REVERSE DNS Practices.
hi, I want to ask some folks out there that maintain reverse DNS queries of their respective IP blocks. I want to know if there is a need for me to contact my upstream provider. I am in charge of 2 /24's under LACNIC. I've already registered my DNS servers on LACNIC. but for some weird reason it's not owning reverse resolves. any tips would be gladly appreciated. thanks, b -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Savvis Outage?
Anyone else seeing an outage with Savvis in the Chicago area? Specifically in their colo we are seeing asynchronous connectivity, traffic is coming in, but not getting back out. Jeff Rooney jtroo...@nexdlevel.com
Re: REVERSE DNS Practices.
Slighty related... Can people please post their recommended reverse dns naming conventions for a small ISP with growth and scalability in mind. I already have one drawn up, but I would like to contrast and compare :D Thanks On 21 Mar 2009 10:32:30 -, John Levine jo...@iecc.com wrote: I want to ask some folks out there that maintain reverse DNS queries of their respective IP blocks. I want to know if there is a need for me to contact my upstream provider. I am in charge of 2 /24's under LACNIC. I've already registered my DNS servers on LACNIC. but for some weird reason it's not owning reverse resolves. any tips would be gladly appreciated. The RIRs don't maintain rDNS for you. You'll have to trace the delegations downward from in-addr.arpa, find out who's handling your /24's, and contact them to get them to delegate your chunks to you. R's, John
Re: REVERSE DNS Practices.
I want to ask some folks out there that maintain reverse DNS queries of their respective IP blocks. I want to know if there is a need for me to contact my upstream provider. I am in charge of 2 /24's under LACNIC. I've already registered my DNS servers on LACNIC. but for some weird reason it's not owning reverse resolves. any tips would be gladly appreciated. The RIRs don't maintain rDNS for you. You'll have to trace the delegations downward from in-addr.arpa, find out who's handling your /24's, and contact them to get them to delegate your chunks to you. R's, John
hi
i am getting one volume of the list thats vol 14.i sure bet i am missing some vol's. can you give me a hand on this anyone -- regards DAVID
Re: NANOG Digest, Vol 14, Issue 44
nanog-requ...@nanog.org wrote: hi, I want to ask some folks out there that maintain reverse DNS queries of their respective IP blocks. I want to know if there is a need for me to contact my upstream provider. I am in charge of 2 /24's under LACNIC. I've already registered my DNS servers on LACNIC. but for some weird reason it's not owning reverse resolves. any tips would be gladly appreciated. thanks, b You can use the dig utility that usually comes with bind to trace the NS records for the ip block down, just run: # dig 255.254.253.252.in-addr.arpa @a.root-servers.net NS +trace That will tell you what nameserver is directing you where. You can also use this web-based utility to query the root nameservers to figure out where your queries are being directed to: http://www.squish.net/dnscheck . Just make sure you are entering your ip in the reverse-dns, *.in-addr.arpa format, and not the actual ip address. Slighty related... Can people please post their recommended reverse dns naming conventions for a small ISP with growth and scalability in mind. I already have one drawn up, but I would like to contrast and compare :D Thanks ip4.1-2-3.static.ourdomain.net
Re: REVERSE DNS Practices.
the 20th or 21st century answer? if you really don't care about the actual node, then you should map the numbers to topologically significant names - after all, the reverse map follows topology, not some goofball - layer 9 - ego trip thing. or - the more modern approach is to let the node (w/ proper authorization) do a secure dynamic update of the revserse map - so the forward and reverse delegations match. ... a -VERY- useful technique. --bill On Sat, Mar 21, 2009 at 01:38:55PM +0300, br...@yoafrica.com wrote: Slighty related... Can people please post their recommended reverse dns naming conventions for a small ISP with growth and scalability in mind. I already have one drawn up, but I would like to contrast and compare :D Thanks On 21 Mar 2009 10:32:30 -, John Levine jo...@iecc.com wrote: I want to ask some folks out there that maintain reverse DNS queries of their respective IP blocks. I want to know if there is a need for me to contact my upstream provider. I am in charge of 2 /24's under LACNIC. I've already registered my DNS servers on LACNIC. but for some weird reason it's not owning reverse resolves. any tips would be gladly appreciated. The RIRs don't maintain rDNS for you. You'll have to trace the delegations downward from in-addr.arpa, find out who's handling your /24's, and contact them to get them to delegate your chunks to you. R's, John
Re: Redundant AS's
* Hank Nussbacher: Older LIRs have more allocations which compensates for the time factor of the algorithm. Older allocations need almost no human handling by the RIR vs a new LIR of a year which has a oodles of tickets that need human intervention. And how much of that is the result of not returning old resources to the RIR? My own experience as an end user is not that good: After insisting repeatedly, only one of the LIRs we contacted eventually removed our historic PA assignment from the RIPE database (years after the last contract ended). It's just a tiny amount of resources which was involved, but I guess even those sum up in the end. Presumably, the current environment encourages LIRs to treat this as some sort of inner reserve. And as long as the LIR's resource requirements are not stagnant, this isn't even a significant problem from a global perspective.
Re: REVERSE DNS Practices.
On Sat, Mar 21, 2009 at 8:00 AM, bmann...@vacation.karoshi.com wrote: the 20th or 21st century answer? if you really don't care about the actual node, then you should map the numbers to topologically significant names - after all, the reverse map follows topology, not some goofball - layer 9 - ego trip thing. For routing / backbone devices/interfaces/loopbacks, absolutely. There are security implications [sort of] with being verbose about infrastructure naming, but obscurity in DNS never stopped a crawler from walking the ipv4 space looking for vulnerabilities... I'm going to guess tho that your question pertains to user ips. For end-user (dsl/dial/cable/eyeball) ips on a small or large scale, simpler is better. There's no need to put -slip or 'ppp' or isdn or dial or poolXXX or city names in an in-addr. Nobody needs to know, nobody will probably care, and eventually, it'll change somehow. There is a quite elegant, database-friendly, probably-easy-to-generate/code sans textfiles method - a rather clever nomenclature for its insanely ginormous [yes, thats the technical term] user ip pools. AOL uses it in their user pools. * each octet is converted to a to byte hex value, and concatenated. example: 172.137.220.58 = AC89DC3A.ipt.aol.com. o It's short, simple, and not geographically tying or revealing (your noc should know where your dial blocks sit) ;) etc etc. o Being hex, It's also not language-specific .. o Win factor? With a different SLD or subdomain (e.g. /ipt/.aol.com) , queries can be offloaded to less critical nameservers The problem eventually, as bill hints to, is that hostnames (esp. in-addr) *will* change. A certain phone co out here (cant tell you their name, but their initials are sbc) is annoyingly famous for this. Tens of thousands of in-addrs resolve to hostnames with locations in other states, other time zones, because, pools get shuffled around.. and really, nobody likes to sit and manage DNS all day. Even noc monkies. Using the hex method solves this. or - the more modern approach is to let the node (w/ proper authorization) do a secure dynamic update of the revserse map - so the forward and reverse delegations match. ... a -VERY- useful technique. Lots of administration in this one, too, tho.. keys, manual definitions .. i suppose it could be automated, but you still have client configs, interoperability issues, and worst case / improperly configured dns update controls, namespace collisions. A lot of this of course is about context. What are the IPs purposed to? Infrastructure? Users? Everyone's mileage will vary, but, I've yet to come across any serious issues with dotted quads to hex... -jamie On Sat, Mar 21, 2009 at 01:38:55PM +0300, br...@yoafrica.com wrote: Slighty related... Can people please post their recommended reverse dns naming conventions for a small ISP with growth and scalability in mind. I already have one drawn up, but I would like to contrast and compare :D Thanks On 21 Mar 2009 10:32:30 -, John Levine jo...@iecc.com wrote: I want to ask some folks out there that maintain reverse DNS queries of their respective IP blocks. I want to know if there is a need for me to contact my upstream provider. I am in charge of 2 /24's under LACNIC. I've already registered my DNS servers on LACNIC. but for some weird reason it's not owning reverse resolves. any tips would be gladly appreciated. The RIRs don't maintain rDNS for you. You'll have to trace the delegations downward from in-addr.arpa, find out who's handling your /24's, and contact them to get them to delegate your chunks to you. R's, John -- Jamie Rishaw // .com.a...@j - reverse it. ish. [Impressive C-level Title Here], arpa / arpa labs
Re: Redundant AS's
It takes me about 3-5 hours of work to track down and get an old unused ASN to be deallocated. How about updating the 2010 charging model so that LIRs that return ASNs are compensated? I don't think this is a good way of using RIR funds. Why should the old guys receive even more special treatment? RIPE's charging scheme already discriminates heavily against newcomers. beancounters know how cut expenses, not how to increase sales. thus, they (though well-meaning) shrink the company and eventually drive it into the ground. the real path is to move forward, increase income, and grow. perhaps there is a lesson here. move on to 4-byte asns. randy
Re: Redundant AS's
* Randy Bush: the real path is to move forward, increase income, and grow. Sure. I was enlightened when someone posted to a RIPE mailing list, we are heading towards a future where address space is scarce (my words, not his). But the exact opposite is true.
Re: Redundant AS's
On Sat, Mar 21, 2009 at 08:44:23AM -0700, Randy Bush wrote: perhaps there is a lesson here. move on to 4-byte asns. randy er... 'parm me sir, but aren't -all- ASNs 4 bytes? i mean, for lo these many years we cheated and only used the first two bytes... but the spec always called out four bytes. --bill
RE: REVERSE DNS Practices.
The recommendations in this draft proposal have worked for me: http://tools.ietf.org/id/draft-msullivan-dnsop-generic-naming-schemes-00.txt Frank -Original Message- From: br...@yoafrica.com [mailto:br...@yoafrica.com] Sent: Saturday, March 21, 2009 5:39 AM To: John Levine Cc: nanog@nanog.org Subject: Re: REVERSE DNS Practices. Slighty related... Can people please post their recommended reverse dns naming conventions for a small ISP with growth and scalability in mind. I already have one drawn up, but I would like to contrast and compare :D Thanks On 21 Mar 2009 10:32:30 -, John Levine jo...@iecc.com wrote: I want to ask some folks out there that maintain reverse DNS queries of their respective IP blocks. I want to know if there is a need for me to contact my upstream provider. I am in charge of 2 /24's under LACNIC. I've already registered my DNS servers on LACNIC. but for some weird reason it's not owning reverse resolves. any tips would be gladly appreciated. The RIRs don't maintain rDNS for you. You'll have to trace the delegations downward from in-addr.arpa, find out who's handling your /24's, and contact them to get them to delegate your chunks to you. R's, John
Re: Redundant AS's
On Fri, 20 Mar 2009, Heather Schiller wrote: I don't think old vs new really matters.. pardon me for sticking w/ ARIN in this example.. I can follow their fee structure easiest - and doesn't have the old vs new: (https://www.arin.net/fees/fee_schedule.html) ARIN charges $100/yr for ASN's ... any compensation for returning an ASN should be less than the $100 they charge? Would it make any financial sense to compensate someone $500 for returning an ASN that only generates $100 a year? (Remember that the RIR's are non-profits..) Well old vs new does have consequences. I have many ASNs issued since 1996, yet they were never charged. See 2006: ftp://ftp.ripe.net/ripe/docs/ripe-360.pdf Note: AS Numbers, PI IPv4 and IPv6 special purpose assignments issued before 1 October 2004 will NOT count toward the 2006 billing score. As it had been up till that point. Yet in 2007: ftp://ftp.ripe.net/ripe/docs/ripe-392.pdf that rule changed and suddenly older allocations were suddenly billed. So a LIR that issued ASNs to customers and only charged them a one-time fee in 1996-2006 (processing and handling) is suddenly saddled with additional costs that they can no longer pass on to the customer. I wonder what ARIN did in that regards. Regards, Hank
Re: REVERSE DNS Practices.
On Saturday 21 March 2009 06:38:55 pm br...@yoafrica.com wrote: Slighty related... Can people please post their recommended reverse dns naming conventions for a small ISP with growth and scalability in mind. I already have one drawn up, but I would like to contrast and compare :D As regards core infrastructure, I posted the below on this list a while back, not sure if it'll help. http://www.merit.edu/mail.archives/nanog/msg01341.html YMMV. Cheers, Mark. signature.asc Description: This is a digitally signed message part.
