On Wed, 8 Oct 2003, Olaf M. Kolkman wrote:

I agree "Clarity good, Confusion bad". I have not yet had the change to study all implications of getting rid of the "rev-srv:". But we'll look at this and get back on this issue; probably in the clean-up proposal that is to follow or in a separate proposal.

In the context of the above I have some additional data that we have extracted from the database. As the wider audience may be aware, the 'rev-srv' attribute in the inetnum (and inet6num) objects is the rather early predecessor of using the 'domain' object and its 'nserver' attributes to represent a reverse delegation. The 'rev-srv' attribute, while it has never been depreciated and is not used as a source for authoritative DNS data, is still able to be used as an informational attribute. For purposes of this discussion, I've compared the contents of the inetnum 'rev-srv' attribute with the domain 'nserver' attribute. For the comparison I also introduce the concept of 'derived delegation'. A 'derived delegation' is essentially working out which 'in-addr.arpa' delegation would best match the inetnum. Effectively, a /15 inetnum becomes two /16-level 'derived delegations', and a /17 inetnum becomes 128 /24-level 'derived delegations'. First the data for reverse delegation information in inetnum objects. Total number of inetnum objects: 879691 Total number of inetnum objects with rev-srv: 54921 (6%) Total number of derived delegations: 27804 (3%) The fact that the number of derived delegations is smaller than the number of objects with rev-srv attributes is accounted for by inetnums which either cover very large ranges (/8 and greater) or smaller ranges (/25 and lesser) which we do not delegate directly. Secondly, the data for reverse delegation information in domain objects. Total number of domain objects: 113153 Total number of valid reverse domain objects: 105785 A valid reverse domain object is one that makes sense within the DNS; it has a set of nservers, and refers to a possible delegation (ie, its within in-addr.arpa and has numbers between 0 and 255). Comparing the two sets of delegation information. Total number of domain objects that do NOT match any derived delegation: 95051 Total number of derived delegations that do NOT match any domain object: 16523 Total number of matches between derived delegations and domain object: 18011 The number of domain objects is larger as the NCC has been using them to represent authoritative reverse delegations during the recent (6 years?) growth period of the internet. The number of derived delegations without a matching domain object is non-zero for two reasons; The statistics script has calculated the 'best' delegation possible, and hasn't taken into account the possibility of a /16 inetnum being delegated to 255 /24-level domain objects (etc), or there are old inetnums which had their corresponding delegations created before the current system of using domain objects. We now compare the 18,011 domain objects that have a matching derived delegation, and cross checking the NS sets (as are intended to be published in the DNS) of each. Total number of mismatches in NS sets: 10734 Total number of exact matches in NS sets: 7277 In summary; - rev-srv attributes are used infrequently at the moment, and the information within them has a low accuracy. - There would be a large cleanup of inetnum objects required to ensure that the rev-srv attributes matched the delegations in the domain objects, and thus be usable for the creation of authoritative DNS delegations. - In the current proposal effort is needed to make sure that "legacy" reverse delegations that do exist in the DNS, have a corresponding rev-srv attribute, but do not have a DOMAIN object in the database, get fixed. -- Bruce Campbell RIPE Systems/Network Engineer NCC www.ripe.net - PGP562C8B1B Operations/Security