[NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations

John Curran jcurran at arin.net
Fri Mar 17 18:14:45 UTC 2017

On 17 Mar 2017, at 12:26 PM, William Herrin <bill at herrin.us<mailto:bill at herrin.us>> wrote:

On Fri, Mar 17, 2017 at 7:52 AM, Romeo Zwart <rz+nng at zwart.com<mailto:rz%2Bnng at zwart.com>> wrote:
> RIPE NCC have issued a statement about the issue here:
>  https://www.ripe.net/ripe/mail/archives/dns-wg/2017-March/003394.html
> Our apologies for the inconvenience caused.

Hmm. That sounds like an ARIN-side bug too. ARIN's code responded to corrupted data by zeroing out the data instead of using the last known good data. That's awfully brittle for such a critical service.

Agreed in principle - receiving incorrect data (improperly formatted, corrupted, or not properly signed)
should result in appropriate notice and no change to the running system.  This is actually the case with
ARIN’s systems.

However, we received a properly formatted and signed zonelet file, albeit one which contained zero
records.   APNIC also received similar correctly formatted/signed zonelet files as a record of the RIPE
bug, and the three RIRs have been working closely together to get the correct RIPE data loaded back
into our authoritative DNS systems.


John Curran
President and CEO

More information about the NANOG mailing list