPv4-addresses? > The first one is the server itself, the second is the website containing information about K. > -- Robert Martin-Legene > DK Hostmaster Regards, Andrei -- Andrei Robachevsky RIPE NCC From iljitsch at muada.com Mon Aug 2 20:23:27 2004 From: iljitsch at muada.com (Iljitsch van Beijnum) Date: Mon, 2 Aug 2004 20:23:27 +0200 Subject: [dns-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <410E7D22.70904@ripe.net> References: <410E7D22.70904@ripe.net> Message-ID: <0C757F5E-E4B1-11D8-805E-000A95CD987A@muada.com> On 2-aug-04, at 19:42, Andrei Robachevsky wrote: > K-root server has now IPv6 transport enabled. That's nice, but the first thing any DNS server does on startup is: > host -t ns -v . 2001:7fd::1 Using domain server 2001:7fd::1: rcode = 0 (Success), ancount=13 The following answer is not verified as authentic by the server: . 518400 IN NS a.root-servers.net . 518400 IN NS h.root-servers.net . 518400 IN NS c.root-servers.net . 518400 IN NS g.root-servers.net . 518400 IN NS f.root-servers.net . 518400 IN NS b.root-servers.net . 518400 IN NS j.root-servers.net . 518400 IN NS k.root-servers.net . 518400 IN NS l.root-servers.net . 518400 IN NS m.root-servers.net . 518400 IN NS i.root-servers.net . 518400 IN NS e.root-servers.net . 518400 IN NS d.root-servers.net Additional information: a.root-servers.net 3600000 IN A 198.41.0.4 h.root-servers.net 3600000 IN A 128.63.2.53 c.root-servers.net 3600000 IN A 192.33.4.12 g.root-servers.net 3600000 IN A 192.112.36.4 f.root-servers.net 3600000 IN A 192.5.5.241 b.root-servers.net 3600000 IN A 192.228.79.201 j.root-servers.net 3600000 IN A 192.58.128.30 k.root-servers.net 3600000 IN A 193.0.14.129 l.root-servers.net 3600000 IN A 198.32.64.12 m.root-servers.net 3600000 IN A 202.12.27.33 i.root-servers.net 3600000 IN A 192.36.148.17 e.root-servers.net 3600000 IN A 192.203.230.10 d.root-servers.net 3600000 IN A 128.8.10.90 ...and then we're back in v4 land again. From robert at dk-hostmaster.dk Tue Aug 3 05:21:48 2004 From: robert at dk-hostmaster.dk (Robert =?iso-8859-1?Q?Martin-Leg=E8ne?=) Date: Tue, 3 Aug 2004 05:21:48 +0200 Subject: [dns-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <410E7D22.70904@ripe.net> References: <410E7D22.70904@ripe.net> Message-ID: <20040803032147.GA40146@kb.pinguino.dk> On Mon, Aug 02, 2004 at 07:42:58PM +0200, Andrei Robachevsky wrote: > k.root-servers.net. AAAA 2001:7fd::1 > A 193.0.14.129 Hi Andrei. This is good news. Just out of curiousity.. what is at 2001:7fd::0 ? ^ And.. do you consider to get this into the root-servers.net zone itself? I suppose it would then actually get picked up as a glue and upset conservative parties? (but it might make the root v6-reachable - except at bootstrap). And finally, why is it that k.root-servers.net and k.root-servers.org has different IPv4-addresses? -- Robert Martin-Legene DK Hostmaster From pim at ipng.nl Tue Aug 3 09:00:31 2004 From: pim at ipng.nl (Pim van Pelt) Date: Tue, 3 Aug 2004 09:00:31 +0200 Subject: [dns-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <20040803032147.GA40146@kb.pinguino.dk> References: <410E7D22.70904@ripe.net> <20040803032147.GA40146@kb.pinguino.dk> Message-ID: <20040803070031.GA19672@bfib.colo.bit.nl> Hi, | Just out of curiousity.. what is at 2001:7fd::0 ? It's most probably a router anycast, which is the lowest possible IPv6 address in a given segment. I've forgotten the document that specifies this, but afaik most operating systems today use it when forwarding is turned on. -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim at ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From iljitsch at muada.com Tue Aug 3 11:28:05 2004 From: iljitsch at muada.com (Iljitsch van Beijnum) Date: Tue, 3 Aug 2004 11:28:05 +0200 Subject: [dns-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <20040803070031.GA19672@bfib.colo.bit.nl> References: <410E7D22.70904@ripe.net> <20040803032147.GA40146@kb.pinguino.dk> <20040803070031.GA19672@bfib.colo.bit.nl> Message-ID: <6C6BEF3E-E52F-11D8-805E-000A95CD987A@muada.com> On 3-aug-04, at 9:00, Pim van Pelt wrote: > | Just out of curiousity.. what is at 2001:7fd::0 ? > It's most probably a router anycast, which is the lowest possible IPv6 > address in a given segment. I've forgotten the document that specifies > this, RFC 3513 section 2.6.1. > but afaik most operating systems today use it when forwarding is > turned on. But Real Routers (tm) don't. :-) From jim at rfc1035.com Thu Aug 5 04:09:52 2004 From: jim at rfc1035.com (Jim Reid) Date: Thu, 05 Aug 2004 03:09:52 +0100 Subject: [dns-wg] agenda items for RIPE49 Message-ID: <28620.1091671792@gromit.rfc1035.com> It's that time of year again.... The next RIPE meeting is 6 weeks away (more or less). So I'd like to invite contributions and suggestions for agenda items for the WG. Please reply to dns-wg-chair at ripe.net by Sept 6th. We usually get the agenda finalised 2 weeks before the WG, so it may not be possible to include items received after that date. Your WG co-chairs will try to accommodate last-minute additions, though it makes our job easier if this doesn't have to be done. Thanks. From challam at sdl.com Fri Aug 20 11:31:11 2004 From: challam at sdl.com (Chris Hallam) Date: Fri, 20 Aug 2004 18:31:11 +0900 Subject: [dns-wg] Reverse DNS at the Host Level? Message-ID: <058E4C246CF26940A5D5EE0E3AE84755B0797F@tokyomail1.sdlintl.com> Hello, As an LIR, we have reverse DNS entries in the RIPE database for all of our ranges at the x.x.x.in-addr.arpa level, but I was wondering if it was possible to create an entry at the host level for a specific IP address? We have an issue where mail from one of our mail servers may be being blocked due to host level reverse IP lookups failing. Any thoughts or advise would be appreciated. Chris Hallam Regional IT Manager - Asia SDL Japan Kabushiki Kaisha Meguro Higashiyama Building 4th Floor 1-4-4 Higashiyama, Meguro Ku Tokyo, 153-0043 ?????????????????? 153-0043 ???????? 1-4-4 ?????? 4? challam at sdl.com Telephone 00 81 (0)3 5720 2873 Fax 00 81 (0)3 5720 2592 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. ********************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: From jim at rfc1035.com Fri Aug 20 15:29:16 2004 From: jim at rfc1035.com (Jim Reid) Date: Fri, 20 Aug 2004 14:29:16 +0100 Subject: [dns-wg] Reverse DNS at the Host Level? In-Reply-To: Message from Chris Hallam of "Fri, 20 Aug 2004 18:31:11 +0900." <058E4C246CF26940A5D5EE0E3AE84755B0797F@tokyomail1.sdlintl.com> Message-ID: <25594.1093008556@gromit.rfc1035.com> >>>>> "Chris" == Chris Hallam writes: Chris> As an LIR, we have reverse DNS entries in the RIPE database Chris> for all of our ranges at the x.x.x.in-addr.arpa level, but Chris> I was wondering if it was possible to create an entry at Chris> the host level for a specific IP address? Of course. That is the whole point of reverse delegations under in-addr.arpa. You really should populate those zones with PTR records for the active IP addresses. As you seem to have found out the hard way, some things won't work as expected when reverse DNS doesn't work. :-) For instance many mail servers won't accept SMTP sessions from hosts with no reverse DNS: it's usually a strong indication of a spam source. Chris> We have an issue where mail from one of our mail servers Chris> may be being blocked due to host level reverse IP lookups Chris> failing. You didn't give any information that would have helped someone to help you, like the IP address of the mail server or the appropriate LIR assignment for that IP address. Once an LIR has been given an assignment, it should fill in the reverse delegation templates and send them to the RIR. Once they've been checked, the RIR will delegate the corresponding reverse DNS zones to the LIR. They can then be populated by the LIR (or perhaps by its customers) so that reverse lookups of their IP addresses work. That's the broad picture. For more detail, you would need to provide more information. But probably not in this list... Looking at the headers on your posting, it appears to be there's a problem with reverse lookups of 221.249.105.84. Is this the address of the mail server that you're talking about? The reverse name for this IP address is 84.105.249.221.in-addr.arpa. This is a CNAME pointing at 84.80/29.105.249.221.in-addr.arpa. The 105.249.221.in-addr.arpa zone delegates 80/29.105.249.221.in-addr.arpa to ns0-s.dns.pipex.net and ns1-s.dns.pipex.net. Neither of these name servers knows about the 80/29.105.249.221.in-addr.arpa zone. So if it's this address that's causing you trouble, you need to take it up with the administrators of 80/29.105.249.221.in-addr.arpa and 105.249.221.in-addr.arpa. There's a disconnect between them. Either the parent has delegated the child to the wrong name servers or has done that to the child name servers (ns[01]-s.dns.pipex.net) without them being configured to serve 80/29.105.249.221.in-addr.arpa. Once that's sorted out, a PTR record for 84.80/29.105.249.221.in-addr.arpa will be needed. Or I suppose you could just get the CNAME for 84.105.249.221.in-addr.arpa replaced with an appropriate PTR and not bother with this RFC2317-style reverse delegation. Please note that in general this list doesn't discuss specific DNS operational problems or provide tutorials on how to configure name servers and set up zone files. They tend to be handled in somewhere like bind-users at isc.org. Followup questions about your mail server's broken reverse DNS entry might be better of going there. This list tends to be used for DNS policy issues -- especially those concerning RIPE and the RIPE NCC membership, the production of BCPs, WG administrivia, etc, etc. The WG charter suggests the sort of discussions that would be appropriate to this list. From ripe-wgs.cs at schiefner.de Sat Aug 21 12:45:41 2004 From: ripe-wgs.cs at schiefner.de (Carsten Schiefner) Date: Sat, 21 Aug 2004 12:45:41 +0200 Subject: [dns-wg] Reverse DNS at the Host Level? In-Reply-To: <25594.1093008556@gromit.rfc1035.com> References: <25594.1093008556@gromit.rfc1035.com> Message-ID: <412727D5.3020605@schiefner.de> Hi Jim, Jim Reid wrote: > Please note that in general this list doesn't discuss specific DNS > operational problems or provide tutorials on how to configure name > servers and set up zone files. [...] but you certainly will agree that posting pointers to websites explaining the HOW-TO is absolutely in the scope of this list, won't you?! ;-) Here we go: http://www.ripe.net/ripencc/mem-services/registration/reverse/ Cheers, -C. From bortzmeyer at nic.fr Mon Aug 23 14:10:19 2004 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Mon, 23 Aug 2004 14:10:19 +0200 Subject: [dns-wg] Re: Reverse DNS at the Host Level? In-Reply-To: <25594.1093008556@gromit.rfc1035.com> References: <058E4C246CF26940A5D5EE0E3AE84755B0797F@tokyomail1.sdlintl.com> <25594.1093008556@gromit.rfc1035.com> Message-ID: <20040823121019.GA12457@nic.fr> On Fri, Aug 20, 2004 at 02:29:16PM +0100, Jim Reid wrote a message of 62 lines which said: > For instance many mail servers won't accept SMTP sessions from hosts > with no reverse DNS: it's usually a strong indication of a spam > source. Let me rewrite this properly: For instance some mail servers won't accept SMTP sessions from hosts with no reverse DNS (they often believe it will limit the amount of spam received). From jim at rfc1035.com Mon Aug 23 14:25:37 2004 From: jim at rfc1035.com (Jim Reid) Date: Mon, 23 Aug 2004 13:25:37 +0100 Subject: [dns-wg] Re: Reverse DNS at the Host Level? In-Reply-To: Message from Stephane Bortzmeyer of "Mon, 23 Aug 2004 14:10:19 +0200." <20040823121019.GA12457@nic.fr> Message-ID: <368.1093263937@gromit.rfc1035.com> >>>>> "Stephane" == Stephane Bortzmeyer writes: >> For instance many mail servers won't accept SMTP sessions from >> hosts with no reverse DNS: it's usually a strong indication of >> a spam source. Stephane> Let me rewrite this properly: Stephane> For instance some mail servers won't accept SMTP Stephane> sessions from hosts with no reverse DNS (they often Stephane> believe it will limit the amount of spam received). Let me rewrite your rewrite properly: :-) For instance some mail servers won't accept SMTP sessions from hosts with no reverse DNS. This is a common anti-spam measure because a significant amount of spam is known to come from hosts that do not have reverse DNS entries.