Skip to main content

RIPE ARPA Zone Validation

To enhance security and comply with RIPE's policies, reverse DNS (rDNS) zones for IP ranges allocated by RIPE require manual validation before they can be served by Xenyth Cloud DNS. This guide outlines the steps required to add and validate your RIPE ARPA zone.

Why is Validation Required?

RIPE, as a Regional Internet Registry (RIR), has specific policies to ensure that the holder of an IP address range has explicitly authorized the nameservers that serve its rDNS records. Our manual validation process confirms that you have legitimate control over the IP range and have correctly delegated authority to our nameservers.

Step 1: Add the Zone on Xenyth DNS

First, you need to set up the ARPA zone in your Xenyth Cloud account.

  1. Navigate to the DNS section of the Xenyth Cloud dashboard.
  2. Create a new DNS service with a Basic plan or higher.
  3. When prompted for the zone name, enter your ARPA zone. You can find the correct ARPA zone format from your IP allocation details provided by RIPE or your LIR.
    • For an IPv4 range like 192.0.2.0/24, the zone is 2.0.192.in-addr.arpa.
    • For an IPv6 range like 2001:db8:1234::/48, the zone is 4.3.2.1.8.b.d.0.1.0.0.2.ip6.arpa.

Step 2: Request Manual Validation

Because this is a sensitive ARPA zone, it will not become active immediately.

  1. Open a new support ticket from your Xenyth Cloud dashboard.
  2. Title the ticket "RIPE ARPA Zone Validation Request".
  3. In the ticket, state the ARPA zone you have added and request that our team manually validate and activate it.

Our support team will perform the necessary checks and will notify you once the zone is active on our nameservers.

Step 3: Add the Secondary IP Nameserver

RIPE requires that the zone be served by two different IPs, as our cluster is an anycast network with one IP this does not fit their requirements. We can solve this by adding the secondary NS ourselves

After the support team confirms that your zone is active, you must add our secondary nameserver to your zone's NS records within the Xenyth DNS dashboard.

  1. Go to your newly activated ARPA zone in the DNS dashboard.
  2. Add a new NS record for the secondary nameserver. The nameserver will be in the format <word>.ns2.xny.onl, where <word> is a unique identifier provided to you in the zone as <word>.ns.xny.onl. You can pick any of the two words provided already.

This secondary nameserver is served by the same cluster on a separate IP, but is required to meet RIPE's requirements for having multiple authoritative nameservers.

Step 4: Create the rDNS Object in the RIPE Database

With your zone fully configured on Xenyth DNS, the final step is to inform the RIPE database.

  1. Log in to the RIPE Database.
  2. Create or update a domain object for your ARPA zone.
  3. In the nserver attributes of the domain object, you must list Xenyth Cloud's primary and secondary nameservers.
    • Example: <word>.ns1.xny.onl
    • Example: <word>.ns2.xny.onl

Once this object is created and propagated, the RIPE database will correctly point to Xenyth's nameservers for your rDNS lookups, and your zone will be fully operational.