From marija.jovanovska at telesmart.mk Thu Jan 21 13:17:39 2010 From: marija.jovanovska at telesmart.mk (Marija Jovanovska) Date: Thu, 21 Jan 2010 13:17:39 +0100 Subject: Problem in creating a domain Message-ID: <000901ca9a93$ba40a830$2ec1f890$@jovanovska@telesmart.mk> Hi, We are trying to create a domain for reverse dns with the following information: domain: 184.128.95.in-addr.arpa descr: Reverse delegation admin-c: JK521-RIPE tech-c: JK521-RIPE zone-c: JK521-RIPE nserver: dns1.telesmart-telekom.com nserver: dns2.telesmart-telekom.com mnt-by: jasminakecap-mnt changed: jasminakecap at telesmart.mk 20100121 source: RIPE But we are getting these errors: # of Creations # of Modifications # of Deletions # of No-Operations # of Syntax Errors Success 0 0 0 0 - Failure 1 0 0 - 0 DETAILED EXPLANATION: Create FAILED: [domain] 184.128.95.in-addr.arpa ***Info: Authorisation passed ***Info: Syntax check passed domain: 184.128.95.in-addr.arpa descr: Reverse delegation admin-c: JK521-RIPE tech-c: JK521-RIPE zone-c: JK521-RIPE nserver: dns1.telesmart-telekom.com nserver: dns2.telesmart-telekom.com mnt-by: jasminakecap-mnt changed: jasminakecap at telesmart.mk 20100121 source: RIPE ***Info: Parent has RIPE NCC nameservers. ***Info: Authorisation for parent [inetnum] 95.128.184.0 - 95.128.184.255 using mnt-by: not authenticated by: jasminakecap-mnt ***Info: Authorisation for parent [domain] 95.in-addr.arpa using mnt-lower: not authenticated by: RIPE-NCC-REVERSE-MNT ***Error: RDNS Authorisation failed Can you please explain to me what is the meaning of these errors? Is it due to incorrect configuration of our dns1-primary and dns2-secondary servers or is it due to some registration problems with RIPE? Thank you in advance for your help, Marija Jovanovska BScEE Telesmart Telekom DOO TS1 bul. Vojvodina br.4 ul. Nikola Parapunov bb (NOC) 1000 Skopje R.Macedonia Tel +389 2 3070244 Fax: +389 2 3093761 Mobile: +389 78 444459 e-mail: marija.jovanovska at telesmart.mk -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 4860 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 1713 bytes Desc: not available URL: From wiwi at progon.net Mon Jan 25 22:21:00 2010 From: wiwi at progon.net (Christian 'wiwi' Wittenhorst) Date: Mon, 25 Jan 2010 22:21:00 +0100 Subject: Newbie: Problem loading ripe.db.dummy.gz: 0 rows affected... Message-ID: <4B5E0B3C.10502@progon.net> Hello and Good Evening, when I try to load the current whois snapshop with ./make_db -c /tmp/v/conf/rip.config -s RIPE -1 it fails after some time with: [0] 0.00s OK [aut-num:AS12502][U:ADD] [0] 0.00s OK [aut-num:AS6906][U:ADD] [0] 0.01s OK [aut-num:AS5624][U:ADD] [0] 0.00s OK [aut-num:AS5408][U:ADD] [0] 0.00s OK [aut-num:AS8581][U:ADD] [0] 0.00s OK [aut-num:AS5489][U:ADD] [0] 0.00s OK [aut-num:AS8991][U:ADD] [0] 0.00s OK [aut-num:AS1955][U:ADD] [0] 0.00s OK [aut-num:AS9150][U:ADD] [0] 0.00s OK [aut-num:AS12509][U:ADD] [0] 0.00s OK [aut-num:AS8752][U:ADD] [0] 0.00s OK [aut-num:AS12511][U:ADD] [0] 0.00s OK [aut-num:AS6827][U:ADD] [0] 0.00s OK [aut-num:AS8798][U:ADD] [0] 0.00s OK [aut-num:AS12515][U:ADD] [0] 0.00s OK [aut-num:AS12517][U:ADD] [0] 0.00s OK [aut-num:AS9020][U:ADD] [0] 0.00s OK [aut-num:AS12522][U:ADD] [0] 0.00s OK [aut-num:AS12524][U:ADD] [0] 0.00s OK [aut-num:AS12526][U:ADD] 0 rows affected [ INSERT mnt_routes SELECT 0, 25678, mntner.object_id, 2 FROM mntner WHERE mntner.mntner='WESTEND-MNT' ] *** died: +1691 modules/ud/ud_core.c *** Backtrace with command line ./load_all.sh: line 15: 24325 Broken pipe ${UNZIP1} ${object_file} 24326 Exit 141 | eval ${FILTER} 24328 Segmentation fault | $LOADER -L $1 -p ${PROPERTIES} -s ${SOURCE} cat: gzip -cd /tmp/ripe.db.dummy.gz | eval cat | /root/projects/v/bin/loader -L 0 -p /tmp/v/conf/rip.config -s RIPE: No such file or directory *** ERROR: Loader failure [1]. Exiting\n ************** ERROR *************** *** 22:18:26 Error loading database=ripe_RIPEDB for source=RIPE, ./make_db exiting ************************************ It seems to be the same problem as in: but I am using whoisserver-3.6.tar.gz. The object following AS12526 is: aut-num: AS5517 as-name: CSL descr: CSL Computer Service Langenbach GmbH AS# import: from AS286 accept ANY import: from AS8220 accept ANY import: from AS20676 accept ANY import: from AS35652 accept AS35652 export: to AS286 announce AS5517 AND AS35652 export: to AS8220 announce AS5517 AND AS35652 export: to AS20676 announce AS5517 AND AS35652 export: to AS35652 announce ANY admin-c: CSL6-RIPE tech-c: CSL6-RIPE mnt-by: CSL-MNT mnt-routes: WESTEND-MNT {194.140.239.0/24} mnt-routes: CSL-MNT changed: invaliduwe at nrw.net 20060808 changed: invalidaldem at nrw.net 20091207 source: RIPE which has "mnt-routes: WESTEND-MNT {194.140.239.0/24}"... May I ask for some help? Best regards, Christian From agoston at ripe.net Tue Jan 26 14:50:27 2010 From: agoston at ripe.net (Agoston Horvath) Date: Tue, 26 Jan 2010 14:50:27 +0100 Subject: Newbie: Problem loading ripe.db.dummy.gz: 0 rows affected... In-Reply-To: <4B5E0B3C.10502@progon.net> References: <4B5E0B3C.10502@progon.net> Message-ID: <4B5EF323.6040403@ripe.net> Dear Christian, We are aware of this problem, and the solution is already incorporated into an upcoming release of whois-server. The problem is that the order in which the object types are loaded matters. In the below example, the error is that the corresponding mntner object couldn't be found. I would suggest you to either use the test.db.gz file from the ftp site load load the RIPE DB, or load the split files in the following order: person role organisation mntner irt inetnum inet6num domain route route6 aut-num as-block as-set inet-rtr route-set rtr-set peering-set filter-set key-cert poetic-form limerick poem Hope this helps! Kind regards, Agoston Horvath Database Group RIPE NCC On 2010-01-25 10:21 PM, Christian 'wiwi' Wittenhorst wrote: > Hello and Good Evening, > > when I try to load the current whois snapshop with > > ./make_db -c /tmp/v/conf/rip.config -s RIPE -1 > > it fails after some time with: > > [0] 0.00s OK [aut-num:AS12502][U:ADD] > [0] 0.00s OK [aut-num:AS6906][U:ADD] > [0] 0.01s OK [aut-num:AS5624][U:ADD] > [0] 0.00s OK [aut-num:AS5408][U:ADD] > [0] 0.00s OK [aut-num:AS8581][U:ADD] > [0] 0.00s OK [aut-num:AS5489][U:ADD] > [0] 0.00s OK [aut-num:AS8991][U:ADD] > [0] 0.00s OK [aut-num:AS1955][U:ADD] > [0] 0.00s OK [aut-num:AS9150][U:ADD] > [0] 0.00s OK [aut-num:AS12509][U:ADD] > [0] 0.00s OK [aut-num:AS8752][U:ADD] > [0] 0.00s OK [aut-num:AS12511][U:ADD] > [0] 0.00s OK [aut-num:AS6827][U:ADD] > [0] 0.00s OK [aut-num:AS8798][U:ADD] > [0] 0.00s OK [aut-num:AS12515][U:ADD] > [0] 0.00s OK [aut-num:AS12517][U:ADD] > [0] 0.00s OK [aut-num:AS9020][U:ADD] > [0] 0.00s OK [aut-num:AS12522][U:ADD] > [0] 0.00s OK [aut-num:AS12524][U:ADD] > [0] 0.00s OK [aut-num:AS12526][U:ADD] > 0 rows affected [ INSERT mnt_routes SELECT 0, 25678, > mntner.object_id, 2 FROM mntner WHERE > mntner.mntner='WESTEND-MNT' ] > > *** died: +1691 modules/ud/ud_core.c > *** Backtrace with command line > ./load_all.sh: line 15: 24325 Broken pipe ${UNZIP1} > ${object_file} > 24326 Exit 141 | eval ${FILTER} > 24328 Segmentation fault | $LOADER -L $1 -p ${PROPERTIES} -s > ${SOURCE} > cat: gzip -cd /tmp/ripe.db.dummy.gz | eval cat | > /root/projects/v/bin/loader -L 0 -p /tmp/v/conf/rip.config -s RIPE: No > such file or directory > *** ERROR: Loader failure [1]. Exiting\n > ************** ERROR *************** > *** 22:18:26 Error loading database=ripe_RIPEDB for source=RIPE, > ./make_db exiting > ************************************ > It seems to be the same problem as in: > > > > but I am using whoisserver-3.6.tar.gz. > > The object following AS12526 is: > aut-num: AS5517 > as-name: CSL > descr: CSL Computer Service Langenbach GmbH AS# > import: from AS286 accept ANY > import: from AS8220 accept ANY > import: from AS20676 accept ANY > import: from AS35652 accept AS35652 > export: to AS286 announce AS5517 AND AS35652 > export: to AS8220 announce AS5517 AND AS35652 > export: to AS20676 announce AS5517 AND AS35652 > export: to AS35652 announce ANY > admin-c: CSL6-RIPE > tech-c: CSL6-RIPE > mnt-by: CSL-MNT > mnt-routes: WESTEND-MNT {194.140.239.0/24} > mnt-routes: CSL-MNT > changed: invaliduwe at nrw.net 20060808 > changed: invalidaldem at nrw.net 20091207 > source: RIPE > > which has "mnt-routes: WESTEND-MNT {194.140.239.0/24}"... > > May I ask for some help? > > Best regards, > > Christian > > > > From chricki at gmx.net Wed Jan 27 07:58:01 2010 From: chricki at gmx.net (chris) Date: Wed, 27 Jan 2010 07:58:01 +0100 Subject: whois queries with respect to RIPE policies Message-ID: <4B5FE3F9.30709@gmx.net> Hi list, During the next days, I'm planning to analyze some suspicious traffic that I collected during an execution of malware. One of my goal is to retrieve additional information for every IP address that is in that traffic. For this, I believe that the whois data is a very valuable source of information. However, I realize that I should not overdo in performing whois queries to RIPE (and RIR databases in general). I expect to query the database ~ 20,000 times per day. Here comes my problem: According to the RIPE policy, I am allowed to query the database even frequently. At the same time, one should avoid querying personal data too often. I am trying now to find a program (e.g., jwhois, the 'usual' UNIX whois client, with some weird parameters) that allow me to comply to the RIPE policies. For my convenicen, if I can somehow avoid it, I'd rather use the online database instead of syncing it and performing requests locally. In addition, I checked the whois usage policies of other RIRs. Admittedly, RIPE has got the far most transparent ones! Others don't give explicit limits in their usage, and I have to hope that I won't be blocked when using whois extensively. Would you please share your experiences, and maybe even give hints about a 'correct' usage of a whois client? Thanks in advance, Chris From fweimer at bfk.de Wed Jan 27 09:02:08 2010 From: fweimer at bfk.de (Florian Weimer) Date: Wed, 27 Jan 2010 08:02:08 +0000 Subject: whois queries with respect to RIPE policies In-Reply-To: <4B5FE3F9.30709@gmx.net> (chris's message of "Wed\, 27 Jan 2010 07\:58\:01 +0100") References: <4B5FE3F9.30709@gmx.net> Message-ID: <82y6jkm0vz.fsf@mid.bfk.de> * chris: > Would you please share your experiences, and maybe even give hints about > a 'correct' usage of a whois client? What type of objects do you need? If inetnum:s and route:s are sufficient, you could use the database dump on ftp.ripe.net. -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstra?e 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 From chricki at gmx.net Wed Jan 27 11:46:09 2010 From: chricki at gmx.net (chris) Date: Wed, 27 Jan 2010 11:46:09 +0100 Subject: whois queries with respect to RIPE policies In-Reply-To: <82y6jkm0vz.fsf@mid.bfk.de> References: <4B5FE3F9.30709@gmx.net> <82y6jkm0vz.fsf@mid.bfk.de> Message-ID: <4B601971.7070001@gmx.net> Florian, thanks for your reply. >> Would you please share your experiences, and maybe even give hints about >> a 'correct' usage of a whois client? > > What type of objects do you need? If inetnum:s and route:s are > sufficient, you could use the database dump on ftp.ripe.net. I'd like to get as much information out of whois as possible, without breaking the RIPE policies. Downloading the dump via FTP is an option, yes, but as I wrote I'd prefer to avoid it. The main reasons for this are that a) parsing this database is not very convenient and b) I'd need to synchronize also with the other RIRs. Chris From agoston at ripe.net Wed Jan 27 12:09:13 2010 From: agoston at ripe.net (Agoston Horvath) Date: Wed, 27 Jan 2010 12:09:13 +0100 Subject: whois queries with respect to RIPE policies In-Reply-To: <4B601971.7070001@gmx.net> References: <4B5FE3F9.30709@gmx.net> <82y6jkm0vz.fsf@mid.bfk.de> <4B601971.7070001@gmx.net> Message-ID: <4B601ED9.8050406@ripe.net> Dear Chris, There is only one way to get permanently banned by the RIPE DB: repeatedly ignoring its error messages. All other oversteps of limits result in a warning message only, one that users can and should react on. For your case, specifically, you should take care of the following: - always use the flags "-rR" to avoid querying for private date and avoid using "-B"; - do not query for person, role, ... objects - only internet resources like inetnum or aut-num; - If querying the RIPE DB in parallel, you should take care not to open more than 4 connections to whois at the same time. If you keep yourself to this, there is absolutely no problem firing 20K queries a day. As suggested by Florian earlier, if you have high volumes of queries, though, you should consider using the split files available on the ftp site. There is no exact definition of "high volume", as it also depends on what our servers can handle. At the moment I would say we will probably ask you to consider using split files if you have more than a couple hundred thousand queries a day. If you have any more questions, feel free to ask. Kind regards, Agoston Horvath Database Group RIPE NCC On 2010-01-27 11:46 AM, chris wrote: > Florian, thanks for your reply. > >>> Would you please share your experiences, and maybe even give hints about >>> a 'correct' usage of a whois client? >> >> What type of objects do you need? If inetnum:s and route:s are >> sufficient, you could use the database dump on ftp.ripe.net. > I'd like to get as much information out of whois as possible, without > breaking the RIPE policies. Downloading the dump via FTP is an option, > yes, but as I wrote I'd prefer to avoid it. The main reasons for this > are that a) parsing this database is not very convenient and b) I'd need > to synchronize also with the other RIRs. > > Chris > From chricki at gmx.net Thu Jan 28 08:18:32 2010 From: chricki at gmx.net (chris) Date: Thu, 28 Jan 2010 08:18:32 +0100 Subject: whois queries with respect to RIPE policies In-Reply-To: <4B601ED9.8050406@ripe.net> References: <4B5FE3F9.30709@gmx.net> <82y6jkm0vz.fsf@mid.bfk.de> <4B601971.7070001@gmx.net> <4B601ED9.8050406@ripe.net> Message-ID: <4B613A48.4040603@gmx.net> Dear Agoston, > For your case, specifically, you should take care of the following: > > - always use the flags "-rR" to avoid querying for private date and avoid > using "-B"; > > - do not query for person, role, ... objects - only internet resources > like inetnum or aut-num; Thanks a lot for these very helpful hints! I realized that -rR does exactly what I was looking for. Correct me if I am wrong: Using -rR implies that I comply to your second point, doesn't it? > If you keep yourself to this, there is absolutely no problem firing 20K > queries a day. Great, that's good news. However, I realized that there are two additional problems: 1) I also would like to query IP addresses of other RIRs. No matter what IP address I choose, my whois client (jwhois) always queries ARIN first, which redirects to the correct RIR. Since I'd like to avoid these redirects, my idea is to use the -h (host) option (e.g., -h whois.ripe.net) and vary the option depending on which IP address I query. I would use [1] as source to vary this parameter. Do you see any problems doing so? 2) As I mentioned already, RIPE whois policies are very transparent compared to other RIRs' ones. Whereas -rR works seamlessly for RIPE, it does not work for other RIRs (which is at least unfortunate). As I have to vary parameters for the whois call anyway (see 1), I could also switch off -rR for other RIRs. However, this would query personal data from other RIRs. Although this is not RIPE business now, is there any good practice in complying also to the whois policies of other RIRs? Thanks again for helping out. Cheers, Chris [1]: http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml From denis at ripe.net Thu Jan 28 11:07:13 2010 From: denis at ripe.net (Denis Walker) Date: Thu, 28 Jan 2010 11:07:13 +0100 Subject: whois queries with respect to RIPE policies In-Reply-To: <4B613A48.4040603@gmx.net> References: <4B5FE3F9.30709@gmx.net> <82y6jkm0vz.fsf@mid.bfk.de> <4B601971.7070001@gmx.net> <4B601ED9.8050406@ripe.net> <4B613A48.4040603@gmx.net> Message-ID: <4B6161D1.4060303@ripe.net> chris wrote: > Dear Agoston, > > >> For your case, specifically, you should take care of the following: >> >> - always use the flags "-rR" to avoid querying for private date and avoid >> using "-B"; >> >> - do not query for person, role, ... objects - only internet resources >> like inetnum or aut-num; >> > Thanks a lot for these very helpful hints! I realized that -rR does > exactly what I was looking for. Correct me if I am wrong: Using -rR > implies that I comply to your second point, doesn't it? > Yes the -r flag will prevent person objects being returned with your query results. You only need -R if you are querying for forward domain objects to prevent referral queries to domain registries. But this information is unreliable and will be removed from the RIPE Database soon. > >> If you keep yourself to this, there is absolutely no problem firing 20K >> queries a day. >> > Great, that's good news. However, I realized that there are two > additional problems: > > 1) I also would like to query IP addresses of other RIRs. No matter > what IP address I choose, my whois client (jwhois) always queries ARIN > first, which redirects to the correct RIR. Since I'd like to avoid these > redirects, my idea is to use the -h (host) option (e.g., -h > whois.ripe.net) and vary the option depending on which IP address I > query. I would use [1] as source to vary this parameter. Do you see any > problems doing so? > You may find this list is not exactly up to date. There are some ranges that are moved from one RIR to another. For example we recently moved some more legacy ranges from RIPE to AfriNIC. But you can handle these exceptions when you find them. > 2) As I mentioned already, RIPE whois policies are very transparent > compared to other RIRs' ones. Whereas -rR works seamlessly for RIPE, it > does not work for other RIRs (which is at least unfortunate). As I have > to vary parameters for the whois call anyway (see 1), I could also > switch off -rR for other RIRs. However, this would query personal data > from other RIRs. Although this is not RIPE business now, is there any > good practice in complying also to the whois policies of other RIRs? > APNIC and AfriNIC run similar whois code as RIPE. These flags may work with their systems. For ARIN and LACNIC you will have to check with them about their options and limits. Regards Denis Walker > Thanks again for helping out. > > Cheers, > Chris > > [1]: > http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml > > From wiwi at progon.net Sat Jan 30 14:01:53 2010 From: wiwi at progon.net (Christian 'wiwi' Wittenhorst) Date: Sat, 30 Jan 2010 14:01:53 +0100 Subject: "country": what to for "strange" locations? Message-ID: <4B642DC1.6080504@progon.net> Hello... I know there's "EU" for europe, but what to use for: - anycast services without any specific location - blackholes - ... For example, 193.0.14.0/23** (k.root-servers.net) uses "country: NL". Documentation says: "There are no rules defined for this attribute." Is there a best practice? If not, is there a chance to get "ZZ" approved for "unspecified" as ISO 3166-1 specifies "ZZ" (and some more) for "/User-assigned code elements"... Best regards, Christian / From shane at time-travellers.org Sat Jan 30 18:18:27 2010 From: shane at time-travellers.org (Shane Kerr) Date: Sat, 30 Jan 2010 09:18:27 -0800 Subject: "country": what to for "strange" locations? In-Reply-To: <4B642DC1.6080504@progon.net> References: <4B642DC1.6080504@progon.net> Message-ID: <4B6469E3.8040003@time-travellers.org> Christian, On 2010-01-30 05:01, Christian 'wiwi' Wittenhorst wrote: > > I know there's "EU" for europe, but what to use for: > - anycast services without any specific location > - blackholes > - ... > > For example, 193.0.14.0/23** (k.root-servers.net) uses "country: NL". > Documentation says: "There are no rules defined for this attribute." > > Is there a best practice? If not, is there a chance to get "ZZ" approved > for "unspecified" as ISO 3166-1 specifies "ZZ" (and some more) for > "/User-assigned code elements"... You have stumbled upon the reason this attribute should be OPTIONAL. However, Daniel Karrenberg finds it extremely useful for some sort of research, apparently, so it is marked MANDATORY. As you have guessed, there are no good answers to your problem. One possibility is to use the fact that it is MULTIPLE and list multiple countries - so perhaps listing the country code of each of your routers. Or you can just put something in the comments. If you want ZZ, you can bring it up on the db-wg. It was discussed a few years ago, but maybe we can convince them this time? -- Shane