Dear Colleagues, Please find below a proposal for additional checks on creating reverse delegation DOMAIN objects. Regards, Denis Walker Business Analyst, Database Group RIPE NCC Introduction ------------ At RIPE 59 in Lisbon, it was suggested to the DNS Working Group to extend the rules covering the creation of reverse delegation DOMAIN objects. The proposed additional rules are very simple: - If a parent (less specific) DOMAIN object exists at any level, do not allow creation of a child DOMAIN object. - If a child (more specific) DOMAIN object exists at any level, do not allow creation of a parent DOMAIN object. Apply these rules to both in-addr.arpa and ip6.arpa DOMAIN objects. Consequences ------------ If the parent exists, there is no benefit in creating child objects. So we keep the RIPE Database clean and free of objects that have no operational benefit. If the child exists, it is not possible to simply create a parent object and overrule the child object, maybe without even realising it exists. The child object will have to be deleted before the parent object can be created. In the event that an existing child object prevents the creation of a parent object, causing operational problems, the RIPE NCC will assist LIRs to resolve the issue. Cleanup ------- Currently, there are approximately 15,000 child objects that have an overruling parent object. These child objects have no operational effect. We propose to delete these child objects. Maintainers will be notified of the intention to delete the objects. The objects will then be deleted one month later. In order to allow simple searching up and down the address space, any DOMAIN objects for IPv4 /8s and IPv6 equivalents that currently exist in the RIPE Database will be deleted. Again, these objects have no operational benefit. Results ------- The RIPE Database will only contain reverse delegations for allocations and assignments at LIR and End User levels. There will be no overlaps or hierarchies. All DOMAIN objects will be operationally effective.