[DBWG] person without email... and domain object size

Willy Manga willym at manbene.net
Wed Mar 27 07:26:07 UTC 2024 

Hi,

speaking in my personal capacity...

On 24/03/2024 22:04, Frank Habicht wrote:
> Hi DBWG,
> 
> I didn't see any responses to below email.
> 
> But I've seen some new objects created recently - [1]
> 
> Is there no interest to stop objects like [1] from being created?

I will split into 2 sections.

Section 1: what is clear

IMHO we must not accept a domain object that will handle only 1 resource 
record in the zone file. It means the author does not clearly understand 
how to configure efficiently a DNS (reverse) zone. Besides in IPv6, you 
will hardly assign just 1 IPv6 to an end-user (I saw people doing that 
but I think it's not a good practice at all).
The goal is to let the end-user manage the entire reverse zone therefore 
if there is a domain object, it will always be for an IPv6 block greater 
than 1x/128.

Section 2: where we need an agreement.

Shall we allow creation of domain object for IPv6 prefix longer than 48? 
Yes. Until ISP decide unilaterally to assign at least 1x/48 to each 
corporate or 'premium' customer, domain object speaking, we shall accept 
these objects.

The challenge is to find a 'right' limit . I will suggest we allow 
creation of domain object for IPv6 reverse zone up to 56.

Between 48 and 56, you might have enterprise or 'premium' customer. You 
have such examples in AFRINIC database. Prefix speaking, longer than 56, 
it's usually residential user, smartphone or let put it that way: user 
with low to zero capacity to manage a DNS zone.


> [...] 
> There seem to be 11 domain objects for /128's.

We must not accept them at all.

> There seem to be 108 domain objects for longer than /48.

We must accept those shorter or equal to 1x/56


> I.e. not a current problem as much as a potential problem when any 
> average LIR can create 2^96 domain objects.
> Sorry. That's the number of objects for /128's to create.
> Total of 2^97-1 objects can be created when including all the shorter ones.

I may be wrong but the ultimate issue here is for people to understand 
how to manage DNS reverse zone and how the delegation mechanism from the 
root servers to the final authoritative server is done.

-- 
Willy Manga

More information about the DBWG mailing list