Search RPD Archives
[rpd] New Proposal: Lame delegations in AFRINIC reverse DNS
Mark Elkins
mje at posix.co.za
Sat Apr 15 15:11:33 UTC 2017
On 13/04/2017 11:58, Ernest wrote:
>
> A new policy proposal updating Sec 10 of the Consolidated Policy
> Manual (Reverse Delegation) has been received as follows, and is now
> open for discussions:
>
> URL:
> https://www.afrinic.net/en/community/policy-development/policy-proposals/2067-lame-delegations-in-afrinic-reverse-dns
>
>
I would support this policy.
Historically, in the South African CO.ZA zone, we only delegated a child
once all the Nameservers for the child were active, that is, we only
added "good stuff" to the Zone. That was at the recommendation of Mike
Lawrie. That particular rule is a little more relaxed nowadays.
This (Lame Delegation) policy is an extension of that and, once created,
can be totally automated. I see the policy being useful. RIR customers
may not always be aware of when things have gone wrong and I would see
this as a useful tool.
It could even be extended to check for "lame" DNSSEC material (DS
Records that no longer associate with any "DNSKEY" records in the
delegated zone) and check and report on that if it goes "bad", even
deleting bad DS records?
Personally - I would like such tests run "informatively" (don't take me
down) every time I login to "my.afrinic.net" and look at my "reverse
delegation" data with informative messages like "Warning: This
Nameserver is not currently responding" or "Warning: This DS record
currently has no corresponding DNSKEY in you zone".
--
Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
More information about the RPD
mailing list