Re: ARIN Fraud Reporting Form ... Don't waste your time

[David Miller <dmiller () tiggee com>]

 On 10/1/2010 2:17 PM, William Herrin wrote:
> On Fri, Oct 1, 2010 at 10:32 AM, David Miller<dmiller () tiggee com>  wrote:
> > I am merely refuting the statement, which I have heard many times in many
> > different forums, that ARIN (or any RIR) makes address allocations and then
> > walks away with no further active involvement in the use of these
> > allocations.  This statement is simply not true.
> David,
>
> What *is* true is that ARIN's further involvement in the use of those
> allocations is regulated by the policies that you and I wrote and
> instructed ARIN to follow. Those policies include no actions to be
> taken when a hijacker announces routes contrary to ARIN's registry
> information. So long as ARIN's information has not been falsified,
> forcing or not forcing folks to obey it is left for the ISPs to
> resolve for themselves.
>
> Do you think ARIN should should act as a clearinghouse for action with
> respect to hijacked BGP announcements? Draft a policy proposal and
> post it on the PPML. If your colleagues agree with you, that will
> become one of ARIN's roles.
>
> Until then, you criticize ARIN unfairly for doing what you and I have
> told it to do.
>
> Regards,
> Bill Herrin

I apologize if I was unclear.

I stated in my first message regarding the possibility that RIRs could 
delegate abandoned/hijacked space to provide reverse DNS answers - "This 
is something that ARIN *could* easily do technically.  Admittedly, this 
would require reporting and investigation that I am uncertain whether or 
not ARIN is empowered/funded to do.  This would also require a process 
be put in place for removing allocations from the delegation to the 
unused/abandoned reverse DNS servers... "  The word 'could' was chosen 
by me instead of the word 'should' for a reason.

In my second message on this topic I in fact quoted the parts of ARIN's 
Number Resource Policy Manual regarding POC and reverse DNS delegation 
validation / removal.

I am well aware of ARIN's policies and the process for changing them.

To be clear, my point is merely that RIRs do not make address 
allocations and then walk away with no day to day involvement with these 
addresses on some technical level.  To reiterate:
"The RIR's reverse DNS servers are queried all day every day for the 
reverse DNS delegations for every netblock that they allocate.  This 
means that RIRs are, in at least this way, actively operationally 
involved in the use of the allocations that they make.  This also means 
that an RIR has the technical vector to affect the active present use of 
the allocations that they have made in the past."

This was meant in no way to criticize RIRs (or any RIR in particular) or 
proscribe actions that I believe RIRs should take.  This was meant to 
correct anyone that incorrectly states that RIRs allocate addresses and 
then walk away or do nothing but maintain whois records.

Reverse DNS delegation is a technical vector that could be used by RIRs 
to affect the active present use of the allocations that they have made 
in the past.  I understand that reverse DNS would not affect route 
announcements/hijacks, but it would/could/might affect spam coming from 
these abandoned address spaces - which was the original topic for this 
discussion.

I agree that little/nothing is proscribed for RIRs at a policy level.  
The policies and procedures regarding this could be written.  I agree 
that these policies and procedures do not exist now.

-DM