How to request reverse delegation in AFRINIC region?
The following steps describe how you can set up reverse delegation for address space that has been allocated or assigned to you. It is assumed you understand how to set up zone files and how to administer a DNS server.
In short: you will have to set up your DNS servers and then tell AFRINIC about them by creating a domain object.
Step1: Modifying the inetnum Object
In order to be able to successfully proceed with Step 4, you should add a "mnt-domains:" attribute to your inetnum object.
The "mnt-domains:" attribute refers to a mntner object that contains information on who is able to create a domain object for the purposes of reverse delegation. In the absence of an "mnt-domains:" attribute the "mnt-lower:" attribute will be used for authorisation.
Details on how to create a mntner object and the authorisation model can be found at:
Step 2: Preparing the Reverse Delegation
Because of the nature of DNS, you will need to chop your address block into "chunks" that can be delegated. For an IPv4 address block you will have to create one or multiple /24 or /16 type address blocks mapped into in-addr.arpa domains. For IPv6, you will have to map a /32 address block into the ip6.arpa domain.
Step 3: Configuring Your DNS Servers
For each zone, you have prepared in Step 2 you will have to set up DNS service. Take into account the recommendations in RFC 1912 and RFC 2182. An automated test complying with these recommendations is made against your zones. Problems encountered during the tests are given a number of points. Delegation will be refused if a DNS set up scores more than 20 points. A summary of the problems will be returned. You can perform a test of your setup using any web-based delegation checker which implements most of these tests.
The following recommendations may help ensure a successful setup:
Ensure you have at least two nameservers that are authoritative for the zone. The resolvable names of these NS servers should be in the NS resource records of the zone. The nameservers should be on different subnets.
SOA resource records:
The SOA resource record should have the same content, both serial number and other data, on all the nameservers. The SOA should contain a valid 'rname' (the contact address). The timing parameters should be reasonable.
Step 4: Submitting the domain Object
You need to create a domain object containing information about the zone you need reverse delegation for. For details on creation and authorisation please refer to the AFRINIC Database Reference Manual. Following are the basic steps:
Obtain a template using whois -t domain and fill in the details.
domain: [mandatory] [single] [primary/look-up key] (1)
descr: [mandatory] [multiple] [ ]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
zone-c: [mandatory] [multiple] [inverse key]
nserver: [optional] [multiple] [inverse key] (2)
sub-dom: [optional] [multiple] [inverse key]
dom-net: [optional] [multiple] [ ]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key] (3)
mnt-by: [optional] [multiple] [inverse key]
mnt-lower: [optional] [multiple] [inverse key]
refer: [optional] [single] [ ]
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
(1) Here you put the name of your domain.
(2) Enter the names of your nameservers which correspond to the nameservers as used in Step 3; use multiple lines, one nserver: nameservername per line.
(3) For the "mnt-by:" attribute you use the mntner you have prepared in Step 1
Submitting Multiple domain Objects
This applies to all whois database interfaces.
If you want to submit a number of domains that all run on the same nameserver you can use a range notation such as 10-16.168.192.in-addr.arpa for the domain attribute. The database will then automatically create separate domain objects in that range (so seven in total for this particular example).
Step 5: Verifying the Set-up
Once you have submitted the domain object you will receive a notification from the database. You should then be able to query for your object in the database (e.g whois -h whois.AFRINIC.net 4.0.192.in-addr.arpa). After the object appears in the database, it may take between 15 to 60 minutes before the delegation information is available in the DNS. The ultimate test is to query a recursive nameserver that is not authoritative for your zone for a record from your zone.
Discussions are taking place on the policy working group mailing list if you want to subscribe to the mailing send your subscription request to rpd-request [at] afrinic.net with 'Subscribe' as subject line
Mailing list archives can be found at https://lists.afrinic.net/pipermail/rpd