You don’t add the DNAME to the ARPA domain because it does not add the insecure delegation that is REQUIRED. You add the DNAME to the HOME.ARPA domain if you really want to redirect the traffic. For some reason IANA wants to make this more complicated than it needs to be. You don’t need to contact the AS112 server operators (a impossible task). You just contact the existing ARPA server operators to install HOME.ARPA on those servers. Add each NS as the operator say that their servers are reconfigured to support HOME.ARPA.
This is what I would end up with. HOME.ARPA. SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2017121101 1800 900 604800 86400 HOME.ARPA. NS A.ROOT-SERVERS.NET. HOME.ARPA. NS B.ROOT-SERVERS.NET. HOME.ARPA. NS C.ROOT-SERVERS.NET. HOME.ARPA. NS D.ROOT-SERVERS.NET. HOME.ARPA. NS E.ROOT-SERVERS.NET. HOME.ARPA. NS F.ROOT-SERVERS.NET. HOME.ARPA. NS G.ROOT-SERVERS.NET. HOME.ARPA. NS H.ROOT-SERVERS.NET. HOME.ARPA. NS I.ROOT-SERVERS.NET. HOME.ARPA. NS K.ROOT-SERVERS.NET. HOME.ARPA. NS L.ROOT-SERVERS.NET. HOME.ARPA. NS M.ROOT-SERVERS.NET. HOME.ARPA. DNAME EMPTY.AS112.ARPA. Mark > On 12 Dec 2017, at 3:17 am, Joe Abley <jab...@hopcount.ca> wrote: > > Hi Stéphane, > > On 11 Dec 2017, at 04:18, Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > >> On Mon, Dec 11, 2017 at 01:10:20AM -0800, >> Paul Vixie <p...@redbarn.org> wrote >> a message of 31 lines which said: >> >>> we have no way to assure that they hear a request that they add more >>> secondary DNS zones to such servers. so if we delegate more zones >>> that way, there will be a lot of SERVFAIL except for servers who >>> send REFUSED. either way we have to consider the matter. >> >> This problem was solved a long time ago by RFC 7535 (the new AS 112). > > Note though that the homenet document specifically requests a delegation. > > IANA are currently working through their process and trying to get AS112 > operators to add the home.arpa zone, to avoid it being lame. This is > apparently a good first thing to try because the idea of adding a DNAME > record to the ARPA zone is scary and expected to receive push-back from root > server operators. > > (I may be putting words into Kim's mouth by abbreviating the situation that > way, but my point is that the IANA team are aware of the disconnect between > the likely-lame delegation to AS112 vs. the approach this working group > documented in 7535 and are doing their best). > > There is some related mail on the as112-ops list hosted at OARC. I think you > need to subscribe to see the archive, so no deep link. > > https://lists.dns-oarc.net/mailman/listinfo/as112-ops > > > Joe > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
