[Community-Discuss] Yet more data base problems/inconsistancies
benm at workonline.africa
Mon Nov 30 01:33:19 UTC 2020
On 11/28, Ronald F. Guilmette wrote:
> My apologies for having failed to report to this recent message
> In message <9E14BB14-159B-4877-A1F6-3B436FF8832D at afrinic.net>,
> AFRINIC Communication <comms at afrinic.net> wrote:
> >Following your inquiry regarding the existence of inconsistencies
> >between reverse DNS delegation records within the WHOIS Database and the
> >published RDNS zone files at ftp://ftp.afrinic.net/pub/zones/ directory,
> >we have carried out further analysis and below are the findings.
> >1. This situation is a result of the presence of overlapping records
> >in the WHOIS Database. The script that picks and publishes to the ftp
> >picks only the reverse DNS domain covering the less specific prefix, for
> >instance with reference to the example provided, the ftp file contains
> >the record for 203.196.in-addr.arpa and not any other more specific
> >reverse DNS records such as 35.203.196.in-addr.arpa
> >2. These overlapping records are historical and date back to the
> >period between 2004 - 2007 and the whois at that time did not have the
> >checks that guard against creation of these overlaps.
> >The issue regarding the existence of these overlaps in the WHOIS
> >Database was raised by staff during the first database working group
> >session at AIS-19 in Kampala, for the best way forward on resolving this
> >and the consensus was that nothing should be done. The DBWG session
> >report is available here:
> >Going forward, we intend to ensure that these overlapping records are
> >cleared and no longer present inconsistencies.
> I'm sorry, but I must take issue, in a modest way, with this chosen
> I believe that you have explained the "issue" of the "overlapping"
> reverse DNS delegations clearly, but I am not persuaded that there
> is actually any problem here, other than that some of the AFRINIC
> reverse DNS delegations were not being represented in the public
> AFRINIC zone file(s).
> I must ask the question: Why should it be considered to be either "bad"
> or even "a problem" if AFRINIC maintains reverse DNS delegations for,
> say, some /16 and also and separately, maintains a different reverse
> DNS delegation for some particular /24 block which is a part of that
> larger containing /16 block?
This seems fairly clear, to me at least, that having delegations at the
same authoritative nameserver for a subdomain and a
subdomain-of-a-subdomain is problematic.
ns-a delegates foo.example.com to ns-b
and bar.foo.example.com to ns-c
ns-b delegates bar.foo.example.com to ns-d
Who is authoritative for host.bar.foo.example.com?
I haven't checked whether this is permitted by the RFCs, but even if it
is, it seems like a readily avoidable recipe for breakage. And one
without an obvious benefit that I can see.
Maybe someone here knows the answer definitively?
Or can think of a use-case that would require this kind of a delegation?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the Community-Discuss