Planned Changes to IPv4 Reverse DNS Infrastructure

by Joe Abley on December 15, 2010

The American Registry for Internet Numbers (ARIN) and ICANN are together planning changes to the infrastructure which supports the IPv4 Reverse DNS — that is, the part of the DNS which provides the ability to look up an IPv4 address and convert it to a name.

The IPv4 Reverse DNS uses the special domain IN-ADDR.ARPA. For many years the IN-ADDR.ARPA zone has been served by twelve of the thirteen DNS root servers. The changes we are planning will see the IN-ADDR.ARPA zone move to new, dedicated nameservers, five operated by the Regional Internet Registries (RIRs) and one operated by ICANN.

The deployment of dedicated DNS infrastructure for IN-ADDR.ARPA provides additional protection for clients and for root servers from high IPv4 reverse DNS traffic loads, and is consistent with the direction identified by the Internet Architecture Board (IAB) in RFC 3172. The naming scheme for the
new nameserver set will be as described in RFC 5855, as was recently implemented by ICANN for IP6.ARPA, the domain which supports the reverse DNS for IPv6.

ARIN has carried out the DNS zone maintenance function for IN-ADDR.ARPA since 1997. This function will transition to ICANN and will be managed concurrently with the central assignment of IPv4 address space to RIRs. Once the IN-ADDR.ARPA zone is being maintained by ICANN it will also be signed using DNS Security Extensions (DNSSEC), providing end-users with the ability to validate answers to reverse DNS queries.

Work on this set of changes began in November 2010, and is expected to be complete in February 2011. For more details please see <http://in-addr-transition.icann.org/>.

{ 6 comments… read them below or add one }

Carlos 01.04.11 at 1:06 pm

Why was the in-addr.arpa hosted by the root servers?

Jeff 01.10.11 at 9:30 am

>> Why was the in-addr.arpa hosted by the root servers?

How else reverse PTR records can be found?…

Joe Abley 01.10.11 at 9:36 am

The IN-ADDR.ARPA zone does not need to be hosted on the root servers in order for resolvers to be able to find data in the v4 reverse tree, just as root servers don’t need to host the CO.UK zone for it to work. The DNS is distributed.

As to the question of why IN-ADDR.ARPA is currently served by the root servers: that decision pre-dates the modern Internet.

Rev 01.12.11 at 7:43 am

What is in fact the additional protection that the new dedicated servers offer?

kurye 03.03.11 at 6:47 am

What is in fact the additional protection that the new dedicated servers offer?

Anonymous 08.10.12 at 10:58 am

five operated by the Regional Internet Registries (RIRs) and one operated by ICANN.
How will these be divi’%2b’ded.

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image