On 10/1/2010 2:17 PM, William Herrin wrote:
On Fri, Oct 1, 2010 at 10:32 AM, David Miller<dmiller@tiggee.com> wrote:
I am merely refuting the statement, which I have heard many times in many different forums, that ARIN (or any RIR) makes address allocations and then walks away with no further active involvement in the use of these allocations. This statement is simply not true. David,
What *is* true is that ARIN's further involvement in the use of those allocations is regulated by the policies that you and I wrote and instructed ARIN to follow. Those policies include no actions to be taken when a hijacker announces routes contrary to ARIN's registry information. So long as ARIN's information has not been falsified, forcing or not forcing folks to obey it is left for the ISPs to resolve for themselves.
Do you think ARIN should should act as a clearinghouse for action with respect to hijacked BGP announcements? Draft a policy proposal and post it on the PPML. If your colleagues agree with you, that will become one of ARIN's roles.
Until then, you criticize ARIN unfairly for doing what you and I have told it to do.
Regards, Bill Herrin
I apologize if I was unclear. I stated in my first message regarding the possibility that RIRs could delegate abandoned/hijacked space to provide reverse DNS answers - "This is something that ARIN *could* easily do technically. Admittedly, this would require reporting and investigation that I am uncertain whether or not ARIN is empowered/funded to do. This would also require a process be put in place for removing allocations from the delegation to the unused/abandoned reverse DNS servers... " The word 'could' was chosen by me instead of the word 'should' for a reason. In my second message on this topic I in fact quoted the parts of ARIN's Number Resource Policy Manual regarding POC and reverse DNS delegation validation / removal. I am well aware of ARIN's policies and the process for changing them. To be clear, my point is merely that RIRs do not make address allocations and then walk away with no day to day involvement with these addresses on some technical level. To reiterate: "The RIR's reverse DNS servers are queried all day every day for the reverse DNS delegations for every netblock that they allocate. This means that RIRs are, in at least this way, actively operationally involved in the use of the allocations that they make. This also means that an RIR has the technical vector to affect the active present use of the allocations that they have made in the past." This was meant in no way to criticize RIRs (or any RIR in particular) or proscribe actions that I believe RIRs should take. This was meant to correct anyone that incorrectly states that RIRs allocate addresses and then walk away or do nothing but maintain whois records. Reverse DNS delegation is a technical vector that could be used by RIRs to affect the active present use of the allocations that they have made in the past. I understand that reverse DNS would not affect route announcements/hijacks, but it would/could/might affect spam coming from these abandoned address spaces - which was the original topic for this discussion. I agree that little/nothing is proscribed for RIRs at a policy level. The policies and procedures regarding this could be written. I agree that these policies and procedures do not exist now. -DM