From iljitsch at muada.com Thu Feb 24 19:28:43 2005 From: iljitsch at muada.com (Iljitsch van Beijnum) Date: Thu, 24 Feb 2005 19:28:43 +0100 Subject: [dns-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <410E7D22.70904@ripe.net> References: <410E7D22.70904@ripe.net> Message-ID: <9bba11348129f99d6a700921cc6e89c1@muada.com> On 2-aug-04, at 19:42, Andrei Robachevsky wrote: > K-root server has now IPv6 transport enabled. > k.root-servers.net. AAAA 2001:7fd::1 > A 193.0.14.129 > This information is also available from www.root-servers.org webiste. Since the ARIN micro allocation policy creates some problems, I was curious what kind of address space RIPE uses for k-root. A /32 "macro allocation", it turns out: inet6num: 2001:07FD::/32 netname: K-rootserver-net-20030829 descr: This assignment given to k-root.server.net I believe this ASSIGNment is in violation of existing IPv6 ALLOCATION policies. I would be very interested in learning any information to the contrary. Iljitsch van Beijnum From dr at cluenet.de Thu Feb 24 20:04:20 2005 From: dr at cluenet.de (Daniel Roesen) Date: Thu, 24 Feb 2005 20:04:20 +0100 Subject: [dns-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <9bba11348129f99d6a700921cc6e89c1@muada.com> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> Message-ID: <20050224190420.GA30975@srv01.cluenet.de> On Thu, Feb 24, 2005 at 07:28:43PM +0100, Iljitsch van Beijnum wrote: > Since the ARIN micro allocation policy creates some problems, I was > curious what kind of address space RIPE uses for k-root. A /32 "macro > allocation", it turns out: > > inet6num: 2001:07FD::/32 > netname: K-rootserver-net-20030829 > descr: This assignment given to k-root.server.net > > I believe this ASSIGNment is in violation of existing IPv6 ALLOCATION > policies. I would be very interested in learning any information to the > contrary. http://www.ripe.net/ripe/docs/ipv6-rootservers.html "Under this policy, each (current or future) Internet DNS root server (as listed in the root-servers.net zone) in the RIPE region will be assigned a block of IPv6 address space for purposes of root server operations. The size of the block shall be the same as the size of the minimum allocation to Local Internet Registries (LIRs) valid at the time of the root server assignment." An ALLOCATION makes no sense as no assignments would be done. The root server operator IS the end user of the address space. Regards, Daniel -- CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0 From iljitsch at muada.com Thu Feb 24 20:55:10 2005 From: iljitsch at muada.com (Iljitsch van Beijnum) Date: Thu, 24 Feb 2005 20:55:10 +0100 Subject: [dns-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <20050224190420.GA30975@srv01.cluenet.de> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> <20050224190420.GA30975@srv01.cluenet.de> Message-ID: <07654d4cae5d49d87b554658b46696a1@muada.com> On 24-feb-05, at 20:04, Daniel Roesen wrote: > http://www.ripe.net/ripe/docs/ipv6-rootservers.html > "Under this policy, each (current or future) Internet DNS root server > (as listed in the root-servers.net zone) in the RIPE region will be > assigned a block of IPv6 address space for purposes of root server > operations. The size of the block shall be the same as the size of the > minimum allocation to Local Internet Registries (LIRs) valid at the > time > of the root server assignment." So who authorized this? It looks a lot like the RIPE NCC doesn't have to stick to its own rules when it doesn't feel like it. And it's extremely wasteful to use 2^96 addresses when only 1 is needed. From dr at cluenet.de Thu Feb 24 21:23:23 2005 From: dr at cluenet.de (Daniel Roesen) Date: Thu, 24 Feb 2005 21:23:23 +0100 Subject: [dns-wg] Re: [address-policy-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <07654d4cae5d49d87b554658b46696a1@muada.com> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> <20050224190420.GA30975@srv01.cluenet.de> <07654d4cae5d49d87b554658b46696a1@muada.com> Message-ID: <20050224202323.GA31925@srv01.cluenet.de> On Thu, Feb 24, 2005 at 08:55:10PM +0100, Iljitsch van Beijnum wrote: > And it's extremely wasteful to use 2^96 addresses when only 1 is needed. That's because of people's lazy and stupid habit of derriving policy from prefix length (exceeding the valid conclusions from the IPv6 architecture documents). I would have preferred the ARIN way of using /48s (end site size). Unfortunately still many people think (or just copied some random filter recommendation) that filtering ANY /48 is a good thing, and don't update filters. Regards, Dan'overly aggressive filtering considered harmful'iel -- CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0 From iljitsch at muada.com Thu Feb 24 22:09:08 2005 From: iljitsch at muada.com (Iljitsch van Beijnum) Date: Thu, 24 Feb 2005 22:09:08 +0100 Subject: [dns-wg] Re: [address-policy-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <20050224202323.GA31925@srv01.cluenet.de> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> <20050224190420.GA30975@srv01.cluenet.de> <07654d4cae5d49d87b554658b46696a1@muada.com> <20050224202323.GA31925@srv01.cluenet.de> Message-ID: <6b4b4a538e32df2d072537e30c8b090c@muada.com> On 24-feb-05, at 21:23, Daniel Roesen wrote: >> And it's extremely wasteful to use 2^96 addresses when only 1 is >> needed. > That's because of people's lazy and stupid habit of derriving policy > from prefix length In IPv4 it's a reasonable thing to do because enumerating all valid prefixes just isn't feasible. > Unfortunately still many people think (or just > copied some random filter recommendation) that filtering ANY /48 is a > good thing, and don't update filters. Hm, maybe the read http://www.ripe.net/ripe/docs/ipv6-policies.html and saw: 4.3. Minimum allocation RIRs will apply a minimum size for IPv6 allocations to facilitate prefix-based filtering. The minimum allocation size for IPv6 address space is /32. From jon at lawrence.org.uk Thu Feb 24 22:27:01 2005 From: jon at lawrence.org.uk (Jon Lawrence) Date: Thu, 24 Feb 2005 21:27:01 +0000 Subject: [dns-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <20050224190420.GA30975@srv01.cluenet.de> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> <20050224190420.GA30975@srv01.cluenet.de> Message-ID: <200502242127.01825.jon@lawrence.org.uk> On Thursday 24 February 2005 19:04, Daniel Roesen wrote: > On Thu, Feb 24, 2005 at 07:28:43PM +0100, Iljitsch van Beijnum wrote: > > Since the ARIN micro allocation policy creates some problems, I was > > curious what kind of address space RIPE uses for k-root. A /32 "macro > > allocation", it turns out: > > > > inet6num: 2001:07FD::/32 > > netname: K-rootserver-net-20030829 > > descr: This assignment given to k-root.server.net > > > > I believe this ASSIGNment is in violation of existing IPv6 ALLOCATION > > policies. I would be very interested in learning any information to the > > contrary. > > http://www.ripe.net/ripe/docs/ipv6-rootservers.html > > "Under this policy, each (current or future) Internet DNS root server > (as listed in the root-servers.net zone) in the RIPE region will be > assigned a block of IPv6 address space for purposes of root server > operations. The size of the block shall be the same as the size of the > minimum allocation to Local Internet Registries (LIRs) valid at the time > of the root server assignment." > > An ALLOCATION makes no sense as no assignments would be done. The root > server operator IS the end user of the address space. > Yep, that makes sense. A root server operator would be an end user - can't imagine why they'd need more than a /48 though. It would make sense to me if root servers were assigned directly from RIPE (possibly from a special allocation set as side for the root servers' use). It seems completely pointless to allocate/assign a /32 to a root server. If the root server operator gets an assignment (directly from RIPE) why does it need to be the same size as a normal minimum allocation. Regardless of min allocation size - which ISP isn't going to allow an known root server IP through. If people want to filter then let them, if they don't know what they're doing then that's their look out. Root servers should be allocated/assigned (whatever) from a known block - that way everyone knows not to filter that block. Jon From elmi at 4ever.de Thu Feb 24 20:02:55 2005 From: elmi at 4ever.de (Elmar K. Bins) Date: Thu, 24 Feb 2005 20:02:55 +0100 Subject: [dns-wg] Re: [address-policy-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <9bba11348129f99d6a700921cc6e89c1@muada.com> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> Message-ID: <20050224190254.GY14099@new.detebe.org> iljitsch at muada.com (Iljitsch van Beijnum) wrote: > >This information is also available from www.root-servers.org webiste. > > Since the ARIN micro allocation policy creates some problems, I was > curious what kind of address space RIPE uses for k-root. A /32 "macro > allocation", it turns out: > > inet6num: 2001:07FD::/32 > netname: K-rootserver-net-20030829 > descr: This assignment given to k-root.server.net > > I believe this ASSIGNment is in violation of existing IPv6 ALLOCATION > policies. I would be very interested in learning any information to the > contrary. So do I, since I have a ccTLD service to provision with IPv6. Elmar. (And yes, ARIN sent me to RIPE, and they sent me home...) -- "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, ) --------------------------------------------------------------[ ELMI-RIPE ]--- From dr at cluenet.de Thu Feb 24 20:04:20 2005 From: dr at cluenet.de (Daniel Roesen) Date: Thu, 24 Feb 2005 20:04:20 +0100 Subject: [dns-wg] [address-policy-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <9bba11348129f99d6a700921cc6e89c1@muada.com> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> Message-ID: <20050224190420.GA30975@srv01.cluenet.de> On Thu, Feb 24, 2005 at 07:28:43PM +0100, Iljitsch van Beijnum wrote: > Since the ARIN micro allocation policy creates some problems, I was > curious what kind of address space RIPE uses for k-root. A /32 "macro > allocation", it turns out: > > inet6num: 2001:07FD::/32 > netname: K-rootserver-net-20030829 > descr: This assignment given to k-root.server.net > > I believe this ASSIGNment is in violation of existing IPv6 ALLOCATION > policies. I would be very interested in learning any information to the > contrary. http://www.ripe.net/ripe/docs/ipv6-rootservers.html "Under this policy, each (current or future) Internet DNS root server (as listed in the root-servers.net zone) in the RIPE region will be assigned a block of IPv6 address space for purposes of root server operations. The size of the block shall be the same as the size of the minimum allocation to Local Internet Registries (LIRs) valid at the time of the root server assignment." An ALLOCATION makes no sense as no assignments would be done. The root server operator IS the end user of the address space. Regards, Daniel -- CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0 From iljitsch at muada.com Thu Feb 24 20:55:10 2005 From: iljitsch at muada.com (Iljitsch van Beijnum) Date: Thu, 24 Feb 2005 20:55:10 +0100 Subject: [dns-wg] [address-policy-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <20050224190420.GA30975@srv01.cluenet.de> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> <20050224190420.GA30975@srv01.cluenet.de> Message-ID: <07654d4cae5d49d87b554658b46696a1@muada.com> On 24-feb-05, at 20:04, Daniel Roesen wrote: > http://www.ripe.net/ripe/docs/ipv6-rootservers.html > "Under this policy, each (current or future) Internet DNS root server > (as listed in the root-servers.net zone) in the RIPE region will be > assigned a block of IPv6 address space for purposes of root server > operations. The size of the block shall be the same as the size of the > minimum allocation to Local Internet Registries (LIRs) valid at the > time > of the root server assignment." So who authorized this? It looks a lot like the RIPE NCC doesn't have to stick to its own rules when it doesn't feel like it. And it's extremely wasteful to use 2^96 addresses when only 1 is needed. From iljitsch at muada.com Thu Feb 24 22:09:08 2005 From: iljitsch at muada.com (Iljitsch van Beijnum) Date: Thu, 24 Feb 2005 22:09:08 +0100 Subject: [dns-wg] Re: [address-policy-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <20050224202323.GA31925@srv01.cluenet.de> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> <20050224190420.GA30975@srv01.cluenet.de> <07654d4cae5d49d87b554658b46696a1@muada.com> <20050224202323.GA31925@srv01.cluenet.de> Message-ID: <6b4b4a538e32df2d072537e30c8b090c@muada.com> On 24-feb-05, at 21:23, Daniel Roesen wrote: >> And it's extremely wasteful to use 2^96 addresses when only 1 is >> needed. > That's because of people's lazy and stupid habit of derriving policy > from prefix length In IPv4 it's a reasonable thing to do because enumerating all valid prefixes just isn't feasible. > Unfortunately still many people think (or just > copied some random filter recommendation) that filtering ANY /48 is a > good thing, and don't update filters. Hm, maybe the read http://www.ripe.net/ripe/docs/ipv6-policies.html and saw: 4.3. Minimum allocation RIRs will apply a minimum size for IPv6 allocations to facilitate prefix-based filtering. The minimum allocation size for IPv6 address space is /32. From gert at space.net Thu Feb 24 22:20:11 2005 From: gert at space.net (Gert Doering) Date: Thu, 24 Feb 2005 22:20:11 +0100 Subject: [dns-wg] Re: [address-policy-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <07654d4cae5d49d87b554658b46696a1@muada.com> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> <20050224190420.GA30975@srv01.cluenet.de> <07654d4cae5d49d87b554658b46696a1@muada.com> Message-ID: <20050224212011.GX84850@Space.Net> Hi, On Thu, Feb 24, 2005 at 08:55:10PM +0100, Iljitsch van Beijnum wrote: > So who authorized this? The normal RIPE policy process. People discussed it, and decided it's a useful idea to have a way to get well-known IPv6 addresses to root servers. The resulting document is ripe-233: --------------------- snip --------------------- IPv6 Addresses for Internet Root Servers in the RIPE Region Joao Luis Silva Damas Document ID: ripe-233 Date: 24 May 2002 Abstract This document describes the special case assignment policy for Internet DNS root servers in the RIPE region. --------------------- snip --------------------- The progress that led to this policy is documented in the archives. > It looks a lot like the RIPE NCC doesn't have to stick to its own rules > when it doesn't feel like it. Please try to get your facts straigth *before* making such statements. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 71007 (66629) SpaceNet AG Mail: netmaster at Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234 From gert at space.net Thu Feb 24 22:26:05 2005 From: gert at space.net (Gert Doering) Date: Thu, 24 Feb 2005 22:26:05 +0100 Subject: [dns-wg] Re: [address-policy-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <20050224190254.GY14099@new.detebe.org> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> <20050224190254.GY14099@new.detebe.org> Message-ID: <20050224212605.GY84850@Space.Net> Hi, On Thu, Feb 24, 2005 at 08:02:55PM +0100, Elmar K. Bins wrote: > So do I, since I have a ccTLD service to provision with IPv6. As you know, everybody is special, but the *only* thing that cannot be resolved by DNS is the IPv4/IPv6 address of root name servers. There is no special case policy for (unicast) ccTLD name servers, for major search engines, big software vendor download sites, etc. -> find an upstream provider, get an IPv6 address block, and enter that in the relevant DNS zones. Of course the underlying question returns to "how to do IPv6 multihoming for A Special End Site". Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 71007 (66629) SpaceNet AG Mail: netmaster at Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234 From jon at lawrence.org.uk Thu Feb 24 22:27:01 2005 From: jon at lawrence.org.uk (Jon Lawrence) Date: Thu, 24 Feb 2005 21:27:01 +0000 Subject: [dns-wg] [address-policy-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <20050224190420.GA30975@srv01.cluenet.de> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> <20050224190420.GA30975@srv01.cluenet.de> Message-ID: <200502242127.01825.jon@lawrence.org.uk> On Thursday 24 February 2005 19:04, Daniel Roesen wrote: > On Thu, Feb 24, 2005 at 07:28:43PM +0100, Iljitsch van Beijnum wrote: > > Since the ARIN micro allocation policy creates some problems, I was > > curious what kind of address space RIPE uses for k-root. A /32 "macro > > allocation", it turns out: > > > > inet6num: 2001:07FD::/32 > > netname: K-rootserver-net-20030829 > > descr: This assignment given to k-root.server.net > > > > I believe this ASSIGNment is in violation of existing IPv6 ALLOCATION > > policies. I would be very interested in learning any information to the > > contrary. > > http://www.ripe.net/ripe/docs/ipv6-rootservers.html > > "Under this policy, each (current or future) Internet DNS root server > (as listed in the root-servers.net zone) in the RIPE region will be > assigned a block of IPv6 address space for purposes of root server > operations. The size of the block shall be the same as the size of the > minimum allocation to Local Internet Registries (LIRs) valid at the time > of the root server assignment." > > An ALLOCATION makes no sense as no assignments would be done. The root > server operator IS the end user of the address space. > Yep, that makes sense. A root server operator would be an end user - can't imagine why they'd need more than a /48 though. It would make sense to me if root servers were assigned directly from RIPE (possibly from a special allocation set as side for the root servers' use). It seems completely pointless to allocate/assign a /32 to a root server. If the root server operator gets an assignment (directly from RIPE) why does it need to be the same size as a normal minimum allocation. Regardless of min allocation size - which ISP isn't going to allow an known root server IP through. If people want to filter then let them, if they don't know what they're doing then that's their look out. Root servers should be allocated/assigned (whatever) from a known block - that way everyone knows not to filter that block. Jon From gert at space.net Thu Feb 24 22:41:07 2005 From: gert at space.net (Gert Doering) Date: Thu, 24 Feb 2005 22:41:07 +0100 Subject: [dns-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <200502242127.01825.jon@lawrence.org.uk> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> <20050224190420.GA30975@srv01.cluenet.de> <200502242127.01825.jon@lawrence.org.uk> Message-ID: <20050224214107.GC84850@Space.Net> Hi, On Thu, Feb 24, 2005 at 09:27:01PM +0000, Jon Lawrence wrote: > > An ALLOCATION makes no sense as no assignments would be done. The root > > server operator IS the end user of the address space. > > > Yep, that makes sense. A root server operator would be an end user - can't > imagine why they'd need more than a /48 though. They need a /128. But experience has shown that BGP participants *do* filter, and as such, it was decided to go for a /32 in RIPE land. ARIN does /48s. > It would make sense to me if root servers were assigned directly from RIPE > (possibly from a special allocation set as side for the root servers' use). This is the way it is done. > It seems completely pointless to allocate/assign a /32 to a root server. > If the root server operator gets an assignment (directly from RIPE) why does > it need to be the same size as a normal minimum allocation. BGP filters. But hey, so what. There are roughly 4 billion /32s - what do you gain by saving 10 /32s? The number of routing table entries (which are a larger problem than "exhaustion of the available /32s") doesn't change. > Regardless of min allocation size - which ISP isn't going to allow an known > root server IP through. If people want to filter then let them, if they don't > know what they're doing then that's their look out. > > Root servers should be allocated/assigned (whatever) from a known block - that > way everyone knows not to filter that block. At the time the policy was written, people thought that this way would be better. On the subject of root servers, people tend to be conservative. OTOH, no policy that can't be changed if people think otherwise today. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 71007 (66629) SpaceNet AG Mail: netmaster at Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234 From rogerj at jorgensen.no Thu Feb 24 22:42:44 2005 From: rogerj at jorgensen.no (Roger Jorgensen) Date: Thu, 24 Feb 2005 22:42:44 +0100 (CET) Subject: [dns-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root In-Reply-To: <9bba11348129f99d6a700921cc6e89c1@muada.com> References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> Message-ID: sorry for replying to this to all of the mailinglist. On Thu, 24 Feb 2005, Iljitsch van Beijnum wrote: > inet6num: 2001:07FD::/32 > netname: K-rootserver-net-20030829 > descr: This assignment given to k-root.server.net > > I believe this ASSIGNment is in violation of existing IPv6 ALLOCATION > policies. I would be very interested in learning any information to the > contrary. This is pointless discussion, only point of it would maybe be to making it clear that the VERY few DNS _root-servers_ there are out there, are the ONLY thing important enough to get it's own /32. -- ------------------------------ Roger Jorgensen | rogerj at stud.cs.uit.no | - IPv6 is The Key! http://www.jorgensen.no | roger at jorgensen.no ------------------------------------------------------- From randy at psg.com Mon Feb 28 02:39:25 2005 From: randy at psg.com (Randy Bush) Date: Mon, 28 Feb 2005 10:39:25 +0900 Subject: [dns-wg] Re: [address-policy-wg] Re: [ipv6-wg@ripe.net] IPv6 access to K-root References: <410E7D22.70904@ripe.net> <9bba11348129f99d6a700921cc6e89c1@muada.com> Message-ID: <16930.30285.167273.801898@roam.psg.com> > This is pointless discussion, only point of it would maybe be to making it > clear that the VERY few DNS _root-servers_ there are out there, are the > ONLY thing important enough to get it's own /32. it's not their importance which is important :-) it is that you can't use the dns to get their ip addresses from their names. for ALL other services, you can use the dns. randy