[afrinic-discuss] Re: Afrinic and the reverse delegation

McTim dogwallah at gmail.com
Tue Apr 12 10:24:38 SAST 2005


Hi Stephane,

On Apr 12, 2005 10:56 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Mon, Apr 11, 2005 at 11:05:26PM +0200,
>  Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote
>  a message of 29 lines which said:
(snip)
> No, it was not. Which is a good thing for the security but we are back
> to the original question: how to request an in-addr.arpa delegation,
> since creating the object in the database is not sufficient?

Well there is a "locked" mntner on the inetnum, so contact
hostmaster at afrinic to get this sorted.

Ernest was correct, the reverse delegation process looks at the mntner
on the inetnum, and if no mnt-domains, it then reverts to the
mnt-lower.  In the abscence of mnt-lower, it looks @ mnt-by of
inetnum.  You also have to pass the mntner on the domain object (which
is non-existent in this case).

Dig says "non-existent domain":

; <<>> DiG 9.2.3 <<>> @dogon.sotelma.ml soa 96.64.217.in-addr.arpa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17255
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

So, I would:

1. make sure your ns is auth for the zone
2. then remove the domain you just created
3. Have Afrinic remove their locked mntner 
4. Have Sotelma add their mntner on this ASSIGNED PA object (and
mnt-lower or mnt-domains)
5. resend the domain object (this time with a mnt-by) and:

password: clear text pword for the mntner of inetnum
password: clear text pword for the mntner of domain

You only have to use one pword line if the are the same mntner.

I am sure Ernest will set me straight if I have got it wrong ;-)

Cheers,

McTim
nic-hdl:      TMCG



More information about the afrinic-announce mailing list