ACSP Suggestion 2025.7: ARIN Service Dependencies and Business Resilience
Suggestion
Author: Ramakant Pandrangi
Submitted On: 28 October 2025
Description: Inquiry about ARIN Service Dependencies and Business Resilience
Value to Community:
As an organization providing critical internet infrastructure and domain name registry services that significantly relies on ARIN’s services, we deeply value ARIN’s continued leadership in supporting the stability and security of the Internet ecosystem. Verisign holds and manages a significant allocation of ARIN’s number resources, including Autonomous System Numbers (ASNs), IP Addresses, and the associated IRR and RPKI objects. As such, our services and operations and the global internet depend directly on the reliability and resilience of ARIN’s system and services.
Across our operations, we invest considerable effort in reducing systemic and circular dependencies within the internet infrastructure that underpin our own services, including our disaster recovery and business resiliency functions. We recognize that ARIN’s role as an operator of essential internet infrastructure, including the increasing adoption and reliance of RPKI, continues to grow in both scope and operational significance for global internet systems. Given this role, we request the following.
Service Dependency and Transparency
Publish documentation of ARIN’s core service dependencies, including any reliance of external platforms (CDN), service providers, or other infrastructure to enhance member understanding of ARIN’s potential systemic risk and dependency. This information should be reported by service offering, including, but not limited to, items such as member portal, RPKI CA, RPKI Publishing Servers, IRR servers. Dependencies may include DNS, CDN, IP addresses, BGP routes, IP Service Providers, and any other service chain dependencies.
Change Management and Member Notification
Commit to previewing material operational or architectural changes to ARIN’s core services with members prior to implementation. Members may have direct impact from future architectural changes and should be made aware of such changes within a reasonable timeframe. This would enable relying parties to assess downstream impacts and make appropriate accommodation within their infrastructure. The long-term organizational planning by members will benefit from knowledge shared regarding material operational and architectural changes at ARIN.
Resilience and Continuity Practices
Provide high-level visibility into ARIN’s business continuity and disaster recovery framework, including service restoration objectives (RTO/RPO) and operational continuity planning for critical systems including the Registry Database, Whois, RDAP, IRR, and RPKI services. This enhances confidence and preparedness by providing members clearer insight into ARIN’s service resilience, allowing members to better plan for and respond to potential disruption.
We appreciate ARIN’s consideration of this request and welcome the opportunity to collaborate in defining a practical framework that supports the long-term stability of the internet ecosystem we collectively maintain.
Timeframe: Not specified
Status: Confirmed Updated: 28 October 2025