[dns-operations] [Ext] Re: Is this DNS Flag Day 2020 including 'in-addr.arpa.' and 'ip6.arpa.' clean-up?

Edward Lewis edward.lewis at icann.org
Wed Feb 19 18:15:02 UTC 2020

I think the reaction you are getting is due to the call for a "DNS Flag Day" and not the issues you are experiencing.  On this list (DNS-operations), DNS Flag Day (2019) was a significant event involving many implementations of the DNS protocol to adhere more closely with the specifications of the protocol.  A goal was to simplify the code bases involved.

You seem to be asking for some changes in the registration information regarding (for one here) a netblock.

On 2/19/20, 11:45 AM, "dns-operations on behalf of Pirawat WATANAPONGSE" <mailto:dns-operations-bounces at dns-oarc.net on behalf of mailto:pirawat.w at ku.th> wrote:

>Well, let’s look at the real netblock, shall we? (‘cause I have nothing to hide)
>You can see for yourself at https://dnsviz.net/d/108.158.in-addr.arpa/dnssec/
>1. There are old DS keys from .arpa to in-addr.arpa still dangling around.
>2. 158.in-addr.arpa is still using ‘Algorithm 5’
>3. Even though my netblock was ROAed, APNIC did not link me to the ‘reverse’ DNSsec chain:
>3.1. Why? Because it’s a ‘Historical’ netblock, transferred from ARIN to APNIC epochs ago. So, my ‘domain’ is with NIR (thank god), my ‘netblock’ Whois is now with APNIC, but my ‘reverse’ is still with ARIN.
>3.2. If I want to hook into the ‘reverse’ DNSsec chain, who do I send my DS key to? APNIC? ARIN?
>3.2.1. APNIC is not the SOA of 158.in-addr.arpa.
>3.2.2. I am no longer a ‘client’ of ARIN, the SOA of 158.in-addr.arpa.

As this is a DNS operations list and not an RIR list, you may be addressing the wrong audience.

Think of ARIN as the DNS hoster.  They produce the 158 zone.  They take data from the other RIRs to assemble it.  That's why the SOA RNAME has arin.net in it.

Think of APNIC as the registry.  Your registration interaction is with APNIC.  ... ummm ... When I wrote that I recalled you mentioning an NIR.  I am not sure how the TH NIR runs.  As in, the JP NIR does run 133.in-addr.arpa, but no other NIR runs such a zone; and only JP's NIR has a whois service that uniquely services their registrations.  So, I don't know if you need to find the TH NIR or go to APNIC directly. ... which leads me to believe you might be on the wrong list with this.

More information about the dns-operations mailing list