[dns-operations] [16-31].172.in-addr.arpa and 168, .192.in-addr.arpa no longer delegated

Chris Thompson cet1 at cam.ac.uk
Sat Apr 9 18:10:16 UTC 2011

It used to be that the zones

  16.172.in-addr.arpa - 31.172.in-addr.arpa

were delegated to blackhole-1.iana.org & blackhole-2.iana.org as part
of the AS112 project.

10.in-addr.arpa still is, but the other delegations have disappeared.
This must, I think, have happened within the last month or so.

It has a very nasty consequence in the following situation: BIND using
DNSSEC Lookaside Validation via dlv.isc.org, and defining any of the
relevant zones as type "forward", "stub", or (with 9.8) "static-stub"
redirecting to some local nameserver(s) for these RFC1918 address ranges.
While the (unsigned) delegations existed in 172.in-addr.arpa and
192.in-addr.arpa, this worked fine: now one gets SERVFAIL for all
such queries.

(The reason DLV is needed is just that the (signed) parent zones are
registered in dlv.isc.org, but don't yet have DS records in in-addr.arpa.
In due course, that will presumably change and a trust anchor for the
root zone is all that will be required to see the same effect.]

Does anyone know why the delegations have disappeared? Is it some
sort of accident, or deliberate? The AS112 servers (or the ones
I can see, anyway) still think themselves authoritative for the
zones in question.

Chris Thompson               University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk    New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715       United Kingdom.

More information about the dns-operations mailing list