1 / 14

Whois Domain Object Authorisation

Whois Domain Object Authorisation. APNIC18 – DB SIG Nadi, Fiji 2 September 2004. Procedural Problem. Whois database authorisation is hierarchical APNIC maintainer is the mnt-lower for all APNIC /8 domains All attempts by members to create /24 and /16 domains fail for non MyAPNIC users.

riley-dunlap
Download Presentation

Whois Domain Object Authorisation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Whois Domain Object Authorisation APNIC18 – DB SIG Nadi, Fiji 2 September 2004

  2. Procedural Problem • Whois database authorisation is hierarchical • APNIC maintainer is the mnt-lower for all APNIC /8 domains • All attempts by members to create /24 and /16 domains fail for non MyAPNIC users

  3. Example • Member XYZ has been allocated 202.168.80.0 – 202.168.95.255 (/20): inetnum: 202.168.80.0 – 202.168.95.255 netname: XYZ-NET descr: XYZ Broadband Networks descr: Suburbia country: AP admin-c: EG999-AP tech-c: EG999-AP mnt-by: APNIC-HM mnt-lower: MAINT-AP-EXAMPLE changed: hm-changed@apnic.net 20040712 status: ALLOCATED PORTABLE source: APNIC

  4. Example continued • Member XYZ now tries to create a /24 reverse delegation, 80.168.202.in-addr.arpa: domain: 80.168.202.in-addr.arpa descr: Reverse DNS Zone for 202.168.80.0/24 country: AP admin-c: EG999-AP tech-c: EG999-AP zone-c: EG999-AP nserver: ns1.foo.bar nserver: ns2.foo.bar mnt-by: MAINT-AP-EXAMPLE source: APNIC

  5. Example continued • They submit the domain object to auto-dbm@apnic.net, but it fails  • Why? • Authorisation is hierarchical, the parent object 202.in-addr.arpa contains: mnt-lower: MAINT-AP-DNS • Only new domain objects with mnt-by and password of MAINT-AP-DNS will succeed

  6. Authorisation model problems • Manual creation • Inconvenient due to time delay • Not providing best possible service

  7. Procedural Solution - Allocation • Compare mnt-by of domain template with mnt-lower of related inetnum object • Maintainers match and correct password provided • If conditions met then domain object is created

  8. Inetnum object Example of Allocation Procedural Solution • Domain template • domain: 80.168.202.in-addr.arpa • netname: Reverse DNS for 202.168.80.0/24 • country: AP • admin-c: EG999-AP • tech-c: EG999-AP • nserver: ns1.foo.bar • nserver: ns2.foo.bar • mnt-by: MAINT-AP-EXAMPLE • changed: hm@apnic.net 20040712 • source: APNIC • inetnum: 202.168.80.0 - 202.168.95.255 • netname: XYZ-NET • descr: XYZ Broadband Networks • descr: Suburbia • country: AP • admin-c: EG999-AP • tech-c: EG999-AP • mnt-by: APNIC-HM • mnt-lower: MAINT-AP-EXAMPLE • changed: hm@apnic.net 20040712 • status: ALLOCATED PORTABLE • source: APNIC

  9. Procedural Solution - Assignment • Compare mnt-by of domain template with mnt-routes of related inetnum object • Encouraged use of mnt-routes attribute • Maintainers match and correct password provided • If conditions met then domain object is created

  10. Inetnum object Example of Assigment Procedural Solution • Domain template • domain: 80.168.202.in-addr.arpa • netname: Reverse DNS for 202.168.80.0/24 • country: AP • admin-c: EG999-AP • tech-c: EG999-AP • nserver: ns1.foo.bar • nserver: ns2.foo.bar • mnt-by: MAINT-AP-EXAMPLE • changed: hm@apnic.net 20040712 • source: APNIC • inetnum: 202.168.80.0 - 202.168.80.255 • netname: XYZ-NET • descr: XYZ Broadband Networks • descr: Suburbia • country: AP • admin-c: EG999-AP • tech-c: EG999-AP • mnt-by: APNIC-HM • mnt-routes: MAINT-AP-EXAMPLE • changed: hm@apnic.net 20040712 • status: ASSIGNED PORTABLE • source: APNIC

  11. Exceptions • Old allocations with no mnt-lower attribute. • Assignments with no mnt-routes attribute. • Forward any domain templates which don’t meet the proposed solution to helpdesk@apnic.net for manual intervention.

  12. Statistics • 622 new domain objects submitted for manual creation between January 1 and February 27 2004 • 558 (89%) would have succeeded through new algorithm

  13. Implementation Schedule • End of 2004

  14. Questions? • Thanks for your time!

More Related