DS record added to ARPA for IN-ADDR.ARPA

March 18th, 2011

This is the final update for the IN-ADDR.ARPA transition work.

The IN-ADDR.ARPA DNSSEC Delegation Signer record has been added to the ARPA zone.

This action now extends the DNSSEC validation chain to the IN-ADDR.ARPA zone.

No further updates will be posted to this project web site.

A note of thanks is extended to all the people and entities involved in this work: ARIN for their co-operation in the transition and for acting as the technical administrator of the IN-ADDR.ARPA zone, the operators of the 12 root-servers who carried the IN-ADDR.ARPA zone for many years, and the RIRs (RIPE-NCC, ARIN, LACNIC, APNIC, and AfriNIC) for taking on the role of operating the RFC5855 nameservers.

Root servers stop serving IN-ADDR.ARPA

March 8th, 2011

This is the sixth of a number of updates regarding the IN-ADDR.ARPA zone.

As of 2011-03-07 23:58 UTC all of the 12 root servers which were serving the IN-ADDR.ARPA zone had stopped doing so as described by ‘Planned IN-ADDR.ARPA Nameserver Change’.

The nameserver set now serving IN-ADDR.ARPA is, as described by RFC 5855:

A.IN-ADDR-SERVERS.ARPA (operated by ARIN)
B.IN-ADDR-SERVERS.ARPA (operated by ICANN)
C.IN-ADDR-SERVERS.ARPA (operated by AfriNIC)
D.IN-ADDR-SERVERS.ARPA (operated by LACNIC)
E.IN-ADDR-SERVERS.ARPA (operated by APNIC)
F.IN-ADDR-SERVERS.ARPA (operated by RIPE NCC)

One further update will be posted here in the coming days regarding the addition of the DS record for IN-ADDR.ARPA to the parent zone.

Transition Process

February 16th, 2011

This is the fifth of a number of updates regarding the transition of the IN-ADDR.ARPA zone.

As of 11.15am 16th February UTC-8, today, the action items listed in the Process and timeline for IN-ADDR.ARPA transition were successfully completed.

This transition at this stage results in:

  • ICANN as the technical manager of IN-ADDR.ARPA.
  • IN-ADDR.ARPA being served by the 6 nameservers described in RFC 5855 and operated by the five RIRs and ICANN.
  • IN-ADDR.ARPA DNSSEC-signed by the same systems that signs many ICANN-operated zones including IP6.ARPA, IP6-SERVERS.ARPA, IN-ADDR-SERVERS.ARPA, IANA.ORG, and ICANN.ORG.
  • A conservative plan in place to remove IN-ADDR.ARPA from the 12 root servers that currently serve it.

On 14 March 2011 a request will be sent to the IANA to add DS records to the IN-ADDR.ARPA delegation. It is expected that this change will take several days to complete due to the required authorisations.

The delay between transition and adding DS records to the root zone facilitates a simple rollback procedure in the (unlikely) event that harmful effects of DNSSEC in the IN-ADDR.ARPA zone are observed.

Final updates regarding the root servers and DS submission will be posted here as necessary.

Process and timeline for IN-ADDR.ARPA transition

February 9th, 2011

This is the forth of a number of updates regarding the transition of the IN-ADDR.ARPA zone.

ARIN and ICANN have agreed to the following process details for the transition of the IN-ADDR.ARPA DNS zone.

On 16th February at 9am UTC-8:

  • ICANN takes last agreed update from ARIN and publishes the zone via the in-addr-servers.arpa namservers. The agreed update from ARIN will be the generated zone data for the time stamp “201102160445″.
  • ICANN will disable any further imports from ARIN.
  • Both ARIN and ICANN will confirm zone contents (delegated NS) match between in-addr-servers.arpa servers and the root servers and signoff by 9.30am UTC-8
  • ICANN to advise VerSign (root server hidden master operator) to pull IN-ADDR.ARPA from ICANN at 10.00am UTC-8
  • ICANN will advise IANA to continue processing of the IN-ADDR.ARPA delegation change
  • ICANN will update http://in-addr-transition.icann.org
  • ICANN and ARIN to publish a statement of transition
  • ICANN to publish/update appropriate whois records for *.in-addr.arpa delegations on whois.iana.org
  • ICANN to provide public AXFR to  IN-ADDR.ARPA on xfr.dns.icann.org
  • ICANN to publish IN-ADDR.ARPA zone on the ftp.internic.net site

During this transition a 48 hour update embargo will be placed on the IN-ADDR.ARPA zone. This will run from0000hrs 16th February UTC-8 to 2400hrs 17th February UTC-8.

Planned IN-ADDR.ARPA Nameserver Change

January 31st, 2011

This is a courtesy notification of an upcoming change to the
nameserver set for the IN-ADDR.ARPA zone.

There is no expected impact on the functional operation of the DNS
due to this change.

There are no actions required by DNS server operators or end users.

DETAIL

The IN-ADDR.ARPA zone is used to provide reverse mapping (number
to name) for IPv4. The servers which currently provide authoritative
DNS service for the IN-ADDR.ARPA zone are as follows:

A.ROOT-SERVERS.NET
B.ROOT-SERVERS.NET
C.ROOT-SERVERS.NET
D.ROOT-SERVERS.NET
E.ROOT-SERVERS.NET
F.ROOT-SERVERS.NET
G.ROOT-SERVERS.NET
H.ROOT-SERVERS.NET
I.ROOT-SERVERS.NET
K.ROOT-SERVERS.NET
L.ROOT-SERVERS.NET
M.ROOT-SERVERS.NET

On Wednesday 2010-02-16 processing will begin to change the nameserver
set to the following, as described in RFC 5855:

A.IN-ADDR-SERVERS.ARPA (operated by ARIN)
B.IN-ADDR-SERVERS.ARPA (operated by ICANN)
C.IN-ADDR-SERVERS.ARPA (operated by AfriNIC)
D.IN-ADDR-SERVERS.ARPA (operated by LACNIC)
E.IN-ADDR-SERVERS.ARPA (operated by APNIC)
F.IN-ADDR-SERVERS.ARPA (operated by RIPE NCC)

The usual IANA process for a change in the ARPA zone involves a
series of technical checks and the gathering of various authorisations,
and may take several days to complete.

Following this, the IN-ADDR.ARPA zone will be dropped from root
servers in two groups:

1. Week of 2011-02-21 — 2011-02-25

B, C, E, G, I, M

2. Week of 2011-02-28 — 2011-03-11

A, D, F, H, K, L

Individual root server operators will choose a time for the maintenance
within their respective window and follow their usual procedures
to carry out the change.

New name servers for IN-ADDR.ARPA

January 12th, 2011

RFC 5855 “Nameservers for IPv4 and IPv6 Reverse Zones” specifies a dedicated and stable set of nameserver names for each of the IN-ADDR.ARPA and IP6.ARPA zones.

Currently IN-ADDR.ARPA is served by a subset of the DNS root servers.

The secure and stable hosting of the IN-ADDR.ARPA and IP6.ARPA zones is critical to the operation of the Internet, since many applications rely upon timely responses to reverse lookups to be able to operate normally.
As a part of the transition process the IN-ADDR.ARPA will be delegated to the following servers operated by ICANN and the 5 RIRs.
  • A.IN-ADDR-SERVERS.ARPA (operated by ARIN)
  • B.IN-ADDR.SERVERS.ARPA (operated by ICANN)
  • C.IN-ADDR.SERVERS.ARPA (operated by AfriNIC)
  • D.IN-ADDR.SERVERS.ARPA (operated by LACNIC)
  • E.IN-ADDR.SERVERS.ARPA (operated by APNIC)
  • F.IN-ADDR.SERVERS.ARPA (operated by RIPE-NCC)

This exercise of delegating a reverse zone to a stable set of names has already been undertaken and completed for IP6.ARPA.

IN-ADDR.ARPA republished by ICANN

January 12th, 2011

This is the third of a number of updates regarding the transition of the IN-ADDR.ARPA zone.

As of today the 12th of January 2011, ICANN is now republishing the zone content provided by ARIN. This version of the IN-ADDR.ARPA zone is available for public query on the following servers.

  • A.IN-ADDR-SERVERS.ARPA
  • B.IN-ADDR-SERVERS.ARPA
  • C.IN-ADDR-SERVERS.ARPA
  • D.IN-ADDR-SERVERS.ARPA
  • E.IN-ADDR-SERVERS.ARPA
  • F.IN-ADDR-SERVERS.ARPA

See RFC5855 for additional details.

The servers under these names are operated by ICANN and the 5 RIRs and will ultimately be made the authoritative nameservers for IN-ADDR.ARPA (in the same way that [A-F].IP6-SERVERS.ARPA is authoritative for IP6.ARPA).

It is worthwhile to note that the zone SOA and zone apex published on [A-F].IN-ADDR-SERVERS.ARPA are different to the current active IN-ADDR.ARPA zone given the new name server set (described by RFC5855). Futher, by virtue of being published through the ICANN DNS systems operated by ICANN DNS Operations, the zone in its republished state is also DNSSEC signed.

Over the next several weeks the ARIN produced zone content will be imported, republished, and audited. During this period any required adjustments will be made before announcing the final transition date.

ARIN starts data transfer

December 23rd, 2010

This is second of a number of updates regarding the transition of the IN-ADDR.ARPA zone.

As of today, the 23rd of December 2010, ARIN commenced a process of transferring the zone data  and zone configuration data to ICANN via a secure channel. This upload occurs daily and paves the way for the next steps in the transition process.

In the coming weeks, this data will be validated, and imported into ICANN systems, republished on a non-authoritative nameserver, and tested for consistency. Details of the available nameserver will be published soon.

Who Serves IN-ADDR.ARPA?

December 10th, 2010

At present, the authoritative set of name servers which serve IN-ADDR.ARPA are:

(in no particular order)

L.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.

This represents 12 of the 13 root-servers.

What is IN-ADDR.ARPA?

December 10th, 2010

The IN-ADDR.ARPA zone is a critical service for Internet operations as it provides a guaranteed method to perform host address to host name mapping. The delegations which exist in this zone represent the ‘/8’ IPv4 delegations to the registrants of the corresponding IANA function allocations to legacy registrants and Regional Internet Registries. Since 1997 ARIN has performed technical management function of zone editor and zone generator as inherited from InterNIC.

The IN-ADDR.ARPA zone is a sub domain of the ARPA top-level domain. ARPA sub domain management principles, management guidelines and operational requirements are described in RFC 3172.