Hi,
speaking in my personal capacity...
On 24/03/2024 22:04, Frank Habicht wrote:
Hi DBWG,
I didn't see any responses to below email.
But I've seen some new objects created recently - [1]
Is there no interest to stop objects like [1] from being created?
I will split into 2 sections.
Section 1: what is clear
IMHO we must not accept a domain object that will handle only 1 resource
record in the zone file. It means the author does not clearly understand
how to configure efficiently a DNS (reverse) zone. Besides in IPv6, you
will hardly assign just 1 IPv6 to an end-user (I saw people doing that
but I think it's not a good practice at all).
The goal is to let the end-user manage the entire reverse zone therefore
if there is a domain object, it will always be for an IPv6 block greater
than 1x/128.
Section 2: where we need an agreement.
Shall we allow creation of domain object for IPv6 prefix longer than 48?
Yes. Until ISP decide unilaterally to assign at least 1x/48 to each
corporate or 'premium' customer, domain object speaking, we shall accept
these objects.
The challenge is to find a 'right' limit . I will suggest we allow
creation of domain object for IPv6 reverse zone up to 56.
Between 48 and 56, you might have enterprise or 'premium' customer. You
have such examples in AFRINIC database. Prefix speaking, longer than 56,
it's usually residential user, smartphone or let put it that way: user
with low to zero capacity to manage a DNS zone.
[...]
There seem to be 11 domain objects for /128's.
We must not accept them at all.
There seem to be 108 domain objects for longer than /48.
We must accept those shorter or equal to 1x/56
I.e. not a current problem as much as a potential problem when any
average LIR can create 2^96 domain objects.
Sorry. That's the number of objects for /128's to create.
Total of 2^97-1 objects can be created when including all the shorter ones.
I may be wrong but the ultimate issue here is for people to understand
how to manage DNS reverse zone and how the delegation mechanism from the
root servers to the final authoritative server is done.
--
Willy Manga
_______________________________________________
DBWG mailing list
[email protected]
https://lists.afrinic.net/mailman/listinfo/dbwg
