[Community-Discuss] Yet more data base problems/inconsistancies

Ben Maddison benm at workonline.africa
Mon Nov 30 01:33:19 UTC 2020

Hi Ronald,

On 11/28, Ronald F. Guilmette wrote:

> My apologies for having failed to report to this recent message

> sooner.


> In message <9E14BB14-159B-4877-A1F6-3B436FF8832D at afrinic.net>,

> AFRINIC Communication <comms at afrinic.net> wrote:


> >Following your inquiry regarding the existence of inconsistencies

> >between reverse DNS delegation records within the WHOIS Database and the

> >published RDNS zone files at ftp://ftp.afrinic.net/pub/zones/ directory,

> >we have carried out further analysis and below are the findings.

> >

> >1. This situation is a result of the presence of overlapping records

> >in the WHOIS Database. The script that picks and publishes to the ftp

> >picks only the reverse DNS domain covering the less specific prefix, for

> >instance with reference to the example provided, the ftp file contains

> >the record for 203.196.in-addr.arpa and not any other more specific

> >reverse DNS records such as 35.203.196.in-addr.arpa

> >

> >2. These overlapping records are historical and date back to the

> >period between 2004 - 2007 and the whois at that time did not have the

> >checks that guard against creation of these overlaps.

> >

> >The issue regarding the existence of these overlaps in the WHOIS

> >Database was raised by staff during the first database working group

> >session at AIS-19 in Kampala, for the best way forward on resolving this

> >and the consensus was that nothing should be done. The DBWG session

> >report is available here:

> >

> >https://lists.afrinic.net/pipermail/dbwg/2019-June/000140.html

> >

> >Going forward, we intend to ensure that these overlapping records are

> >cleared and no longer present inconsistencies.


> I'm sorry, but I must take issue, in a modest way, with this chosen

> resolution.


> I believe that you have explained the "issue" of the "overlapping"

> reverse DNS delegations clearly, but I am not persuaded that there

> is actually any problem here, other than that some of the AFRINIC

> reverse DNS delegations were not being represented in the public

> AFRINIC zone file(s).


> I must ask the question: Why should it be considered to be either "bad"

> or even "a problem" if AFRINIC maintains reverse DNS delegations for,

> say, some /16 and also and separately, maintains a different reverse

> DNS delegation for some particular /24 block which is a part of that

> larger containing /16 block?


This seems fairly clear, to me at least, that having delegations at the
same authoritative nameserver for a subdomain and a
subdomain-of-a-subdomain is problematic.

ns-a delegates foo.example.com to ns-b
and bar.foo.example.com to ns-c
ns-b delegates bar.foo.example.com to ns-d

Who is authoritative for host.bar.foo.example.com?

I haven't checked whether this is permitted by the RFCs, but even if it
is, it seems like a readily avoidable recipe for breakage. And one
without an obvious benefit that I can see.

Maybe someone here knows the answer definitively?
Or can think of a use-case that would require this kind of a delegation?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/community-discuss/attachments/20201130/b16a589b/attachment.sig>

More information about the Community-Discuss mailing list