How does reverse delegation work for legacy resources across RIR?
According to https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml 147/8 Administered by ARIN 1993-05 whois.arin.net https://rdap.arin.net/registry http://rdap.arin.net/registry LEGACY
$ dig 147.in-addr.arpa. ns ; <<>> DiG 9.16.1-Ubuntu <<>> 147.in-addr.arpa. ns ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20223 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;147.in-addr.arpa. IN NS ;; ANSWER SECTION: 147.in-addr.arpa. 86400 IN NS r.arin.net. 147.in-addr.arpa. 86400 IN NS u.arin.net. 147.in-addr.arpa. 86400 IN NS x.arin.net. 147.in-addr.arpa. 86400 IN NS y.arin.net. 147.in-addr.arpa. 86400 IN NS z.arin.net. 147.in-addr.arpa. 86400 IN NS arin.authdns.ripe.net. ;; Query time: 75 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Thu Oct 29 15:02:58 PDT 2020 ;; MSG SIZE rcvd: 165
another example $ dig 196.in-addr.arpa. ns +short ns1.afrinic.net. ns2.afrinic.net. ns3.lacnic.net. ns3.afrinic.net. ns4.apnic.net. tinnie.arin.net. afrinic.authdns.ripe.net.
For legacy /8 that exists today in multiple RIRs, what is the process to make sure rDNS gets delegated correctly and avoid split views? Is there some mechanism to sync the zone across RIRs? How long does it typically take for this type of reverse delegation update to get reflected in DNS zone? When I created a domain object for 208.75.147.in-addr.arpa., it didn't show up in DNS until the next day. Yang
On 29/10/2020 23:15, Yang Yu via db-wg wrote: Hello Yang,
For legacy /8 that exists today in multiple RIRs, what is the process to make sure rDNS gets delegated correctly and avoid split views? Is there some mechanism to sync the zone across RIRs? How long does it typically take for this type of reverse delegation update to get reflected in DNS zone?
When I created a domain object for 208.75.147.in-addr.arpa., it didn't show up in DNS until the next day.
RIPE NCC publishes your delegation data in a "zonelet" file: https://ftp.ripe.net/pub/zones/147.in-addr.arpa-RIPE ARIN, the operator of 147.in-addr.arpa, fetches this zonelet file every few hours, and imports the delegation data into 147.in-addr.arpa. All the RIRs work in the same way, publishing zonelets, as well as importing zonelets from the others. The polling period varies from RIR to RIR, so sometimes it can take a few hours before the DNS is up to date. Regards, Anand Buddhdev RIPE NCC
Thanks Anand. Here is what I got from ARIN """ Typically ARIN pulls these zonelets and updates reverse zones hosted on ARIN every 4 hours. However, I have been informed that ARIN has recently become aware of a condition in this process where, sometimes, we don’t collect all of the zonelets from all of the other RIRs in time for all of the data to be signed. This results in some new data taking multiple four hour cycles to finally appear. ARIN is working toward a resolution to ensure we are back on track to updating and processing the information every 4 hours, but at this time we do not know when that resolution will be implemented. """ On Thu, Oct 29, 2020 at 4:06 PM Anand Buddhdev <anandb@ripe.net> wrote:
On 29/10/2020 23:15, Yang Yu via db-wg wrote:
Hello Yang,
For legacy /8 that exists today in multiple RIRs, what is the process to make sure rDNS gets delegated correctly and avoid split views? Is there some mechanism to sync the zone across RIRs? How long does it typically take for this type of reverse delegation update to get reflected in DNS zone?
When I created a domain object for 208.75.147.in-addr.arpa., it didn't show up in DNS until the next day.
RIPE NCC publishes your delegation data in a "zonelet" file:
https://ftp.ripe.net/pub/zones/147.in-addr.arpa-RIPE
ARIN, the operator of 147.in-addr.arpa, fetches this zonelet file every few hours, and imports the delegation data into 147.in-addr.arpa.
All the RIRs work in the same way, publishing zonelets, as well as importing zonelets from the others. The polling period varies from RIR to RIR, so sometimes it can take a few hours before the DNS is up to date.
Regards, Anand Buddhdev RIPE NCC
participants (2)
-
Anand Buddhdev
-
Yang Yu