[ am i going to regret cross-posting? ]
a friend raised in private the question of whether the dns could be used
instead of rpsl.
essentially, dns does not search down-tree for you. it only answers
exact specific queries. for some reason lost in time, well at least
lost in my mind, rpsl servers give you the nearest enclosing object.
e.g., if i query for the ip address of psg.com, 22.214.171.124, i get the
encompassing inetnum: object.
ryuu.rg.net:/Users/randy> whois -h whois.ripe.net 126.96.36.199
inetnum: 188.8.131.52 - 184.108.40.206
remarks: Geofeed https://rg.net/geofeed
source: RIPE # Filtered
and now i know not to query further in the range 220.127.116.11/19. note
the geofeed pointer is not at the exact ip, or at the /24, or at the
/16. and have fun getting the magic of knowing it is the /19 into the
one does not want to query the dns for an RR 18.104.22.168.in-addr.arpa
because, for this to be useful, either
o you need the geoloc data with every PTR record (think ipv6 and
o you need some non-existent magic to get you the geoloc data for some
unspecified less specific granularity
if netflix wants to collect the geofeeds once a month. do we propose
they dns query all ipv4 and ipv6 host addresses?
i suspect there are also cultural issues. in most isps of scale, dns is
close to customer service, a different 'silo' from provisioning. rpsl
not so much. i am sure massimo is learning more about the silos in ntt
than he would care to. but he was able to deploy this hack in a week.
i would bet that he could never get a dns hack deployed.
possibly amusing tangential note: we once tried to do rpki in the dns,
aside from other issues, dns only allows a single delegation, which
would preclude two owners in a make before break transition.