Skip to main content
  • Legend
  • Added
  • Deleted

 European Internet Registry:

                   Procedures for DNS Delegation

                     in the IN-ADDR.ARPA Domain



                           David Kessens

                             June 1994

                       Document-ID: ripe-105++
                         Obsoletes: ripe-105




                              ABSTRACT

           

1.0 Definitions

For the purposes of this document Internet Number Resource records refer to:

  • The registered allocations and assignments of a Member
  • The independent Internet Number Resources assigned through the Member as a “sponsoring LIR” to an End User

2.0 Introduction

In order for the RIPE NCC to maintain an accurate registry, it must hold accurate data concerning:

  • The natural or legal persons holding the registration of Internet Number Resources
  • The Internet Number Resource records that are registered to the natural or legal persons

This means that any transfer of Internet Number Resources from one party to another, or any change to the legal status of a party holding the registration of Internet Number Resources, must be communicated to the RIPE NCC.

The Member must inform the RIPE NCC if one or both of the following changes occurs:

  1. Internet Number Resource records are transferred. Such transfers may take place:
    1. Because of a change in the business structure of the Member, for example in the case of a merger or acquisition of the Member's organisation; or
    2. In the case of a pure transfer of an allocation from a Member to another Member according to RIPE Policies (section 5.5, IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region Link: http://www.ripe.net/ripe/docs/ipv4-policies/#----transfers-of-allocations ). Such a transfer may also be facilitated through the RIPE NCC Listing Service Link: /manage-ips-and-asns/resource-transfers-and-mergers/listing/
  2. The Member changes its official legal name. Such a change may occur, for example, because of a merger or acquisition of the Member's organisation.
This document describes the procedures for the delegation of zones in European subdomains of IN-ADDR.ARPA. Introduction The domain tree below IN-ADDR.ARPA is used to facilitate "reverse" mapping from IP addresses to domain names [RFC883, RFC1033]. This document describes the procedures for the delegation of zones in European subdomains of IN-ADDR.ARPA. Randomly Assigned Numbers There are two groups of European network numbers: hierarchically assigned numbers and randomly assigned ones. The hierarchically assigned numbers are part of the 193.x.y.0 and 194.x.y.0 network blocks. All other European network numbers, class A, class B and 192.x.y.0 class Cs are randomly assigned. Hierarchically Assigned Numbers The subdomains of IN-ADDR.ARPA corresponding to the hierarchically assigned network numbers are administered by the RIPE NCC. These numbers are currently: 193.0.0.0 - 194.255.255.255 The other addresses are administered by the other regional registries that might have other procedures for requesting a reverse delegation. For clarity we refer in the procedures and examples as described below to the 193.x block of addresses, although we could have as well used the other block(s) that RIPE administers. With the assignment of class C network numbers following RFC1466, large chunks of the address space are delegated to regional Internet Registries. The regional registries delegate blocks of class C net- work numbers to local Internet Registries. In this way a hierarchy in the address space is created, which is similar to the hierarchy in the domain name space. Due to this hierarchy the reverse DNS map- ping can also be delegated in a similar model as used for the normal Domain Name System. For instance, the RIPE NCC has been delegated the complete class C address space starting with 193. It is therefore possible to delegate the 193.IN-ADDR.ARPA domain completely to the RIPE NCC, instead of each and every reverse mapping in the 193.IN-ADDR.ARPA domain to be registered with the InterNIC. This implies that all 193.IN-ADDR.ARPA delegations in turn will be done by the RIPE NCC. Even better, since local registries usually receive blocks of 256 class C networks from the RIPE NCC, the NCC can delegate the reverse registrations for such complete blocks to these local registries. This implies that customers of these service providers no longer have to register their reverse domain mapping with the InterNIC or the NCC, but the service providers have authority over that part of the reverse mapping. This decreases the workload on the InterNIC and the RIPE NCC, and at the same time improves the service a provider can offer its customers by improving response times for reverse mapping changes. In order to provide a reliable service some procedures have been agreed and must be followed in order to avoid confusion and inconsistencies. These procedures are covered in the procedure section. The registration of the reverse zones for individual class C net- works will usually be done by the registry administering the class C block this network has been assigned from. If the subdomain has not yet been delegated to the registry con- cerned the RIPE NCC will register the individual networks. However this service is only provided at a "best-effort" level and no ser- vice guarantees are given. The local registries should whenever possible provide this service locally. Responsibilities for the DNS administrator of a reverse block delegation: As with all domain name space, running the reverse server for class C blocks does not imply that one controls that part of the reverse domain. It only implies that one administers that part of the reverse domain. If after repeated complaints the delegated name space is still not administered properly the RIPE NCC has to revoke the delegation. Before adding individual nets, the administrator of a reverse domain must check whether all servers to be added for these nets are indeed set up properly. There are some serious implications when a customer that uses address space out of the service provider class C blocks, moves to another service provider. The previous service provider cannot force its ex-customer to change network addresses, and will have to continue to provide the appropriate delegation records for reverse mapping of these addresses, even though they are no longer belonging to a customer. The registration of the reverse zones for individual class C networks will usually be done by the registry administering the class C block this network has been assigned from. The registry will make the necessary changes to the zone files. The registry will also make sure that the network objects in the RIPE database for these networks are updated with the correct "rev-srv" attributes. In case the RIPE NCC receives a request for the reverse zone of an individual class C network out of a block that has been delegated, the request will be forwarded to the mailbox speci- field in the SOA RR for the zone concerned and to the zone- contact registered in the RIPE database for that zone. The NCC also suggests that similar procedures are set up for the delegation of reverse zones for individual class C networks from the registries to individual organisations. Procedures The procedure for asking the reverse delegation of a block (256 C's) of addresses or network (1 or more C's) addresses is quite similar but there are some differences. Therefor they are described as one procedure with clear remarks when something only applies for block or network delegations. Note that we will be a little bit more stringent on the rules for block delegations since we need to be sure that other people can rely on you for proper operation of the DNS system. Above procedures are defined to ensure the necessary high availabil- ity for the reverse domains, and to minimise confusion. The NCC will ensure fast response times for addition requests, and will in principle update the 193.IN-ADDR.ARPA domain at least once per working day, if needed. Any problems regarding the reverse zones in 193.IN-ADDR.ARPA should be reported to <inaddr@ripe.net>. 1. We only reverse delegate when all addresses are assigned to you. 2. Your nameservers should be configured and running and should have good reachability on the internet. Nameservers for block delegations must meet similar connectivity requirements as top-level domain servers. The NCC recommends to use the following timers and counters (as advised by RFC1537): 28800 ;refresh period (8 hours) 7200 ;retry interval (2 hours) 604800 ;expire time (1 week) 86400 ;default ttl (1 day) It is mandatory for network (C) reverse delegations: - ns.ripe.net is NOT one of the secondary/primary nameservers - at least two nameservers should be used - We need a RIPE database 'inetnum' object with 'rev-srv:' attributes for the name (not IP address) of each nameserver. It is mandatory for block reverse delegations: - ns.ripe.net is one the secondary (never primary) nameservers - at least two other nameservers that don't reside on the same ethernet are required - Operators of the primary nameservers should be familiar with RFC1537 and this document - We need a RIPE database 'domain' object for each delegation with 'nserver:' attributes for the name (not IP address) of each nameserver 3. Send an E-mail request to <auto-inaddr@ripe.net> with: - In the header (or body if not possible) of your E-mail message: X-NCC-RegID: Country.RegistryName This is not required, though easy for keeping track of the requests. Of course, we don't need your local registry ID if you are not from a RIPE local registry. For network (C) reverse delegations: - We need a RIPE database 'inetnum' object with 'rev-srv:' attributes for the name (not IP address) of each nameserver For block reverse delegations: - State in your request that you know about RFC1537 & this document - A RIPE database 'domain' object for each delegation with 'nserver:' attributes for the name (not IP address) of each nameserver 4. Your request will first go through to an automatic checking program. The program will check your zone files and report you about errors (that should be fixed), warnings (that you might want to change), or that no errors have been found. If errors are found, you will be asked to fix them and resubmit your request and the automatic checks will be done again. If no errors (warnings are allowed, but we strongly suggest that you at least take a look at them) are found your request will be acknowledged and your request will be forwarded to the person in charge of the reverse delegation requests. He/she processes the request further. If no additional problems are found the object will included in the database and the block/network reverse delegated. You will always receive an acknowledgment when the delegation has been done or an explanation why not. Example of a network delegation request: From: "Anne X. Ample" <anne.x.ample@ample.nl> To: RIPE Hostmaster <auto-inaddr@ripe.net> Subject: LONGACK 2.1.193.in-addr.arpa delegation please Please delegate 2.1.193.in-addr.arpa as specified below. Thank you! For the AMPLE Corporation Anne X. Ample inetnum: 193.1.2.0 - 193.1.3.255 netname: AMPLE descr: AMPLE Corporation descr: Amsterdam, Netherlands country: NL admin-c: Anne X. Ample tech-c: G. E. K. Ample aut-sys: 4711 rev-srv: ns.ample.nl rev-srv: ns.elpma.ln changed: anne.x.ample@ample.nl 930101 source: RIPE Example of a block (256 C's) reverse delegation: From: Marten Terpstra <marten@in.ter.net> To: RIPE Hostmaster <auto-inaddr@ripe.net> Subject: LONGACK 202.193.in-addr.arpa delegation please Dear NCC people, I have read and understood ripe-105++ and RFC1537. Could you please delegate 202.193.in-addr.arpa as specified below. Thank you! Marten Terpstra domain: 202.193.in-addr.arpa descr: Pan European Organisations class C block admin-c: Daniel Karrenberg tech-c: Marten Terpstra zone-c: Marten Terpstra nserver: ns.eu.net nserver: sunic.sunet.se nserver: ns.ripe.net changed: marten@ripe.net 930319 source: RIPE Some notes on the automatic checking program: You can use some keywords in the 'Subject:' line of your E-mail to control the checking process. The use of the LONGACK keyword is very recommended. For changing an existing delegation put the keyword CHANGE in the 'Subject:' line of your E-mail message. HELP - will send you this document CHANGE - is needed if you want to change an existing reverse delegation LONGACK - will give you the most verbose output as possible TEST - will only test your zone files without actually doing the request When you want to to a request for a block delegation and you want to know if there are already reverse zones registered within the zone of the requested block delegation, just send in your request and you will receive an error report that includes a copy of our zone file regarding this zone!
to be followed for such changes to be properly communicated to, and registered with, the RIPE NCC.

Note:

If a change in the Member's official legal name is accompanied by a transfer of Internet Number Resource records, the Member must first inform the RIPE NCC of the name change and then of the transfer.

If a change in the Member's business structure is not accompanied by a transfer of Internet Number Resource records or a change in the Member's official legal name, then the RIPE NCC does not need to be informed of this change.

3.0 Transfer of Internet Number Resource Records

If a Member transfers their Internet Number Resource records to a third party for any reason, this transfer must be declared to, and approved by, the RIPE NCC.

3.1 Submission of the Request for Transfer

One of the involved parties must submit a request by email to the RIPE NCC for the transfer to be executed:

A registered contact or an authorised person (e.g. senior manager, legal successor) must send the request.

The RIPE NCC will ask for the following information:

i. Information regarding the parties involved, including:

  • The full official legal names of all parties involved
  • Which party will transfer the Internet Number Resource records and which party will receive them
  • Recent registration papers issued by the relevant national authorities for all involved parties

If the current official legal names of the involved Members are different from the ones in the relevant signed RIPE NCC Standard Service Agreement, then the procedure described under section 4.0 must be followed prior to the transfer of the Internet Number Resource records. The procedure described under section 4.0 is not necessary for the transferring Member if the RIPE NCC Standard Service Agreement of the transferring Member is terminated (see Closure of LIR and Deregistration of Internet Number Resources, section A.1.1. Link: http://www.ripe.net/ripe/docs/closure/#a11 and section A.1.2. Link: http://www.ripe.net/ripe/docs/closure/#a12 ).

ii. A description of the reason for the transfer (for example, due to merger, acquisition, or transfer of allocation according to the RIPE policies)

If the transfer is taking place due to a change in the structure of the organisation(s) involved, a description of the changes among the organisation(s) is necessary. The description must be accompanied by all official legal documents proving/supporting the changes the request is based on.

iii. A list of the Internet Number Resource records that are requested to be transferred. If allof the transferring Member's Internet Number Resource records registered are being transferred, a confirmation of this is requested.

The Member must also indicate any End User assignment agreements that are requested to be transferred.

If a Member transfers all of their Internet Number Resource records, the RIPE NCC Standard Service Agreement of the Member may be terminated (see Closure of LIR and Deregistration of Internet Number Resources, section A.1.1. Link: http://www.ripe.net/ripe/docs/closure/#a12 ).

iv. The correct contact details of all organisations involved

The RIPE NCC may ask the organisations involved to confirm the correctness of their contact details or to update them. The contact details include the billing contact details and the VAT number details.

v. A Transfer Agreement signed by both parties or by their legal successors

The RIPE NCC will make a template of the Transfer Agreement available. Either party may submit the Transfer Agreement to the RIPE NCC, signed by authorised persons for both parties. The RIPE NCC may ask the other party/parties to confirm their agreement to the transfer. The confirmation must be authorised (signed or sent) by a contact person or authorised person (e.g. senior manager, legal successor).

If the transferring party no longer exists by the time the RIPE NCC is being informed, the receiving party must send:

  • An official document (issued by a national authority) confirming the closure of the transferring party; and
  • A copy of an older signed agreement between the relevant parties mentioning the transfer of the Internet Number Resource records. If such an agreement is not available, the receiving party must send confirmation of the transfer to the RIPE NCC signed by an authorised person (e.g. senior manager, legal successor). The RIPE NCC reserves the right to reverse the transfer should another party object to this transfer and provide an agreement that proves that the Internet Number Resource records should have been transferred to them

vi. An overview of the utilisation of all allocations and of the status of all independent Internet Number Resource assignments

The RIPE NCC may ask for an overview of the utilisation of all Internet Number Resources registered to the Member and of all End User assignment agreements signed by the Member.

3.2 The Receiving Organisation is not yet a Member

Members may wish to transfer their Internet Number Resource records to another Member or to an organisation that is not yet a Member.

If the Internet Number Resource records are transferred to a non-Member, the receiving organisation can:

If the receiving organisation refuses to do either of the above, the RIPE NCC will not transfer the Internet Number Resource records to them.

The request for the transfer can be submitted as described in section 3.1.

3.3 Financial Consequences

All outstanding invoices and all outstanding financial obligations must be paid in full. If the RIPE NCC Standard Service Agreement is terminated in the course of the RIPE NCC financial year, the service fee for this Member must be paid for the full year. The payment is the responsibility of the receiving Member.

If the receiving organisation decides to sign the RIPE NCC Standard Service Agreement, then a sign-up fee must be paid (see RIPE NCC Charging Scheme Link: http://www.ripe.net/ripe/docs/charging ).

3.4 Internet Number Resource Registration and RIPE Database Issues

The RIPE NCC will review the status of any IP address allocation or independent Internet Number Resource assignment maintained by the organisations involved in compliance with the RIPE Policies current at the time of the transfer.

The receiving Member must deregister from the RIPE Database any invalid or overlapping registrations or unused assignment approvals.

The RIPE NCC will update the registry, including all RIPE Database objects maintained by the RIPE NCC that are related to this transfer. The transferring Member must update all RIPE Database objects maintained by them that are related to this transfer.

4.0 The Member Changes its Official Legal Name

It is the obligation of the Member to inform the RIPE NCC immediately if any change in the Member's official legal name occurs.

The Member must send an email to ncc@ripe.net Link: mailto:ncc@ripe.net informing the RIPE NCC of the name change. This email must include:

  • New registration papers from the national authority; and
  • The official legal documents supporting this change

The RIPE NCC will send a new RIPE NCC Standard Service Agreement Link: http://www.ripe.net/ripe/docs/ssa for the Member to sign under the new official legal name. When the RIPE NCC receives the new RIPE NCC Standard Service Agreement properly signed by the Member, it will update the registry, including all RIPE Database objects maintained by the RIPE NCC that are related to this change. The Member must update all RIPE Database objects maintained by them that are related to this change.