Hi Ronald, On 11/28, Ronald F. Guilmette wrote: > My apologies for having failed to report to this recent message > sooner. > > In message <[email protected]>, > AFRINIC Communication <[email protected]> wrote: > > >Following your inquiry regarding the existence of inconsistencies > >between reverse DNS delegation records within the WHOIS Database and the > >published RDNS zone files at ftp://ftp.afrinic.net/pub/zones/ directory, > >we have carried out further analysis and below are the findings. > > > >1. This situation is a result of the presence of overlapping records > >in the WHOIS Database. The script that picks and publishes to the ftp > >picks only the reverse DNS domain covering the less specific prefix, for > >instance with reference to the example provided, the ftp file contains > >the record for 203.196.in-addr.arpa and not any other more specific > >reverse DNS records such as 35.203.196.in-addr.arpa > > > >2. These overlapping records are historical and date back to the > >period between 2004 - 2007 and the whois at that time did not have the > >checks that guard against creation of these overlaps. > > > >The issue regarding the existence of these overlaps in the WHOIS > >Database was raised by staff during the first database working group > >session at AIS-19 in Kampala, for the best way forward on resolving this > >and the consensus was that nothing should be done. The DBWG session > >report is available here: > > > >https://lists.afrinic.net/pipermail/dbwg/2019-June/000140.html > > > >Going forward, we intend to ensure that these overlapping records are > >cleared and no longer present inconsistencies. > > I'm sorry, but I must take issue, in a modest way, with this chosen > resolution. > > I believe that you have explained the "issue" of the "overlapping" > reverse DNS delegations clearly, but I am not persuaded that there > is actually any problem here, other than that some of the AFRINIC > reverse DNS delegations were not being represented in the public > AFRINIC zone file(s). > > I must ask the question: Why should it be considered to be either "bad" > or even "a problem" if AFRINIC maintains reverse DNS delegations for, > say, some /16 and also and separately, maintains a different reverse > DNS delegation for some particular /24 block which is a part of that > larger containing /16 block? > This seems fairly clear, to me at least, that having delegations at the same authoritative nameserver for a subdomain and a subdomain-of-a-subdomain is problematic.
Consider:
ns-a delegates foo.example.com to ns-b
and bar.foo.example.com to ns-c
ns-b delegates bar.foo.example.com to ns-d
Who is authoritative for host.bar.foo.example.com?
I haven't checked whether this is permitted by the RFCs, but even if it
is, it seems like a readily avoidable recipe for breakage. And one
without an obvious benefit that I can see.
Maybe someone here knows the answer definitively?
Or can think of a use-case that would require this kind of a delegation?
Cheers,
Ben
signature.asc
Description: PGP signature
_______________________________________________ Community-Discuss mailing list [email protected] https://lists.afrinic.net/mailman/listinfo/community-discuss
