- db-wg - mailman.ripe.net

Anything wrong with RIPE DB?
by Marcus.Ruchti＠colt.net 11 Aug '05

11 Aug '05

Hi all, Do you know if anything happened with the RIPE DB last evening or even this morning? Our RIPE robot, reading out AS-sets and route objects, deleted a lot of prefixes. Started just a few minutes ago again without any changes to the Robot we got many prefixes back. This was of course service affecting for single-homed PI customers :-( Now I wonder if RIPE is doing something with the DB. I've seen the output has been changed (reduced mainly) but this does not affect my script. So any hints from your side are appreciated. Thanks Marcus Ruchti COLT Telecom, Frankfurt ************************************************************************************* The message is intended for the named addressee only and may not be disclosed to or used by anyone else, nor may it be copied in any way. The contents of this message and its attachments are confidential and may also be subject to legal privilege. If you are not the named addressee and/or have received this message in error, please advise us by e-mailing security(a)colt.net and delete the message and any attachments without retaining any copies. Internet communications are not secure and COLT does not accept responsibility for this message, its contents nor responsibility for any viruses. No contracts can be created or varied on behalf of COLT Telecommunications, its subsidiaries or affiliates ("COLT") and any other party by email Communications unless expressly agreed in writing with such other party. Please note that incoming emails will be automatically scanned to eliminate potential viruses and unsolicited promotional emails. For more information refer to www.colt.net or contact us on +44(0)20 7390 3900.

2 1

RIPE DB question
by Dmitry Kiselev 05 Aug '05

05 Aug '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! Can I delete aut-num object from RIPE DB if it registered by me (as LIR) for one of our customers and I have NO auth info refered by object's mnt-by field? In different way question may sound like: how can I return registered resources (PI/ASN) if my customer gone? What is BCP within LIRs for this case? Thanks for advices! P.S. If I choise wrong WG, don't hit me too much ;) :) - -- Dmitry Kiselev -----BEGIN PGP SIGNATURE----- iD8DBQFC8csaZaocAwQhSAQRAhg7AKChkv2sTl4qBoRcnFxAMqYGEQ5kCACbBacj KvojUT8PbYFXR/emNFga9EM= =IFJU -----END PGP SIGNATURE-----

8 13

mntner creation
by Ulf Kieber 01 Aug '05

01 Aug '05

Hi all, did I miss something or since when does the RIPE DB permit creation of mntner objects by direct mail. Several of our customers have started creating mntners ad libitum and the mntner creation feature on lirportal.ripe.net has become pretty superfluous. -- Ulf Kieber email: ukieber(a)cogentco.com Sr. Network Engineer voice: +49-69-299896-21 C.C.D. Cogent Communications Deutschland GmbH fax : +49-69-299896-40 Optical Internet www : www.cogentco.com Brilliantly Fast. Elegantly Simple. AIM : ulfkieber

2 1

Wierd output of whois/database
by Matthew Smith 25 Jul '05

25 Jul '05

Hi all, if this is the wrong list, then please point me in the right direction. I am first assuming that I have done something wrong. I should have a role 'AHM' with two person objects (MS33051-RIPE and DB). The whois output (below) also gives two further records at the end which I cannot fathom how or why they appear. Comments please Regards Matthew msmith:mlnet%whois -h whois.ripe.net -- -B AHM % This is the RIPE Whois query server #1. % The objects are in RPSL format. % % Note: the default output of the RIPE Whois server % is changed. Your tools may need to be adjusted. See % http://www.ripe.net/db/news/abuse-proposal-20050331.html % for more details. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Information related to 'AHM' role: Aexiomus Hostmaster address: Aexiomus Limited address: United Kingdom phone: +44-906-7530143 fax-no: +44-906-7530143 e-mail: hostmaster(a)aexiomus.net e-mail: hostmaster(a)aexiomus.net.uk admin-c: DB tech-c: DB tech-c: MS33051-RIPE nic-hdl: AHM mnt-by: AEXIOMUS-MNT mnt-by: MLNET-MNT notify: hostmaster(a)aexiomus.net.uk source: RIPE changed: hostmaster(a)aexiomus.net.uk 20050504 person: Denesh Bhabuta address: PO Box 2023 address: Wickford address: SS12 9RX address: United Kingdom phone: +44-906-7530143 e-mail: denesh(a)cyberstrider.net e-mail: denesh(a)aexiomus.net.uk e-mail: denesh(a)bhabuta.co.uk e-mail: denesh(a)dbcl.net nic-hdl: DB mnt-by: AEXIOMUS-MNT changed: hostmaster(a)cyberstrider.net 20000821 changed: hostmaster(a)cyberstrider.net 20020208 changed: denesh(a)aexiomus.net.uk 20020515 changed: denesh(a)aexiomus.net.uk 20030630 source: RIPE person: Matthew Smith address: ML Associates, 11 Grove Lane, Great Kimble address: Aylesbury, Bucks, HP17 9TR, UK phone: +44-20-7871-0604 e-mail: hostmaster(a)aexiomus.net e-mail: matthew(a)aexiomus.net e-mail: m(a)mlnet.co.uk e-mail: hostmaster(a)mlnet.net remarks: skype: monthemove nic-hdl: MS33051-RIPE mnt-by: AEXIOMUS-MNT mnt-by: MLNET-MNT source: RIPE changed: m(a)mlnet.net 20050429 changed: m(a)mlnet.net 20050526 % Information related to 'DB' person: SAIDUR AHM RAHMAN address: RAHMAN SAIDUR AHM address: VIA BARTOLOMEO CRISTOFORI 11 address: 00100 ROMA address: Italy phone: +39655302089 fax-no: +39655302089 nic-hdl: SAR32-RIPE changed: order.manager2(a)telecomitalia.it 20041022 source: RIPE % Information related to 'SAR33-RIPE' person: SAIDUR AHM RAHMAN address: RAHMAN SAIDUR AHM address: VIA BARTOLOMEO CRISTOFORI 11 address: 00100 ROMA address: Italy phone: +39655302089 fax-no: +39655302089 nic-hdl: SAR33-RIPE changed: order.manager2(a)telecomitalia.it 20041022 source: RIPE

3 3

Signature expiration check proposal
by Katie Petrusha 25 Jul '05

25 Jul '05

Dear Colleagues, This is a proposal about changes to how the whois database software checks PGP and X.509 signatures on incoming updates. Currently the software checks that the PGP signature is valid by using Gnu Privacy Guard (GnuPG). It verifies X.509 signatures with an OpenSSL (Secure Sockets Layer) tool. We propose to change the software, so that it also checks the signature creation date. If the signature is older than one week, it will be rejected and the update will fail. This is to prevent replay attacks on database objects. We became aware of this potential threat when we designed the DNSSEC provisioning system. -- Katie Petrusha RIPE NCC

2 1

Proposed changes for object ordering
by antointhe 20 Jul '05

20 Jul '05

An ordinary user writes: This is just great! No wonder they disposed of 'Mr Post Office' (hint). Look guys, I've got ppl scanning me all over and I can't even find out who it is. I have little time for the anticipated learning curve and I don't know if some fanatic wants to turn my machine into a bot or its just windows doing its thing. I have a feeling sensible folks like yourselves have anticipated situations like this and have tools around to help. The only query engine output is duplicated at my firewall. Is it possible that some of you have interests elsewhere? Not advisable in these days of insurgency... Best Regards antointhe

1 0

Announcement Routing Registry Training Courses
by RIPE NCC Training Services 19 Jul '05

19 Jul '05

Dear Colleagues The RIPE NCC Training Services Department invites you to register for one of our upcoming Routing Registry Training Courses: Date: Friday 19 August 2005 Time: 0900 - 1700 Location: Amsterdam, the Netherlands AND: Date: Friday 21 October 2005 Time: 0900 - 1700 Location: Sofia, Bulgaria AND: Date: Friday 28 October 2005 Time: 0900 - 1700 Location: Oslo, Norway AND: Date: Friday 4 November 2005 Time: 0900 - 1700 Location: Edinburgh, United Kingdom AND: Date: Friday 25 November 2005 Time: 0900 - 1700 Location: Munich, Germany The main objective of the "Routing Registry Training Course" is to familiarise the LIRs with the features of the Routing Registry, while introducing the relevant tools and services of the RIPE NCC. The course also offers practical exercises. OVERVIEW OF TOPICS COVERED IN THE COURSE: - Routing Registry as a part of the RIPE Whois Database and the Internet Routing Registry (IRR) - Specifying routing policies using (RPSL) Routing Policy Specification Language and the RtConfig tool - IRRToolSet - Routing Information Service (RIS) - Routing Registry Consistency Check Project Please note that this is an advanced course. It will: - NOT teach the basics of routing - NOT teach the basics of RIPE Database operations - NOT describe how to receive Internet resources from the RIPE NCC - NOT describe how to operate a Local Internet Registry (LIR) The target audience of the course are technical staff of LIRs: e.g. network operators, engineers etc. This course is not intended for administrative or management staff (e.g. Hostmasters) . It is assumed that all attendees will be familiar with Border Gateway Protocol routing and with the RIPE Database (i.e. creating/modifying objects). This course is based on interactive exercises in a local network set-up. Please bring your laptops equipped with the following: - A working Ethernet card, - Three meters of Ethernet cable, - A secure connection client, - A web browser. Please be prepared to share your laptop (or at least allow another attendee to "look over your shoulder") if necessary. The course is free of charge. We provide lunch and printed training materials. We do not cover any of your travel expenses or accommodation. We give all of our training courses in English. You can find more information about the course at: http://www.ripe.net/training/rr/ How to register: --------------------- You can register up to two people from your LIR for each course. (If there are places left nearer the time of the course, you can register more people). To register for this course, you can either use the LIR Portal at: https://lirportal.ripe.net/lirportal/training/course-list.html Or the online registration form on our website: http://www.ripe.net/cgi-bin/trainingform.pl.cgi If you have any questions, send an e-mail to <training(a)ripe.net>. Kind regards Rumy Kanis Training Services Manager RIPE NCC

1 0

New Attribute in DOMAIN Object
by Olaf M. Kolkman 18 Jul '05

18 Jul '05

Dear Colleagues, You may have seen our recently announced plans to deploy DNSSEC on the reverse tree. You can read more about this at: http://www.ripe.net/ripe/maillists/archives/db-wg/2005/msg00156.html This plan contains a proposal for the new "ds-rdata:" attribute. This attribute is used to perform the public key exchange that is needed to obtain a secured delegation. It is used in addition to the delegation information stored in the "nserver:" attribute. You can find more details in the Draft Registry Procedure at: http://www.ripe.net/rs/reverse/dnssec/registry-procedure.html Kind regards, -- Olaf ---------------------------------| Olaf M. Kolkman ---------------------------------| RIPE NCC

1 0

Changes for abuse
by dfoley 15 Jul '05

15 Jul '05

This document is very confusing. The section : "(3) Adding 'abuse output' Option " describes the changes to the result returned for "$ whois 10.0.0.10". However the result displayed is actually the result before the change. This is followed by a description of the result of "$ whois -b 10.0.0.10". The result includes "e-mail:" attributes but no "abuse-mailbox:" attribute. So which request do I use to obtain the "abuse-mailbox:" attibute? . In your examples it is only returned with the "$ whois -L 10.0.0.10". And yet I am supposed to use the "$ whois -b 10.0.0.10" to get the abuse contacts. Should I expect to ignore the attributes and treat any email address returned with the "whois -b" request as an abuse contact? I have tried using the "whois -b" and I have yet to get a result without ERROR appearing.

2 1

Status of 'org' attribute
by MarcoH 13 Jul '05

13 Jul '05

[appologies for cross-posting this] Hi all, Maybe I missed out on something, but accoording to various templates in the ripe-databese, the org-attribute is optional. Apparently the hostmaster mailrobot things otherwise and refuses requests with an error because of the org-attribute not being present. I just ran into it on a ASN request, but I recall having problems before with this. Can anybody tell me who is right, the database template or the robot ? In fact, the database reference (http://www.ripe.net/ripe/docs/databaseref-manual.html#1.2.3) doesn't list it all. Grtx, MarcoH

2 2