LACNIC Staff's Interpretation of the Proposal
Authors:
Iván Chapero y Ariel Weher
Applicability:
This proposal introduces changes to the Policy Manual.
Modifications to the current text:
The proposal modifies subsections “5.1. Introduction” and “5.2. DNS Server Registration” of section “5. DELEGATION OF REVERSE RESOLUTION.”
Proposed Text:
5. DELEGATION OF REVERSE RESOLUTION
5.1. Introduction.
Important note: Throughout this section, whenever the text generically uses the term “IP,” this must be interpreted to be an IPv4 protocol address or an IPv6 protocol address. Where the text needs to be specific, the text will mention the full name of the protocol, including the version number.
Most connections made through the Internet use machine names instead of IP addresses. Names are obviously easier to remember than numbers. However, connections over the Internet between computers connected to this network are made using IP addresses. Therefore, before a connection can be established, the computer's name must first be translated into its IP address. This process is known as direct DNS Resolution, i.e., converting names into IP addresses.
It is also often necessary to perform the reverse operation, which is known as Reverse Resolution. This conversion attempts to find the name associated with an IP address.
For the reverse resolution process to be possible, two DNS zones must be used, namely: "in-addr.arpa" in the case of IPv4 and "ip6.arpa" in the case of IPv6, where ARPA is a generic top level domain, acronym for “Address and Routing Parameter Area.”
Because they are responsible for the allocation of IP addresses, Internet registries are responsible for the DNS delegation of these zones.
5.2. DNS Server Registration
All allocated IP address space must have an associated DNS server, which shall be responsible for reverse resolution. In the case of the LACNIC service region [Annex 1], these servers must be registered at LACNIC, which in turn is responsible for the reverse resolution of the blocks administered by this organization.
LACNIC may use information obtained through reverse resolution as an indicator of the utilization of allocated IP address blocks.
Registration of the DNS servers for the IP address space administered by LACNIC shall vary according to the size of the allocated space.
Specifically in the case of IPv4 addresses, prefixes shorter than or equal to a /16 shall have the DNS servers responsible for their reverse resolution registered at LACNIC. Information shall be entered for /16 blocks. Suballocations of segments with longer prefixes that are part of these blocks shall have their DNS servers registered at the organizations that received the prefixes shorter than or equal to a /16 directly from LACNIC.
Blocks allocated by LACNIC with prefixes longer than a /16 shall register at LACNIC the DNS servers responsible for the reverse resolution of all /24 prefixes that account for the total IP address space allocated by LACNIC. Thus, suballocations with prefixes of up to a /24 made within these blocks must have their DNS servers registered at LACNIC.
For example:
1. ISP-A receives from LACNIC a /15 prefix (200.0.0.0/15). ISP-A must report to LACNIC which DNS servers will be responsible for the reverse resolution of each one of the /16 prefixes that make up the allocated block, i.e., blocks 200.0.0.0/16 and 200.1.0.0/16. The DNS servers of suballocations of longer prefixes made within this block must be registered on the DNS servers of ISP-A, which in turn are registered on LACNIC's DNS servers as responsible for the reverse resolution of blocks 200.0.0.0/16 and 200.1.0.0/16.
2. ISP-B receives from LACNIC a /20 prefix (200.2.0.0/20). ISP-B must report to LACNIC which DNS servers will be responsible for the reverse resolution of blocks 200.2.0.0 to 200.2.15.0. When ISP-B suballocates a block with a prefix longer than a /21 and shorter than or equal to a /24, it must register on LACNIC's servers the new DNS servers responsible for the reverse resolution of the suballocated block. Thus, within LACNIC's IP address administration system, it will not be possible to register DNS servers for suballocations made in blocks with prefixes shorter than or equal to a /16 that have been directly allocated by LACNIC. The organization receiving the allocation shall maintain the registry of the DNS servers responsible for the reverse resolution of suballocations made within that block.
This shall also be reflected in the WHOIS server database. In other words, in the case of suballocations within blocks with prefixes shorter than or equal to /16 directly allocated by LACNIC, the DNS servers responsible for the reverse resolution of those suballocations will not be visible through WHOIS. This is because these servers are not registered at LACNIC. Should it be necessary to identify the DNS servers of suballocations made within these blocks, the use of DNS query tools is recommended.
This condition does not exist for allocations with prefixes longer than a /16 made by LACNIC. In this case, suballocations of prefixes up to a /24 made within blocks allocated by LACNIC and having prefixes longer than a /16 may have a DNS server delegated through LACNIC's IP address administration system.
LACNIC's IP address administration system does not accept the delegation of DNS servers for blocks with prefixes longer than a /24. For these cases, the adoption of BCP 20 is recommended.
To summarize:
Prefix of the block allocated by LACNIC - The DNS server for suballocations made by LACNIC must be registered at:
- /16 or shorter: ISP that received the block
- /17 or longer: LACNIC
Specifically in the case of IPv6 addresses and given the nature of the reverse resolution of their addresses, each organization may register with LACNIC the DNS servers that will be responsible for the reverse resolution of the assigned prefixes, considering subdelegations up to a /48.
IPv6 addresses are represented in 8 groups of 16 bits each, with each group written as four hexadecimal digits known as “nibbles.”
In the reverse zone, the order of the nibbles as they appear in the original IPv6 address must be reversed. In other words, the rightmost nibble in the IPv6 address becomes the first nibble in the reverse zone, while the leftmost nibble in the IPv6 address becomes the last nibble in the reverse zone.
Delegation must be based on "nibble" boundaries: In ip6.arpa zones, the delegation of a subzone must be based on the nibble boundaries of the IPv6 address. This means that nibbles should not be divided unless it is at their boundaries. For example, a nibble should not be divided at position 3.5, as this is not a nibble boundary.
LACNIC Staff Comments:
- Merely by way of clarification, the ip6.arpa and in-addr.arpa zones are not operated by the RIRs; they are operated by the IANA. The RIRs operate the zones under ip6.arpa and in-addr.arpa.
- We appreciate that the proposal seeks to maintain the structure used for IPv4. However, in both cases it would be better to present the information with examples in an appendix.
Recommendations:
- Add examples of how a /48 might be divided into nibbles (example: an organization that receives a /32 and needs to subdelegate a /40 to a client).
- We suggest deleting the explanation of the acronyms, which would become outdated if in case of modifications:
“...where ARPA is a generic top-level domain, acronym for ‘Address and Routing Parameter Area’.”
Impact of the policy on the registry and/or other systems
This proposal would have no impact on LACNIC's systems.
The current text focuses exclusively on IPv4 and consequently does not provide useful information for IPv6 users. Our proposal is to rewrite the text so that it will be "dual stack", in other words, in a way that will consider both IPv4 and IPv6.
Rationale (Describe the problem you intend to solve)This proposal seeks to update the original text on reverse DNS server registration to make it more relevant for the current Internet age, where both IPv4 and IPv6 are used.
Current text# 5. DELEGATION OF REVERSE RESOLUTION
## 5.1. Introduction.
Most connections through the Internet use machine names instead of IP addresses. Names are obviously easier to remember than numbers. However, Internet connections between computers connected to this network are made using IP addresses. Therefore, before a connection can be made, the computer's name must be translated into its IP address. This process is known as direct DNS Resolution, i.e., converting names into IP addresses.
It is frequently also necessary to perform the reverse operation, known as Reverse Resolution. This conversion attempts to find the name associated to an IP address.
Reverse resolution is only possible with the use of a pseudo-domain, "in.addr-arpa", an acronym for “Address and Routing Parameter Area.”
DNS delegation of this pseudo-domain is responsibility of Internet Registries, as they are responsible for allocating IP addresses.
## 5.2. DNS Server Registration
All allocated IP address space must have an associated DNS server, which shall be responsible for reverse resolution. In the case of LACNIC’s area of coverage [Annex 1], these servers must be registered at LACNIC, which in turn is responsible for the reverse resolution of blocks administered by this organization.
LACNIC may use information obtained through reverse resolution as an indicator of the utilization of allocated IP address blocks.
DNS server registration of the IP address space administered by LACNIC shall vary according to the size of the allocated space. Blocks allocated by LACNIC with prefixes shorter than or equal to /16 shall have their DNS servers responsible for reverse resolution registered at LACNIC. Information shall be entered in relation to /16 blocks. Suballocations of segments with longer prefixes within these blocks shall have their DNS servers registered at the organizations that received the blocks with prefixes shorter than or equal to /16 directly from LACNIC.
Blocks allocated by LACNIC with prefixes longer than /16 shall register at LACNIC the DNS servers responsible for the reverse resolution of all blocks with the prefix /24 that account for the total IP address space allocated by LACNIC. Thus, suballocations with prefixes of up to /24 made within these blocks must have their DNS servers registered at LACNIC.
For example:
1. ISP-A receives from LACNIC a /15 prefix (200.0.0.0/15). It must report to LACNIC which DNS servers will be responsible for the reverse resolution of each one of the /16 prefixes that make up the allocated block, i.e., blocks 200.0.0.0/16 and 200.1.0.0/16. The DNS servers of suballocations of longer prefixes made within this block must be registered at the DNS servers of ISP-A, which in turn are registered on LACNIC's DNS servers as responsible for the reverse resolution of blocks 200.0.0.0/16 and 200.1.0.0/16.
2. ISP-B receives from LACNIC a /20 prefix (200.2.0.0/20). It must report to LACNIC which DNS servers will be responsible for the reverse resolution of blocks 200.2.0.0 to 200.2.15.0. If ISP-B suballocates a block with a prefix longer than /21 and shorter than or equal to /24, it must register on LACNIC's servers the new DNS servers responsible for the reverse resolution of the suballocated block. Thus, within LACNIC's IP address administration system, it shall not be possible to register DNS servers for suballocations made in blocks with prefixes shorter than or equal to /16 that have been directly allocated by LACNIC. The organization receiving the allocation shall maintain the registry of the DNS servers responsible for the reverse resolution of suballocations made within that block.
This shall also be reflected in the WHOIS server database. In other words, in the case of suballocations within blocks with prefixes shorter than or equal to /16 directly allocated by LACNIC, the DNS servers responsible for the reverse resolution of those suballocations shall not be visible through WHOIS. This is because these servers are not registered at LACNIC. Should it be necessary to identify the DNS servers of suballocations made within these blocks, the use of DNS query tools is recommended.
This condition does not exist for allocations with prefixes longer than /16 made by LACNIC. In this case, suballocations of prefixes of up to /24 made within blocks allocated by LACNIC and having prefixes longer than /16 may have a DNS server delegated through LACNIC's IP address administration system.
LACNIC's IP address administration system does not accept the delegation of DNS servers for blocks with prefixes longer than /24. For these cases, the adoption of BCP 20 is recommended.
To summarize:
Prefix of the block allocated by LACNIC - DNS server for suballocations made by LACNIC must be registered at:
- /16 or shorter: ISP that received the block
- /17 or longer: LACNIC
# 5. DELEGATION OF REVERSE RESOLUTION
## 5.1. Introduction
Important note: Throughout this section, whenever the text generically uses the term “IP,” this can be understood as an IPv4 protocol address or an IPv6 protocol address. Where the text needs to be specific, the text will mention the full name of the protocol, including the version number.
Most connections made through the Internet use machine names rather than IP addresses. Names are obviously easier to remember than numbers. However, connections over the Internet between computers connected to this network are made using IP addresses. Therefore, before a connection can be established, the computer's name must first be translated into its IP address. This process is known as direct DNS Resolution, i.e., converting names into IP addresses.
It is also often necessary to perform the reverse operation, which is known as Reverse Resolution. This conversion attempts to find the name associated with an IP address.
For the reverse resolution process to be possible, two DNS zones must be used, namely, “in-addr.arpa” in the case of IPv4 and “ip6.arpa” in the case of IPv6, where ARPA is a generic top level domain, acronym for “Address and Routing Parameter Area.”
Because they are responsible for the allocation of IP addresses, Internet registries are responsible for the DNS delegation of these zones.
## 5.2. DNS Server Registration
All allocated IP address space must have an associated DNS server, which shall be responsible for reverse resolution. In the case of the LACNIC service region [Annex 1], these servers must be registered at LACNIC, which in turn is responsible for the reverse resolution of the blocks administered by this organization.
LACNIC may use information obtained through reverse resolution as an indicator of the utilization of allocated IP address blocks.
Registration of the DNS servers for the IP address space administered by LACNIC shall vary according to the size of the allocated space.
Specifically in the case of IPv4 addresses, prefixes shorter than or equal to a /16 shall have the DNS servers responsible for their reverse resolution registered at LACNIC. Information shall be entered for /16 blocks. Suballocations of segments with longer prefixes that are part of these blocks shall have their DNS servers registered at the organizations that received the prefixes shorter than or equal to a /16 directly from LACNIC.
Blocks allocated by LACNIC with prefixes longer than a /16 shall register at LACNIC the DNS servers responsible for the reverse resolution of all /24 prefixes that account for the total IP address space allocated by LACNIC. Thus, suballocations with prefixes of up to a /24 made within these blocks must have their DNS servers registered at LACNIC.
For example:
1. ISP-A receives from LACNIC a /15 prefix (200.0.0.0/15). ISP-A must report to LACNIC which DNS servers will be responsible for the reverse resolution of each one of the /16 prefixes that make up the allocated block, i.e., blocks 200.0.0.0/16 and 200.1.0.0/16. The DNS servers of suballocations of longer prefixes made within this block must be registered on the DNS servers of ISP-A, which in turn are registered on LACNIC's DNS servers as responsible for the reverse resolution of blocks 200.0.0.0/16 and 200.1.0.0/16.
2. ISP-B receives from LACNIC a /20 prefix (200.2.0.0/20). ISP-B must report to LACNIC which DNS servers will be responsible for the reverse resolution of blocks 200.2.0.0 to 200.2.15.0. When ISP-B suballocates a block with a prefix longer than a /21 and shorter than or equal to a /24, it must register on LACNIC's servers the new DNS servers responsible for the reverse resolution of the suballocated block. Thus, within LACNIC's IP address administration system, it will not be possible to register DNS servers for suballocations made in blocks with prefixes shorter than or equal to a /16 that have been directly allocated by LACNIC. The organization receiving the allocation shall maintain the registry of the DNS servers responsible for the reverse resolution of suballocations made within that block.
This shall also be reflected in the WHOIS server database. In other words, in the case of suballocations within blocks with prefixes shorter than or equal to a /16 directly allocated by LACNIC, the DNS servers responsible for the reverse resolution of those suballocations will not be visible through WHOIS. This is because those servers are not registered at LACNIC. Should it be necessary to identify the DNS servers of suballocations made within these blocks, the use of DNS query tools is recommended.
This condition does not exist for allocations with prefixes longer than a /16 made by LACNIC. In this case, suballocations of prefixes up to a /24 made within blocks allocated by LACNIC and having prefixes longer than a /16 may have a DNS server delegated through LACNIC's IP address administration system.
LACNIC's IP address administration system does not accept the delegation of DNS servers for blocks with prefixes longer than a /24. For these cases, the adoption of BCP 20 is recommended.
To summarize:
Prefix of the block allocated by LACNIC - The DNS server for suballocations made by LACNIC must be registered at:
- /16 or shorter: ISP that received the block
- /17 or longer: LACNIC
Specifically in the case of IPv6 addresses and given the nature of the reverse resolution of their addresses, each organization may register with LACNIC the DNS servers that will be responsible for the reverse resolution of the assigned prefixes, considering subdelegations up to a /48.
IPv6 address are represented in 8 groups of 16 bits each, with each group written as four hexadecimal digits known as “nibbles.”
In the reverse zone, the order of the nibbles as they appear in the original IPv6 address must be reversed. In other words, the rightmost nibble in the IPv6 address becomes the first nibble in the reverse zone, while the leftmost nibble in the IPv6 address becomes the last nibble in the reverse zone.
Delegation must be based on nibble boundaries. In ip6.arpa zones, the delegation of a subzone must be based on the nibble boundaries of the IPv6 address. This means that nibbles should not be divided unless it is at their boundaries. For example, a nibble should not be divided at position 3.5, as this is not a nibble boundary.
Additional information-
Timetable-
References-
Presented at:LACNIC 39 (10/05/2023)