AS112

DENIC's Contribution to the AS112 Project

In RFC1918 or to be precise in the Best Current Practice (BCP) 5 some so-called "private address space" has been reserved, that is normally used in combination with Network Address Translation (NAT). An important requirement expressed in this RFC is that these "private addresses" must never leak into the global Internet, since they are not unique and there would be no meaningful way of handling them. This rule also applies to the reverse resolution of these addresses in host names in the IN-ADDR.ARPA tree. Unfortunately, practice shows that both DNS queries concerning such "private addresses" and updates for this address space occur in large quantities.

Since 2001, dedicated systems, to which the corresponding reverse zones are delegated, have been used to reduce the workload of the root name servers. The sole function of theses systems is to return an authoritative "no", i.e. to answer queries and updates concerning "private addresses" in the negative. The systems are implemented as an Anycast cloud in the AS112 project (which owes its name to the autonomous system number assigned to it). This type of implementation was chosen in order to minimize traffic volumes in the network. Queries are thus routed to the closest location from the network topology point of view.

DENIC's Contribution

DENIC too has decided to operate an AS112 instance, since provisioning of DNS name service constitutes a fundamental part of DENIC's responsibilities and sharing the load will be beneficial to the entire Internet community. Participating in this project also offers DENIC the opportunity of joining in research into query behaviour.

Diagram: Queries and Updates within the last 7 days

Diagram:  Queries and Updates within the last 4 weeks

 

DENIC's AS112 instance is located at the DE-CIX in Frankfurt am Main. All queries for PTR records that allocate IP addresses to one or several host names principally receive a negative response (NXDOMAIN), and all attempts to make dynamic updates are rejected (NOTIMP). 

The two diagrams show the rates of DNS queries and updates for the past week and also a monthly trend, with two hours delay respectively. The blue line shows the queries and the red one the updates. The data has been aggregated for all three name servers (blackhole-1.iana.org, blackhole-2.iana.org and prisoner.iana.org).

The Targets of the AS112 Project

The declared long-term aim of the project is to render itself superfluous through a process of education: in other words, to make sure that queries of this nature meet with a reaction as locally as possibly inside the organization producing them. The IETF's DNS Operations Working Group is thus working on a recommendation which is intended to help suppress these queries at their source, so that the AS112 instances will no longer be required. In a world of perfect configuration, DNS queries about the RFC1918 address space would never have appeared in the Internet in the first place.

For further information on DENIC's involvement in the AS112 project please write an e-mail to as112[at]denic[dot]de.