To:
dnsop@cafax.se
From:
ggm@apnic.net (George Michaelson)
Date:
Wed, 8 Aug 2001 01:22 EST
Sender:
owner-dnsop@cafax.se
Subject:
comment on draft-ietf-dnsop-inaddr-required-02.txt
One non-security (well almost) reason is that RIR and other allocatiors of large address space are required to list in-addr for the parent block, because thats how they delegate down to those who do chose to provide in-addr. So a consequence of not having in-addr for a given /prefix is that the parent /prefix-1 has to wear repeated requests for in-addr which it can't answer, and while this is not a big deal inside small allocations, for shorter prefix owners (or registries) the load can be excessive. Its a non-deliberate DoS effect that chokes semi-core DNS servers. We wind up doing nasty things like pretend-revoking the delegation so we can answer the much shorter NXDOMAIN instead of ourselves spinlocking to find an answer and timing out. So, I would welcome a requirement because it has the effect of reducing load on central infrastructure, and risks of DoS or service-quality loss to a third party when a large network space is live, and causing widley distributed places to attempt in-addr lookup. cheers -George