[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hm-staff] Re: NIR Operational Draft - DNS (fwd)
Billy, I've replied inline to ensure we keep context right.
I hope these answers help clarify things, please get back to me if anything
isn't clear.
cheers
-George
> To: Anne Lord <anne@apnic.net>, nir-discuss@apnic.net
> Cc: "[utf-8] IP주ì__ê´_리과" <ip-all@nic.or.kr>
> Subject: [hm-staff] Re: NIR Operational Draft - DNS
>
> Dear Anne and all,
>
> Regarding the third option for managing Reverse DNS delegations, I would
> like to ask couple of questions.
>
> 1. In case that x.x.in-addr.arpa Inverse DNS is converted to flat file,
> does NS record has to include information about ISPs delegated in /24,
> or have only information about KRNIC and other sceondary organizations
> delegated in /16?
If the entire /16 is delegated from KRNIC, then there is no need to detail the
/24 which are in turn sub-delegated within that /16. But if any one /24 is not
delegated from KRNIC (eg, if the NIR member transfers data management to
APNIC for a specific /24) then all the remaining /24 must be detailed in the
flat file.
If the entire /16 is delegated from KRNIC, then there is actually no need to
use a flat file: instead, a single domain object at APNIC can be used. This is
what is done at present for each /16 which is delegated to KRNIC for
sub-delegation to more specifics (/17 to /24)
In the case of direct allocations from now on, if you have allocated a /16 or
multiple /16 to NIR members, then you have the choice: either put domain
objects for each /16 in APNIC whois, or add records for the /16 to the flat
file you are providing, which is in respect of the parent /8 in question. And
for these direct allocations of /16, you only have to detail the /16 if the
ENTIRE /16 is one allocation, its only if you are allocating /17 to /24 that
you will have to provide details of each /24 in question.
eg in the event of allocating a /20 you would provide deatails for each of the
16 /24s.
>
> e.g.) the following is a flat file for registering 211.210.in-addr.arpa
> Inverse
> DNS.=======================================================================
> ===============
> $TTL 43200
> IN NS ns.krnic.net.
> IN NS ns.kreonet.re.kr.
> IN NS kr2nd.kornet.net.
> IN NS kr2ld.dacom.co.kr.
> IN NS kr2nd.hitel.net.
> IN NS usns.dacom.co.kr.
>
No. This format is wrong. it should have been:
211.210.in-addr.arpa. IN NS ns.krnic.net.
211.210.in-addr.arpa. IN NS ns.kreonet.re.kr.
211.210.in-addr.arpa. IN NS kr2nd.kornet.net.
211.210.in-addr.arpa. IN NS kr2ld.dacom.co.kr.
211.210.in-addr.arpa. IN NS kr2nd.hitel.net.
211.210.in-addr.arpa. IN NS usns.dacom.co.kr.
ie if a given /16 has 6 listed NS, then there should be 6 lines in the file,
one for each NS, expressed as the fully qualified in-addr domain.
> 240.211.in-addr.arpa. IN TXT "Generated at Tue Nov 28 12:00:26 2002 with 6
> NS records."
> ===========================================================================
> ===========
>
>
> 2. In the file generation for the authorization and checksum of Zone file,
>
> 1) If KRNIC provides FTP server for APNIC to download file, *.asc
> file(that is made of PGP key for e-mail authorization) is necessary?
>
Yes. imagine if your FTP server is hacked, and somebody uploads non-trustable
zonefile. Without .asc file, we cannot check the zone is produced by KRNIC
internal processes.
> 2) In PGP key generation, do we have to make e-mail address as APNIC
> admin e-mail, or KRNIC admin e-mail?
KRNIC admin email.
>
> 3) Do we have to generate PGP key (generated in 2)) whenever flat file is
> created in /16, or just generate once as it is authorized e-mail address?
the PGP key is re-generated whenever the flat file is modified.
>
> Regards,
>
> Billy MH Cheon
I hope this helps clarify things.
cheers
-George
--
George Michaelson | APNIC
Email: ggm@apnic.net | PO Box 2131 Milton QLD 4064
Phone: +61 7 3367 0490 | Australia
Fax: +61 7 3367 0482 | http://www.apnic.net
