On 10/1/2010 2:17 PM, William Herrin wrote:
On Fri, Oct 1, 2010 at 10:32 AM, David Miller<dmil...@tiggee.com> wrote:
I am merely refuting the statement, which I have heard many times in many
different forums, that ARIN (or any RIR) makes address allocations and then
walks away with no further active involvement in the use of these
allocations. This statement is simply not true.
David,
What *is* true is that ARIN's further involvement in the use of those
allocations is regulated by the policies that you and I wrote and
instructed ARIN to follow. Those policies include no actions to be
taken when a hijacker announces routes contrary to ARIN's registry
information. So long as ARIN's information has not been falsified,
forcing or not forcing folks to obey it is left for the ISPs to
resolve for themselves.
Do you think ARIN should should act as a clearinghouse for action with
respect to hijacked BGP announcements? Draft a policy proposal and
post it on the PPML. If your colleagues agree with you, that will
become one of ARIN's roles.
Until then, you criticize ARIN unfairly for doing what you and I have
told it to do.
Regards,
Bill Herrin
I apologize if I was unclear.
I stated in my first message regarding the possibility that RIRs could
delegate abandoned/hijacked space to provide reverse DNS answers - "This
is something that ARIN *could* easily do technically. Admittedly, this
would require reporting and investigation that I am uncertain whether or
not ARIN is empowered/funded to do. This would also require a process
be put in place for removing allocations from the delegation to the
unused/abandoned reverse DNS servers... " The word 'could' was chosen
by me instead of the word 'should' for a reason.
In my second message on this topic I in fact quoted the parts of ARIN's
Number Resource Policy Manual regarding POC and reverse DNS delegation
validation / removal.
I am well aware of ARIN's policies and the process for changing them.
To be clear, my point is merely that RIRs do not make address
allocations and then walk away with no day to day involvement with these
addresses on some technical level. To reiterate:
"The RIR's reverse DNS servers are queried all day every day for the
reverse DNS delegations for every netblock that they allocate. This
means that RIRs are, in at least this way, actively operationally
involved in the use of the allocations that they make. This also means
that an RIR has the technical vector to affect the active present use of
the allocations that they have made in the past."
This was meant in no way to criticize RIRs (or any RIR in particular) or
proscribe actions that I believe RIRs should take. This was meant to
correct anyone that incorrectly states that RIRs allocate addresses and
then walk away or do nothing but maintain whois records.
Reverse DNS delegation is a technical vector that could be used by RIRs
to affect the active present use of the allocations that they have made
in the past. I understand that reverse DNS would not affect route
announcements/hijacks, but it would/could/might affect spam coming from
these abandoned address spaces - which was the original topic for this
discussion.
I agree that little/nothing is proscribed for RIRs at a policy level.
The policies and procedures regarding this could be written. I agree
that these policies and procedures do not exist now.
-DM
