20 Nov
2021
20 Nov
'21
10:29 a.m.
On 20 Nov 2021, at 15:05, Ruben ON3RVH via 44Net
<44net(a)mailman.ampr.org> wrote:
It is true that the 44.144 reverse zone is almost empty, however it - currently - is only
updated at end user's request.
There - currently - is no filtering on valid PTR records for internet access at our
border, however we are designing a new connectivity system for our users and can
incorporate that.
Whether or not everyone should do that is up for debate imo and if the majority should
decide that and UCSD follows and makes it a rule of thumb then indeed everyone should do
that. Maybe discussion to be held with the TAC?
I don't personally think it matters whether all allocated addresses have reverse PTR
records, so long as:
1) Anyone suspecting a violation of our terms of service reports it to abuse(a)ardc.net
<mailto:abuse@ardc.net> then it can be investigated and dealt with accordingly, and
2) Every individual responsible for using an IP address from ARDC is registered with us,
so we know who to contact.
It is 2) that we have the problem with:
When a group or organisation (or in some cases individuals) registers a block of addresses
then sub-allocates those addresses, often there is poor, or in some cases no audit trail
to an individual user. I’ve had to deal with issues, for example, with folk setting up VPN
servers then letting anyone use it without any vetting procedure or logs being kept.
This is a problem!
There is a new API being developed that will allow user registration and authentication, I
would like to invite all parties that currently (or plan to) sub-allocate ARDC space to
contact me so we can discuss integration of the API with their systems. We need a
verifiable audit trail for users of our address space, this has to end with the
Responsible Person for any allocated IP address.
73,
Chris - G1FEF