DNS Related Policy and Procedure Proposals
Dear Colleagues, Apologies for duplicate mails. Shortly after this mail we will be sending two separate mails to the DNS Working Group mailing list. We will also be posting a draft policy document (see below). These mails also have relevance to the RIPE NCC Services and Database Working Groups. The two messages and revised policy document are part of a project started in October 2003 to streamline and simplify the process of requesting and managing reverse DNS delegation for the holders of the address space allocated or assigned by the RIPE NCC. The original proposal can be found at: http://www.ripe.net/reverse/proposal.html The content of the mails are: - A proposal for the introduction of a new "mnt-domains:" attribute in INETNUM objects to authorise the creation of DOMAIN objects. This proposal also suggests making "mnt-by:" a mandatory DOMAIN object attribute. This authorisation mechanism will enable address space users to delegate the responsibility for maintaining reverse address space to third parties in a flexible manner. - An assessment of the consequences of the introduction of the "mnt-domains:" attribute and of the "mnt-by:" attribute being made mandatory. The reverse delegation policy has been revised, relaxing the terms under which reverse delegation will be serviced and providing the framework to implement the authorisation mechanism described above. The draft "Policy for Reverse Address Delegation of IPv4 and IPv6 Address Space in the RIPE NCC Service Region" can be found at: http://www.ripe.net/ripe/draft-documents/reverse-draft-200401.html We would like to invite your comments on this. Please discuss these proposals on the DNS Working Group mailing list. More information can be found at: http://www.ripe.net/reverse/rdns-project/ -- Olaf Kolkman New Projects Group RIPE NCC
Hay, [I didn't remove ncc-services-wg and db-wg lists since it's also a policy and db-issue] Olaf Kolkman wrote: [...]
The reverse delegation policy has been revised, relaxing the terms under which reverse delegation will be serviced and providing the framework to implement the authorisation mechanism described above.
The draft "Policy for Reverse Address Delegation of IPv4 and IPv6 Address Space in the RIPE NCC Service Region" can be found at:
http://www.ripe.net/ripe/draft-documents/reverse-draft-200401.html
We would like to invite your comments on this. Please discuss these proposals on the DNS Working Group mailing list. [...]
AFAIR there was no objection to this proposal as long as it comes to relaxing the policy itself. I think we could implement the new draft ASAP. It's short and easy and was updated to IPv6 - all we need. The best part in my eyes is, that with the new policy and the new authorisation system (mnt-domains ect.), every address space holder can again request/update their rDNS delegations on their own (given the correct db authorisation) - as long as they know what they do. (At least I think that's intentionally, since all the parts relating to only LIRs can hand in requests have been removed :-) ) And a personal sidenote: I always kinda liked the current policy, allowing reverse delegation on a /24 block only if there's at least one valid assignment in it. Even though one usually shouldn't route a net without a valid assignment, i merged several LIRs throughout the last years, and I _always_ discovered some routed but not assigned networks. In almost all cases it was hard to get the customer to hand in a correct request for nets he's already been using for a while. The best was to tell the customer, they can't get rDNS until they have a valid Assignment and point to the policy - that often helped, unless they didn't care about rDNS at all. Though, this is rather a social problem of unwilling customers and lazy LIRs. So I do support the relaxed policy. Just saying that in my case the current policy rather helped some times than causing problems due to the restrictions. But i see the advantages of the new draft in general. -- ======================================================================== = Sascha Lenz SLZ-RIPE slz@baycix.de = = Network Operations = = BayCIX GmbH, Landshut * PGP public Key on demand * = ========================================================================
Hello, On 22.01 02:47, Sascha Lenz wrote:
[I didn't remove ncc-services-wg and db-wg lists since it's also a policy and db-issue]
Olaf Kolkman wrote:
[...]
The reverse delegation policy has been revised, relaxing the terms under which reverse delegation will be serviced and providing the framework to implement the authorisation mechanism described above.
The draft "Policy for Reverse Address Delegation of IPv4 and IPv6 Address Space in the RIPE NCC Service Region" can be found at:
http://www.ripe.net/ripe/draft-documents/reverse-draft-200401.html
We would like to invite your comments on this. Please discuss these proposals on the DNS Working Group mailing list. [...]
AFAIR there was no objection to this proposal as long as it comes to relaxing the policy itself. I think we could implement the new draft ASAP.
I agree, that should run already ;-)
The best part in my eyes is, that with the new policy and the new authorisation system (mnt-domains ect.), every address space holder can again request/update their rDNS delegations on their own (given the correct db authorisation) - as long as they know what they do. (At least I think that's intentionally, since all the parts relating to only LIRs can hand in requests have been removed :-) )
I only have one question - do I need to use mntner object for reverse delegation? If so, couldn't that be just left on persons/roles? So we (DNS team) wouldn't need two objects to delegate DNS for our address space. -- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory.
participants (3)
-
Matus UHLAR - fantomas -
Olaf Kolkman -
Sascha Lenz