Jump to . . .

Lame Delegations In IN-ADDR.ARPA

Summary

Policy 7.2 in the ARIN Number Resource Policy Manual directs ARIN staff to actively identify and remedy lame IN-ADDR.ARPA delegations within IP address blocks registered in ARIN’s WHOIS directory service.  All reverse DNS zones are tested for lameness at least once every 30 days. ARIN remedies lame IN-ADDR.ARPA delegations via the following process:

  1. After 30 consecutive days of lameness, ARIN notifies the points-of-contact of record via e-mail. The notification identifies the name server and reverse zone(s), and explains why the delegation is lame.
  2. After 60 consecutive days of lameness, ARIN again notifies the points-of-contact of record via e-mail. The notification announces ARIN’s intent to remove the lame delegations from WHOIS if the lameness is not corrected within 30 days.
  3. After 90 consecutive days of lameness, ARIN strips the lame delegations from the WHOIS registration record and notifies the points-of-contact of record of the actions taken.

ARIN tests a reverse zone by requesting the SOA (Start of Authority) record from the name servers registered in WHOIS. If a name server properly claims to be authoritative for the tested zone, the delegation of reverse DNS to that name server is deemed ‘good’.  Any other answer (or an inability to reach the nameserver due to a forward lookup failure) results in the delegation being deemed lame. If all of zones for a given name server of a specific network registration are lame, the delegation registration is deemed lame. The test is then repeated daily until either the name server registration is corrected or ARIN strips the name server corresponding to the lame delegations.

Please note: if you operate a network which is likely unreachable from ARIN’s testing suite, you may receive lameness notifications, even though reverse DNS is working properly within the context of your network.  In such cases, contact the ARIN Registration Services Help Desk to have your zones excluded from future testing.

Frequently Asked Questions

Why is ARIN notifying me of a lame delegation?
You have been contacted because you are a listed POC for the network registration record and/or the associated OrgID in ARIN’s WHOIS directory service.
How do I test a name server to determine if it is answering authoritatively for an IN-ADDR.ARPA zone?
Command line tools like ‘dig’ and ‘host’ can be used to ask for data from a particular name server. For example, to verify the 252.149.192.in-addr.arpa zone is being served by ns1.arin.net, issue the command:

dig @ns1.arin.net 252.149.192.in-addr.arpa soa

This asks for the SOA record for the zone from the name server ns1.arin.net. If there is any error in the reply, or if the reply does not claim to be authoritative (look for 'aa' in the flags), then the server is not configured properly.
How do I fix a name server so it is no longer considered lame for an IN-ADDR.ARPA zone?

There are two primary causes of lameness:

  • WHOIS is delegating the zone to the wrong name server; or
  • The name server is misconfigured for the zone
You can fix the WHOIS delegation by submitting a Network Modification template to refer the zone to the proper name server. If, however, the WHOIS delegation is correct, but your name server is misconfigured, you must correct the zone file for the reverse domain. The notification you receive from ARIN will explain why the delegation was deemed ‘lame’, which should assist you when correcting the misconfiguration.
I am no longer a valid POC for the IP addresses in question. What should I do?
Please forward the notification to the operators of the network using the IP addresses today, so that they can be informed of the problem and take corrective action.
How do I contact ARIN with questions or concerns?
You can contact the Registration Services Help Desk via telephone at +1 (703) 227-0660 or via e-mail to hostmaster@arin.net. The Help Desk is open from 7 a.m. to 7 p.m. eastern U.S. time Monday through Friday.