- Legend
- Added
- Deleted
European Internet Registry:
Procedures for DNS Delegation
in the IN-ADDR.ARPA Domain
David Kessens
June 1994
Document-ID: ripe-105++
Obsoletes: ripe-105
ABSTRACT
1.0 Definitions
For the purposes of this document Internet Number Resource records refer to:
The registered allocations and assignments of a MemberThe independent Internet Number Resources assigned through the Member as a “sponsoring LIR” to an End User
2.0 Introduction
In order for the RIPE NCC to maintain an accurate registry, it must hold accurate data concerning:
The natural or legal persons holding the registration of Internet Number ResourcesThe Internet Number Resource records that are registered to the natural or legal persons
This means that any transfer of Internet Number Resources from one party to another, or any change to the legal status of a party holding the registration of Internet Number Resources, must be communicated to the RIPE NCC.
The Member must inform the RIPE NCC if one or both of the following changes occurs:
Internet Number Resource records are transferred. Such transfers may take place:Because of a change in the business structure of the Member, for example in the case of a merger or acquisition of the Member's organisation; orIn the case of a pure transfer of an allocation from a Member to another Member according to RIPE Policies (section 5.5, IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region Link: http://www.ripe.net/ripe/docs/ipv4-policies/#----transfers-of-allocations ). Such a transfer may also be facilitated through the RIPE NCC Listing Service Link: /manage-ips-and-asns/resource-transfers-and-mergers/listing/
The Member changes its official legal name. Such a change may occur, for example, because of a merger or acquisition of the Member's organisation.
This document describes the procedures for the
delegation of zones in European subdomains of
IN-ADDR.ARPA.
Introduction
The domain tree below IN-ADDR.ARPA is used to facilitate "reverse"
mapping from IP addresses to domain names [RFC883, RFC1033]. This
document describes the procedures for the delegation of zones in
European subdomains of IN-ADDR.ARPA.
Randomly Assigned Numbers
There are two groups of European network numbers: hierarchically assigned
numbers and randomly assigned ones. The hierarchically assigned numbers
are part of the 193.x.y.0 and 194.x.y.0 network blocks. All other
European network numbers, class A, class B and 192.x.y.0 class Cs are
randomly assigned.
Hierarchically Assigned Numbers
The subdomains of IN-ADDR.ARPA corresponding to the hierarchically
assigned network numbers are administered by the RIPE NCC. These
numbers are currently:
193.0.0.0 - 194.255.255.255
The other addresses are administered by the other regional registries
that might have other procedures for requesting a reverse delegation.
For clarity we refer in the procedures and examples as described below to
the 193.x block of addresses, although we could have as well used the
other block(s) that RIPE administers.
With the assignment of class C network numbers following RFC1466,
large chunks of the address space are delegated to regional Internet
Registries. The regional registries delegate blocks of class C net-
work numbers to local Internet Registries. In this way a hierarchy
in the address space is created, which is similar to the hierarchy
in the domain name space. Due to this hierarchy the reverse DNS map-
ping can also be delegated in a similar model as used for the
normal Domain Name System.
For instance, the RIPE NCC has been delegated the complete class C
address space starting with 193. It is therefore possible to
delegate the 193.IN-ADDR.ARPA domain completely to the RIPE NCC,
instead of each and every reverse mapping in the 193.IN-ADDR.ARPA
domain to be registered with the InterNIC. This implies that all
193.IN-ADDR.ARPA delegations in turn will be done by the RIPE NCC.
Even better, since local registries usually receive blocks of 256 class C
networks from the RIPE NCC, the NCC can delegate the reverse
registrations for such complete blocks to these local registries. This
implies that customers of these service providers no longer have to
register their reverse domain mapping with the InterNIC or the NCC, but
the service providers have authority over that part of the reverse
mapping. This decreases the workload on the InterNIC and the RIPE NCC,
and at the same time improves the service a provider can offer its
customers by improving response times for reverse mapping changes.
In order to provide a reliable service some procedures have been agreed
and must be followed in order to avoid confusion and inconsistencies.
These procedures are covered in the procedure section.
The registration of the reverse zones for individual class C net-
works will usually be done by the registry administering the
class C block this network has been assigned from.
If the subdomain has not yet been delegated to the registry con-
cerned the RIPE NCC will register the individual networks. However
this service is only provided at a "best-effort" level and no ser-
vice guarantees are given. The local registries should whenever
possible provide this service locally.
Responsibilities for the DNS administrator of a reverse block delegation:
As with all domain name space, running the reverse server for class C
blocks does not imply that one controls that part of the reverse domain.
It only implies that one administers that part of the reverse domain. If
after repeated complaints the delegated name space is still not
administered properly the RIPE NCC has to revoke the delegation.
Before adding individual nets, the administrator of a reverse domain must
check whether all servers to be added for these nets are indeed set up
properly.
There are some serious implications when a customer that uses
address space out of the service provider class C blocks, moves
to another service provider. The previous service provider
cannot force its ex-customer to change network addresses, and
will have to continue to provide the appropriate delegation
records for reverse mapping of these addresses, even though
they are no longer belonging to a customer.
The registration of the reverse zones for individual class C
networks will usually be done by the registry administering
the class C block this network has been assigned from. The
registry will make the necessary changes to the zone files.
The registry will also make sure that the network objects in
the RIPE database for these networks are updated with the
correct "rev-srv" attributes.
In case the RIPE NCC receives a request for the reverse zone of
an individual class C network out of a block that has been
delegated, the request will be forwarded to the mailbox speci-
field in the SOA RR for the zone concerned and to the zone-
contact registered in the RIPE database for that zone.
The NCC also suggests that similar procedures are set up for the
delegation of reverse zones for individual class C networks from
the registries to individual organisations.
Procedures
The procedure for asking the reverse delegation of a block (256 C's) of
addresses or network (1 or more C's) addresses is quite similar but there
are some differences. Therefor they are described as one procedure with
clear remarks when something only applies for block or network delegations.
Note that we will be a little bit more stringent on the rules for block
delegations since we need to be sure that other people can rely on you
for proper operation of the DNS system.
Above procedures are defined to ensure the necessary high availabil- ity
for the reverse domains, and to minimise confusion. The NCC will ensure
fast response times for addition requests, and will in principle update
the 193.IN-ADDR.ARPA domain at least once per working day, if needed. Any
problems regarding the reverse zones in 193.IN-ADDR.ARPA should be
reported to <inaddr@ripe.net>.
1. We only reverse delegate when all addresses are assigned to you.
2. Your nameservers should be configured and running and should have
good reachability on the internet. Nameservers for block delegations
must meet similar connectivity requirements as top-level domain
servers.
The NCC recommends to use the following timers and counters (as
advised by RFC1537):
28800 ;refresh period (8 hours)
7200 ;retry interval (2 hours)
604800 ;expire time (1 week)
86400 ;default ttl (1 day)
It is mandatory for network (C) reverse delegations:
- ns.ripe.net is NOT one of the secondary/primary nameservers
- at least two nameservers should be used
- We need a RIPE database 'inetnum' object with 'rev-srv:'
attributes for the name (not IP address) of each nameserver.
It is mandatory for block reverse delegations:
- ns.ripe.net is one the secondary (never primary) nameservers
- at least two other nameservers that don't reside on the same
ethernet are required
- Operators of the primary nameservers should be familiar with
RFC1537 and this document
- We need a RIPE database 'domain' object for each delegation
with 'nserver:' attributes for the name (not IP address) of each
nameserver
3. Send an E-mail request to <auto-inaddr@ripe.net> with:
- In the header (or body if not possible) of your E-mail message:
X-NCC-RegID: Country.RegistryName
This is not required, though easy for keeping track of the
requests. Of course, we don't need your local registry ID if you
are not from a RIPE local registry.
For network (C) reverse delegations:
- We need a RIPE database 'inetnum' object with 'rev-srv:'
attributes for the name (not IP address) of each nameserver
For block reverse delegations:
- State in your request that you know about RFC1537 & this document
- A RIPE database 'domain' object for each delegation
with 'nserver:' attributes for the name (not IP address) of each
nameserver
4. Your request will first go through to an automatic checking program.
The program will check your zone files and report you about errors
(that should be fixed), warnings (that you might want to change), or
that no errors have been found. If errors are found, you will be
asked to fix them and resubmit your request and the automatic checks
will be done again.
If no errors (warnings are allowed, but we strongly suggest that you
at least take a look at them) are found your request will be
acknowledged and your request will be forwarded to the person in
charge of the reverse delegation requests. He/she processes the
request further. If no additional problems are found the object will
included in the database and the block/network reverse delegated.
You will always receive an acknowledgment when the delegation has
been done or an explanation why not.
Example of a network delegation request:
From: "Anne X. Ample" <anne.x.ample@ample.nl>
To: RIPE Hostmaster <auto-inaddr@ripe.net>
Subject: LONGACK 2.1.193.in-addr.arpa delegation please
Please delegate 2.1.193.in-addr.arpa as specified below.
Thank you!
For the AMPLE Corporation
Anne X. Ample
inetnum: 193.1.2.0 - 193.1.3.255
netname: AMPLE
descr: AMPLE Corporation
descr: Amsterdam, Netherlands
country: NL
admin-c: Anne X. Ample
tech-c: G. E. K. Ample
aut-sys: 4711
rev-srv: ns.ample.nl
rev-srv: ns.elpma.ln
changed: anne.x.ample@ample.nl 930101
source: RIPE
Example of a block (256 C's) reverse delegation:
From: Marten Terpstra <marten@in.ter.net>
To: RIPE Hostmaster <auto-inaddr@ripe.net>
Subject: LONGACK 202.193.in-addr.arpa delegation please
Dear NCC people,
I have read and understood ripe-105++ and RFC1537.
Could you please delegate 202.193.in-addr.arpa as specified below.
Thank you!
Marten Terpstra
domain: 202.193.in-addr.arpa
descr: Pan European Organisations class C block
admin-c: Daniel Karrenberg
tech-c: Marten Terpstra
zone-c: Marten Terpstra
nserver: ns.eu.net
nserver: sunic.sunet.se
nserver: ns.ripe.net
changed: marten@ripe.net 930319
source: RIPE
Some notes on the automatic checking program:
You can use some keywords in the 'Subject:' line of your E-mail to
control the checking process. The use of the LONGACK keyword is very
recommended. For changing an existing delegation put the keyword CHANGE
in the 'Subject:' line of your E-mail message.
HELP - will send you this document
CHANGE - is needed if you want to change an existing reverse delegation
LONGACK - will give you the most verbose output as possible
TEST - will only test your zone files without actually doing
the request
When you want to to a request for a block delegation and you want to know
if there are already reverse zones registered within the zone of the
requested block delegation, just send in your request and you will
receive an error report that includes a copy of our zone file regarding
this zone!
Note:
If a change in the Member's official legal name is accompanied by a transfer of Internet Number Resource records, the Member must first inform the RIPE NCC of the name change and then of the transfer.
If a change in the Member's business structure is not accompanied by a transfer of Internet Number Resource records or a change in the Member's official legal name, then the RIPE NCC does not need to be informed of this change.
3.0 Transfer of Internet Number Resource Records
If a Member transfers their Internet Number Resource records to a third party for any reason, this transfer must be declared to, and approved by, the RIPE NCC.
3.1 Submission of the Request for Transfer
One of the involved parties must submit a request by email to the RIPE NCC for the transfer to be executed:
If the transfer is due to a change in the business structure of the Member (e.g. merger or acquisition), the request must be submitted to ncc@ripe.net Link: mailto:ncc@ripe.netIf the transfer is a transfer of allocation from one Member to another Member according to RIPE Policies (section 5.5, IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region Link: http://www.ripe.net/ripe/docs/ipv4-policies/#----transfers-of-allocations ), the request must be submitted to lir-help@ripe.net Link: mailto:lir-help@ripe.net
A registered contact or an authorised person (e.g. senior manager, legal successor) must send the request.
The RIPE NCC will ask for the following information:
i. Information regarding the parties involved, including:
The full official legal names of all parties involvedWhich party will transfer the Internet Number Resource records and which party will receive themRecent registration papers issued by the relevant national authorities for all involved parties
If the current official legal names of the involved Members are different from the ones in the relevant signed RIPE NCC Standard Service Agreement, then the procedure described under section 4.0 must be followed prior to the transfer of the Internet Number Resource records. The procedure described under section 4.0 is not necessary for the transferring Member if the RIPE NCC Standard Service Agreement of the transferring Member is terminated (see Closure of LIR and Deregistration of Internet Number Resources, section A.1.1. Link: http://www.ripe.net/ripe/docs/closure/#a11 and section A.1.2. Link: http://www.ripe.net/ripe/docs/closure/#a12 ).
ii. A description of the reason for the transfer (for example, due to merger, acquisition, or transfer of allocation according to the RIPE policies)
If the transfer is taking place due to a change in the structure of the organisation(s) involved, a description of the changes among the organisation(s) is necessary. The description must be accompanied by all official legal documents proving/supporting the changes the request is based on.
iii. A list of the Internet Number Resource records that are requested to be transferred. If allof the transferring Member's Internet Number Resource records registered are being transferred, a confirmation of this is requested.
The Member must also indicate any End User assignment agreements that are requested to be transferred.
If a Member transfers all of their Internet Number Resource records, the RIPE NCC Standard Service Agreement of the Member may be terminated (see Closure of LIR and Deregistration of Internet Number Resources, section A.1.1. Link: http://www.ripe.net/ripe/docs/closure/#a12 ).
iv. The correct contact details of all organisations involved
The RIPE NCC may ask the organisations involved to confirm the correctness of their contact details or to update them. The contact details include the billing contact details and the VAT number details.
v. A Transfer Agreement signed by both parties or by their legal successors
The RIPE NCC will make a template of the Transfer Agreement available. Either party may submit the Transfer Agreement to the RIPE NCC, signed by authorised persons for both parties. The RIPE NCC may ask the other party/parties to confirm their agreement to the transfer. The confirmation must be authorised (signed or sent) by a contact person or authorised person (e.g. senior manager, legal successor).
If the transferring party no longer exists by the time the RIPE NCC is being informed, the receiving party must send:
An official document (issued by a national authority) confirming the closure of the transferring party; andA copy of an older signed agreement between the relevant parties mentioning the transfer of the Internet Number Resource records. If such an agreement is not available, the receiving party must send confirmation of the transfer to the RIPE NCC signed by an authorised person (e.g. senior manager, legal successor). The RIPE NCC reserves the right to reverse the transfer should another party object to this transfer and provide an agreement that proves that the Internet Number Resource records should have been transferred to them
vi. An overview of the utilisation of all allocations and of the status of all independent Internet Number Resource assignments
The RIPE NCC may ask for an overview of the utilisation of all Internet Number Resources registered to the Member and of all End User assignment agreements signed by the Member.
3.2 The Receiving Organisation is not yet a Member
Members may wish to transfer their Internet Number Resource records to another Member or to an organisation that is not yet a Member.
If the Internet Number Resource records are transferred to a non-Member, the receiving organisation can:
Apply to be a Member by signing the RIPE NCC Standard Service Agreement before the transfer takes place (more information on how to become a Member is available Link: http://www.ripe.net/membership/new-members ); orUndertake all rights and obligations from the RIPE NCC Standard Service Agreement signed by the transferring Member. This might happen if all Internet Number Resource records are transferred. The transferring party is then no longer considered to be a Member
If the receiving organisation refuses to do either of the above, the RIPE NCC will not transfer the Internet Number Resource records to them.
The request for the transfer can be submitted as described in section 3.1.
3.3 Financial Consequences
All outstanding invoices and all outstanding financial obligations must be paid in full. If the RIPE NCC Standard Service Agreement is terminated in the course of the RIPE NCC financial year, the service fee for this Member must be paid for the full year. The payment is the responsibility of the receiving Member.
If the receiving organisation decides to sign the RIPE NCC Standard Service Agreement, then a sign-up fee must be paid (see RIPE NCC Charging Scheme Link: http://www.ripe.net/ripe/docs/charging ).
3.4 Internet Number Resource Registration and RIPE Database Issues
The RIPE NCC will review the status of any IP address allocation or independent Internet Number Resource assignment maintained by the organisations involved in compliance with the RIPE Policies current at the time of the transfer.
The receiving Member must deregister from the RIPE Database any invalid or overlapping registrations or unused assignment approvals.
The RIPE NCC will update the registry, including all RIPE Database objects maintained by the RIPE NCC that are related to this transfer. The transferring Member must update all RIPE Database objects maintained by them that are related to this transfer.
4.0 The Member Changes its Official Legal Name
It is the obligation of the Member to inform the RIPE NCC immediately if any change in the Member's official legal name occurs.
The Member must send an email to ncc@ripe.net Link: mailto:ncc@ripe.net informing the RIPE NCC of the name change. This email must include:
New registration papers from the national authority; andThe official legal documents supporting this change
The RIPE NCC will send a new RIPE NCC Standard Service Agreement Link: http://www.ripe.net/ripe/docs/ssa for the Member to sign under the new official legal name. When the RIPE NCC receives the new RIPE NCC Standard Service Agreement properly signed by the Member, it will update the registry, including all RIPE Database objects maintained by the RIPE NCC that are related to this change. The Member must update all RIPE Database objects maintained by them that are related to this change.