APNIC’s operational response
In the interests of maintaining accurate reverse DNS delegation data and limiting the problems caused by faulty data, APNIC applies procedures to repair or remove persistently lame DNS delegations. The process consists of a number of steps, listed below:
Step 1: Identify potential lameness
There are a number of specific circumstances that APNIC considers when determining whether a reverse delegation is lame.
Problem | Policy implication | |
---|---|---|
A listed DNS server is not reachable. | APNIC considers this to be a lame DNS. However, it is important to try to reach the DNS server from at least two geographically separate locations. If one or more locations are able to reach the server, then it is not considered lame. | |
A listed DNS server is reachable but does not respond on port 53. | APNIC considers this to be a lame DNS. | |
A listed DNS server is reachable and responds on port 53, but it is not able to answer for the domain. This problem could arise in the following circumstances:
|
APNIC considers this to be a lame DNS. | |
A listed DNS server is reachable and responds on port 53 but serves incorrect data for the domain.
|
APNIC considers this to be a lame DNS. |
Step 2: Test the DNS reverse delegation (15-day test period)
- When a DNS delegation is identified as potentially lame, a ‘lame DNS timer’ will start.
- While the timer is running, APNIC will regularly test the delegation for lameness.
- If the DNS delegation successfully resolves the DNS during the testing period, then the timer will be reset. This allows for temporary problems to be fixed before any action is required from APNIC.
- If the timer runs for 15 days without being reset, then APNIC will consider the DNS delegation to be persistently lame.
Step 3: Attempt to notify the domain holder (45-day test period)
- Once a DNS delegation is considered persistently lame, the 45-day notice period will start.
- APNIC will email each admin-c and tech-c registered in the domain to inform them of the problem in their delegation. If the problem is not fixed, this email will be repeated weekly.
- If APNIC receives no reply from the emails, it will try to contact the domain holders using any other contact information available (such as phone, fax, or postal mail). APNIC may also seek contact through parent records in the database, upstream ISPs, and any other relevant contact details that may be available.
Step 4: Disable lame DNS delegation
- If the DNS delegation is still lame at the end of the 45 day notice period, APNIC will insert a special marker in the remarks field of the relevant domain object. This marker will identify the DNS delegation as ‘administratively blocked’ and will cause the delegation to be withdrawn.
- The special marker may be removed by the domain holders at any time, using normal whois database procedures.
- The special marker will contain text noting that APNIC is overriding the listed nserver records, timestamp information. It will also list a URL that contains instructions for re-enabling the delegation.
- While the delegation remains blocked, APNIC will send monthly email remainders to each admin-c and tech-c.