Re: Has PSI been assigned network 1?
Bill Manning wrote:
Even with a route registry, you have no way of knowing, apriora, that the registration is correct. There have already been "helpful" attempts to register information for others w/o their consent.
Yep.
In general, it depends on religious registration in whois and/or rwhois, the distributed IRR and PGP. Here is a brief summary:
Basically, I have made a proposal to have the Internic set an example by registering all delegations in whois/RWhois and signing the delegation.
All down-stream ISPs should do the same (register delegations in RWhois and sign any downstream delegations)
When a custodian wishes to register a delegation for routing, they sign the request.
There is a MUCH simplier solution. First, use DNS instead of centralized WHOIS database. DNS already has IN-ADDR.ARPA zones with PTR RRs and it is nothing to add TXT RRs with contact etc information. Delegation of authority is done the same way as it's done with IN-ADDR zones. The mechanism is in place and works. InterNIC delegates /8 or /16 zones to providers, providers delegate /16s and /24s to other providers or customers. Since end-users will keep their contact information in their primary servers, right on premises, the likelihood of it being up-to-date is much higher -- simply because every time the LAN administrator will add or remove a host he'll see it. --vadim
There is a MUCH simplier solution.
First, use DNS instead of centralized WHOIS database. DNS already has IN-ADDR.ARPA zones with PTR RRs and it is nothing to add TXT RRs with contact etc information.
....
InterNIC delegates /8 or /16 zones to providers, providers delegate /16s and /24s to other providers or customers.
Since end-users will keep their contact information in their primary servers, right on premises, the likelihood of it being up-to-date is much higher -- simply because every time the LAN administrator will add or remove a host he'll see it.
at least two problems with this approach: - delegation does not imply announcement or reachability DNS registration should -NOT- do the same, but it does. - People thus far have not been willing to deploy the segmentation needed to split DNS delegations along CIDR bounds. Until then we are "stuck" with classful alignments in DNS. - This was considered and abandoned as another attempt to overload the DNS. The flaw in this approach is that the top level delegation point can always override any downstream delegation point. (can you say restraint of trade? Sure you can..) Still this approach has been looked at and it has a couple of really nice technical points. It will be stronger when we get SIG RR's and dynamic update. Perhaps we can revive it? --bill
I have long believed that DNS should either encode within itself or have available to it (via another protocol) information about CIDR delegations. Once we have a description of multilevel delegations, we can use it to locate the NS data for address-to-name lookups, and we can also use it for core aspath access lists as Bill and Vadim are now discovering. Two proposals for CIDR-style IN-ADDR.ARPA delegation were presented at the DNSIND WG meeting of San Jose's IETF. Both were thrown out, one due to its complexity and the other because it had bad failure characteristics (and I mean Really Bad) during a network partition. Address->Name translation is suffering more from this than routing is, so I'm not sure I agree with Bill or Vadim that this really has to be solved. I'd like to point out, while I've got everybody(?)'s attention, that Vadim said "whois is bad" whereas Bill said "rwhois is good", thus talking right past each other. Rwhois is probably the right answer to this problem.
Two proposals for CIDR-style IN-ADDR.ARPA delegation were presented at the DNSIND WG meeting of San Jose's IETF. Both were thrown out, one due to its complexity and the other because it had bad failure characteristics (and I mean Really Bad) during a network partition.
If you can show me that we can avoid the complexity than I will be a happy man. The complex solution works (at least in small, test envrionments :) And I agree with Vadim on the point that WHOIS is flawed. -- --bill
participants (3)
-
bmanning@ISI.EDU -
Paul A Vixie -
Vadim Antonov