Public availability of reverse DNS zones
Table of contents
1. Introduction
2. Access to reverse DNS data
2.1 Access to reverse DNS data by whois query
2.2 Bulk access to whois data
2.3 Access to reverse DNS data by FTP
2.4 Access to reverse DNS by zone query
1. Introduction
The Domain Name System (DNS) is a globally-distributed Internet service. It provides name-to-number (forward) and number-to-name (reverse) translations, using defined client-server and server-server protocols. The DNS is a public service – any Internet user is freely able to query the DNS system for forward or reverse translations.
For all IP address blocks IANA allocates to APNIC, IANA also delegates corresponding reverse DNS zones within the centrally-administered ‘in-addr.arpa’ and ‘ip6.arpa’ zones.
The lists of reverse DNS zones currently maintained by APNIC are available at: IP address trends in the Asia Pacific
APNIC also publishes ‘zone fragments’. Zone fragments are the parts of zones managed by other parties, namely:
- the other Regional Internet Registries (RIRs), who share zone management of early registration networks; and
- the National Internet Registries (NIRs) who manage IP address space allocated to them for further distribution to their members.
2. Access to reverse DNS data
Apart from access via conventional DNS query, APNIC supports access to reverse DNS data in four ways:
- Whois queries, either directly to APNIC, from other whois services, or via the web;
- Bulk access to the APNIC Whois database by FTP, or by Near-Real Time Mirroring (NRTM);
- FTP access to the DNS zone files; and
- DNS zone transfer queries.
Operational and policy restrictions are imposed on data access via each of these methods. These restrictions are in place to protect the performance of the systems being used to provide DNS services and to limit ‘mining’ and misuse of administrative data (such as contact records).
2.1 Access to reverse DNS data by whois query
Outside the global DNS system, information regarding reverse DNS delegations can be accessed via whois queries.
The APNIC Whois database is used as the management database for producing the DNS zones, so it can provide the information for each delegated IPv4 and IPv6 range registered in the reverse DNS.
The information is stored in RPSL format as ‘domain objects’. The name of each domain object is the reverse DNS zone under in-addr.arpa or ip6.arpa. The ‘nserver’ attributes in each domain object define the officially-delegated DNS nameservers (the NS in DNS zone contents).
domain: descr: admin-c: tech-c: zone-c: nserver: nserver: nserver: nserver: nserver: nserver: nserver: mnt-by: mnt-lower: changed: changed: changed: source:
210.in-addr.arpa in-addr.arpa zone for 210.in-addr.arpa DNS3-AP DNS3-AP DNS3-AP ns.apnic.net svc00.apnic.net nevyn.apnic.net ns.ripe.net ns.telstra.net rs1.arin.net rs2.arin.net MAINT-AP-DNS MAINT-AP-DNS dns-admin@apnic.net 20000920 dns-admin@apnic.net 20010412 dns-admin@apnic.net 20010611 APNIC
Ordinary access via whois queries is subject to daily limits. Queries via the web-based whois interface are also subject to rate-based limits. These access limits apply to all the whois data, not just that which is DNS related. The actual limits set are monitored by the APNIC Secretariat and adjusted as appropriate.
2.2 Bulk access to whois data
Bulk access to whois data, including domain objects, is available under an acceptable use policy (AUP), which restricts the uses to which whois data may be applied.
Requestors must sign the: Acceptable Use Agreement
2.3 Access to reverse DNS data by FTP
APNIC publishes the DNS zone information as text files at: https://ftp.apnic.net/pub/zones
The files are uploaded to the APNIC FTP server during the zone production process on a two-hour cycle.
The files are published with an associated file with the zones’ MD5 checksum, and a detached PGP signature file, so they can be verified independently.
There are no AUP restrictions on general access to the APNIC FTP service, but APNIC reserves the right to limit simultaneous connections, number of downloaded files, and total data size downloaded per connection to limit load on servers and the network.
2.4 Access to reverse DNS by zone query
Currently visibility of the data via DNS zone transfer (AXFR) is limited to listed secondary DNS nameservers only.