IP Addresses Registration
IP address must be registered, either by using IP Request (https://iprequest.lbl.gov/) for static IP addresses or obtaining the IP address via DHCP.
A "poached IP" is the usage of an IP address without it being registered in DNS or obtained via DHCP. Poaching an IP address can cause operational harm as another device attempts to use the IP address but cannot. Poaching can also cause confusion and wasted resources to determine the poacher and unwind the configuration. Lastly, some cyber security controls are tuned to look at unused IP address, some control may not function correctly or may have false alarms if you poach IP addresses.
If you decide to stop using an IP address, do not remove the IP Request records until you actually stop using the IP address, by taking the device offline or deconfiguring the IP address for virtual device usage.
Cyber Security will block poaching machines from all network access, and may be forced to do so without notice to prevent operational harm.
DNS Contact Information
Static IP addresses must have two valid contacts. At least one contact must be LBL staff and the other may be LBL staff or a LBL affiliate. A third contact is optional and may be LBL staff, a LBL affiliate or an email address. It's good practice to use a group mailing list as the third contact. DNS Contacts may be used to resolve issues with a host including, but not limited to:
- Insecure configuration
- System compromise
- Improper operation causing operational problems
- Copyright or other intellectual property problems
DNS Contacts for host are visible to any authenticated LBNL employee by visiting https://dnscontacts.lbl.gov/
You can update the DNS contact records at https://iprequest.lbl.gov/
Host without two valid contacts may be blocked from network access. You can check to see if a host is blocked using https://onestop.lbl.gov/
DNS Delegation
LBLNet does not allow delegation in the (*.gov) zones we manage. Users who wish to add, delete or change records in existing zones can request changes at https://iprequest.lbl.gov.
Users who require automation or dynamic changes may be allowed to update records using dynamic DNS (RFC 2136) authenticated by TSIG (RFC 2845). Users who cannot be accommodated in these ways will be encouraged to register a separate (non *.gov) domain.
