Policy Manual (v2.1 - 25/03/2014)
6. LAME DELEGATION Policy
A DNS server is considered to have a lame delegation problem when this server appears registered in the zones for reverse resolution of IP address blocks but when the server is queried it does not respond authoritatively.
The DNS server's non-authoritative response is interpreted as a server configuration error and, in accordance with LACNIC's standards, this DNS server shall be considered as having lame delegation problems.
The process for correcting lame delegations within the IP address space administered by LACNIC follows the following phases:
- Detecting lame delegations.
- Monitoring DNS servers with lame delegation problems.
- Notifying the responsible parties.
- Deactivating DNS servers.
- Activating new DNS servers.
6.1. Detecting Lame Delegations
LACNIC shall periodically revise in-addr.arpa and ip6.arpa zones where there are DNS servers registered for reverse resolution within the region covered by LACNIC. Only those segments delegated directly by LACNIC shall be considered in DNS server monitoring and deactivation processes.
A DNS server registered in LACNIC's system shall be considered to have lame delegation problems if a query of the SOA record of the DNS server does not provide an authoritative answer for said record.
The verification will be performed for each in-addr.arpa and ip6.arpa zone delegated to each DNS server.
If there is no authoritative answer, the DNS server shall be catalogued as having lame delegation problems for the in-addr.arpa and ip6.arpa zone reviewed and therefore it will enter a monitoring process.
6.2. Monitoring DNS Servers with Lame Delegation Problems
Prior to establishing that a DNS server has permanent lame delegation problems for an in-addr.arpa or ip6.arpa zone, LACNIC shall monitor the DNS server for a period of seven days. If after this period the problems still persist, LACNIC shall notify those responsible for the IP address block.
If a DNS server that was originally detected as having lame delegation problems responds correctly for the in-addr.arpa or ip6.arpa zone before the DNS server deactivation phase, the server shall be removed from the monitoring list corresponding to these zones.
6.3. Notifying the Responsible Parties
Firstly, the administrative contact of the affected block shall be notified, together with the technical contact if this information is available. Notifications shall be sent out every fifteen days over a period of sixty days. LACNIC reserves the right to investigate other types of contacts if during the first thirty days no answer is received from the administrative and/or technical contacts.
6.4. Deactivating DNS Servers
Once the notification period defined above has ended, these servers shall be eliminated from LACNIC zones.
The DNS server will only be deactivated in those in-addr.arpa or ip6.arpa zones where it exhibited lame delegation problems. Other DNS servers providing services for those zones will not be affected.
A comment shall be added to the block's record in the WHOIS database specifying that the DNS server registered for reverse resolution of the in-addr.arpa or ip6.arpa zones corresponding to the segment was deactivated due to lame delegation problems.
Only those segments delegated directly by LACNIC shall be considered in DNS server monitoring and deactivation processes.
6.5. Activating New DNS Servers
DNS server activation shall follow the usual procedures already set forth in LACNIC's policy. Only the block's administrative or technical contact shall be able to activate new DNS servers through LACNIC's registration system. Any new DNS server registered at LACNIC must respond authoritatively to the block at the moment it is activated, otherwise server registration shall be rejected.