Using the APNIC Whois Database

Transcription

Afghanistan, American Samoa, Australia,
Bangladesh, Bhutan, British Indian Ocean
Territory, Brunei Darussalam, Cambodia, China, Christmas Island, Cocos
Keeling Islands, Cook Islands, East Timor,
Fiji, French Polynesia, French Southern
Territories, Guam, Hong Kong, India,
Indonesia, Japan, Kiribati, North Korea,
South Korea, Laos, Macau, Malaysia,
Maldives, Marshall Islands, Micronesia,
Mongolia, Myanmar, Nauru, Nepal, New
Caledonia, New Zealand, Niue, Norfolk Island, Northern Mariana Islands,
Pakistan, Palau, Papua New Guinea,
Philippines, Pitcairn, Samoa, Singapore,
Solomon Islands, Sri Lanka, Taiwan,
Thailand, Tokelau, Tonga, Tuvalu, Vanuatu, Vietnam, Wallis and Futuna Islands.
Addressing the challenge of
responsible Internet resource distribution
in the Asia Pacific region
Asia Pacific Network Information Centre
Table of contents
Understanding objects
as-block as-set
aut-num
domain
filter-set inet6num
inetnum
inet-rtr
key-cert
mntner
peering-set
person role
route route6
route-set
rtr-set
4
4
4
5
5
5
5
6
6
6
7
7
7
7
7
8
8
9
Object templates
as-block
as-set
aut-num
domain
filter-set
inet6num
inetnum
inet-rtr
key-cert
mnter
peering-set
person
role
route
route6
route-set
rtr-set
10
10
10
10
11
11
11
12
12
13
13
13
13
14
14
15
15
15
Attributes and values
as-block objects
as-set objects
aut-num (Autonomous System) objects
domain
filter-set
inet-rtr
inetnum
16
16
17
19
24
26
27
29
IPv6 attributes and values
inet6num
key-cert
mntner
peering-set*
person
role
route
route6
route-set*
rtr-set*
31
31
33
34
35
36
37
38
40
42
45
Use the Test APNIC database
48
Getting started with the APNIC Test Whois Database
Creating objects in the APNIC Test Whois Database
Creating IP address objects in the APNIC Test Whois Database
Querying the APNIC Test Whois Database
Additional notes on use
48
48
48
49
49
How to structure a query
Simple queries
Queries using primary and lookup keys
Advanced queries
Miscellaneous queries
IP address lookups
Inverse queries
Informational queries
49
49
49
50
55
55
56
57
57
Searching the APNIC Whois Database
There are two ways to search the APNIC Whois Database:
• Use the online search facility @ http://www.apnic.net
• Query whois.apnic.net directly from the command line. For more info, see the PDF reference card.
Understanding objects
as-block
Shows the range of AS numbers delegated to Regional and National Internet Registries (NIRs). It is used to
stop the unauthorized creation of aut-num objects.
The as-block object is used to control the creation of aut-num objects. Top-level as-block objects are
maintained by APNIC. Smaller as-blocks may be created by APNIC for NIRs to allow the NIRs to create autnum objects for their members. The mnt-lower attribute of the as-block object specifies maintainers with the
authority to create smaller as-blocks or aut-num objects within the range of AS numbers protected by the asblock. If there is no mnt-lower, the maintainer specified in the mnt-by attribute is authorized to create as-block
objects or aut-num objects.
The mnt-by attribute specifies the maintainer whose auth method must be passed to modify the as-block
object itself.
as-set
A group of Autonomous Systems (AS) with the same routing policies.
The as-set may be either non-hierarchical or hierarchical, depending on how the object is named.
Non-hierarchical as-set objects
• Non-hierarchical as-set objects must begin with ‘AS-’ and cannot include AS numbers within the as-set object’s
as-set attribute.
• Non-hierarchical as-set names should only be used to create as-set objects that can be used across many networks, for example, unallocated AS numbers.
Example: AS-UNALLOCATED-ASNs
• To create or update a non-hierarchical as-set object, you do not need to pass the authorization of any objects,
except the maintainer referenced in the mnt-by attribute.
Hierarchical as-set objects
A hierarchical as-set object lists AS numbers as well as as-set in its as-set attribute.
• Each AS number and as-set name must be separated by a colon
• There must be at least one valid set-name in the attribute
• More than one as-set may be specified in the attribute
• Each as-set listed must begin with ‘AS-’
• AS numbers must begin with ‘AS’
Hierarchical as-set names should be used when creating sets of AS numbers specific to your own, your
customers’, or your peers’ networks. APNIC recommends the following format to allow you to manage
multiple as-sets on your network:
<origin-as-number>: AS-CUSTOMERS
<origin-as-number>: AS-PEERS
Example: AS1:AS-CUSTOMERS
To create or update a hierarchical as-set object, you must pass the auth method of the mntner of aut-num or
as-set objects to the left of the name of the as-set object you are creating.
For example, in AS1:AS-CUSTOMERS, the as-set example given above, authorization would be needed from
AS1.
Authorization is determined by first using the mnt-lower attribute of maintainer specified in the associated
aut-num or as-set objects. If the mnt-lower is absent, the mnt-by attribute is used.
aut-num
Contains details of the registered holder of an Autonomous System (AS) number and their routing policy for
that AS.
The maintainer of as-block objects has the sole authority to create new aut-num objects in the APNIC Whois
Database. In practice, this means only APNIC and the NIRs can create new aut-num objects. If you need an
aut-num object created, please submit an APNIC AS Number Request Form.
The mnt-by attribute specifies the maintainer whose auth method must be passed to update an existing
aut-num object. The mnt-lower and mnt-routes attributes are used to authorize the use of the AS number in
route objects.
domain
Contains details of in-addr.arpa (IPv4) and ip6.arpa (IPv6) reverse DNS delegations.
Top-level /8 reverse domain objects are maintained by APNIC to control unauthorized creation of reverse
domains within APNIC allocation and assignment ranges. Creation of more specific reverse domain objects is
authorized by the mnt-lower attribute of the reverse domain object.
filter-set
Defines the policy filter to be applied to a set of routes.
A filter-set object can be created without needing to pass the authorization of the maintainer of the aut-num,
filter-set or address prefix specified in the filter attribute.
To update a filter-set object, you must pass the auth method of the mntner specified in the filter-set object’s
mnt-by attribute.
inet6num
Contains details of an allocation or assignment of IPv4 address space.
The inetnum and inet6num objects can represent both allocations and assignments of addresses. These
are stored in a hierarchical structure. APNIC maintains the top-level inetnum and inet6num objects in the
hierarchy. When APNIC allocates or assigns address space to an organization, APNIC retains the authority to
update the allocation or assignment object by placing the APNIC maintainer in the mnt-by attribute. If you
wish to update details in an object detailing an allocation or assignment of address space from APNIC to your
organization, please contact:
[email protected]
If your organization is allocated address space by APNIC, APNIC will place your mntner object in the
allocation object’s mnt-lower attribute to give you authority to create customer allocation and assignment
objects within the allocation range. To create objects within the address range specified by the allocation
object, you must pass the auth method of the mntner object specified in the mnt-lower attribute.
Note: If you are sub-allocating address space to customer organizations, be sure to include a mnt-lower
attribute that gives your customer the sole authority to create assignments within that address range. Failure
to include a mnt-lower attribute means there is no protection against unauthorized inetnum or inet6num
objects being created within that address range.
inetnum
Contains details of an allocation or assignment of IPv4 address space.
The inetnum and inet6num objects can represent both allocations and assignments of addresses. These
are stored in a hierarchical structure. APNIC maintains the top level inetnum and inet6num objects in the
hierarchy. When APNIC allocates or assigns address space to an organization, APNIC retains the authority to
update the allocation or assignment object by placing the APNIC maintainer in the mnt-by attribute. If you
wish to update details in an object detailing an allocation or assignment of address space from APNIC to your
organization, please contact:
[email protected]
If your organization is allocated address space by APNIC, APNIC will place your mntner object in the
allocation object’s mnt-lower attribute to give you authority to create customer allocation and assignment
objects within the allocation range. To create objects within the address range specified by the allocation
object, you must pass the auth method of the mntner object specified in the mnt-lower attribute.
Note: If you are sub-allocating address space to customer organizations, be sure to include a mnt-lower
attribute that gives your customer sole authority to create assignments within that address range. Failure to
include a mnt-lower attribute means there is no protection against unauthorized inetnum or inet6num objects
being created within that address range.
inet-rtr
Represents an Internet router within a routing registry.
Creating an inet-rtr object does not require the authorization of the address range or AS number specified in
the object.
Inet-rtr objects can be grouped together to form router set (rtr-set) objects. There are two ways an inet-rtr
object can be a member of an rtr-set object:
1. Use the member-of attribute of the inet-rtr object to list rtr-set objects it wishes to be a part of.
The mbrs-by-ref attribute of the rtr-set object must authorize this inclusion by specifying the mntner of the
inet-rtr.
2. Use the members attribute of the rtr-set object to explicitly include the inet-rtr object in the set.
In this case, the inet-rtr object cannot refer to the rtr-set object in the inet-rtr object’s member-of attribute.
Attempts to refer to the rtr-set so will result in an authorization failure. It is good practice to use the remarks
attribute to identify the rtr-set to which this inet-rtr belongs.
Note: It is not possible to use the member-of attribute for this purpose.
key-cert
Stores the PGP (Pretty Good Privacy) certificate for users with mntner objects for authentication when
performing objects updates.
mntner
Contains details of the authorized agent able to make changes to APNIC Whois Database objects. Also
includes details of a process that verifies that the person making the changes is authorized to do so. All
mntner objects must be forwarded to APNIC staff as they are not created automatically.
peering-set
Defines a set of peering listed in the object’s peering attribute.
A peering-set object can be created without needing to pass the authorization of the maintainer of any autnum, as-set, inet-rtr or rtr-set objects specified in the peering attribute.
To update a peering-set object, you must pass the auth method of the mntner specified in the peering-set
object’s mnt-by attribute.
person
Contains details of a technical or administrative contact responsible for the object where it is referenced.
role
Contains details of technical or administrative contacts as represented by a role, performed by one or more
people within an organization, such as a help desk or network operations centre.
route
Represents a single IPv4 route injected into the Internet routing mesh.
To create a new route object, the database seeks authorization from two objects associated with the route in
the database:
• All route objects must be authorized by the aut-num object referenced in the origin attribute.
• In addition to the aut-num object, authorization is sought from one of the following two objects:
•
A less specific route object
•
The inetnum object matching or encompassing the prefix of the new route object.
Relationship between aut-num, less specific route, and inetnum
Object
aut-num
less specific
route
inetnum
Relationship to route object creation
The aut-num object must be an AS number contained in the APNIC Whois Database. The
route object must pass one of the authentication methods of the mntner objects specified
in the aut-num.
More specific route objects may be created for multihomed networks using non-portable
assigned space. In this case, authorization to create the more specific route object may be
given by mntner objects listed in the less specific route object.
Note: Authorization to create more specific route objects may also be obtained from
mntner objects specified in associated inetnum objects.
If no less specific route object is found, the software will look for authorization from the
smallest inetnum object that encompasses the prefix specified in the new route object.
Authorization to create route objects is specified in the following attributes of inetnum, aut-num and less
specific route objects:
Attribute
mnt-routes
Description
Used to explicitly state which mntner objects can be used to create route objects.
Attribute
mnt-lower
Description
In the absence of a mnt-routes attribute, this attribute is used.
mnt-by
Note: if the mnt-routes attribute is present, the mnt-lower attribute may still be used to
create or update the route object.
In the absence of mnt-routes and mnt-lower attributes, the mnt-by attribute is used.
Note: if the mnt-routes and mnt-lower attributes are present, the mnt-lower attribute
may still be used to create or update the route object.
route6
Represents a single IPv6 route injected into the Internet routing mesh. The same authorization rules apply as
for a route object.
route-set
Defines a set of routes that can be represented by route objects or address prefixes. A route-set object may
be either non-hierarchical or hierarchical depending on how the object is named.
Non-hierarchical route-set objects
• Non-hierarchical route-set objects must begin with ‘RS-’ and cannot include anything other than a single routeset name in the route-set attribute.
• Non-hierarchical route-set names should only be used to create route-set objects that can be used across many
networks, for example, denied routes.
Example: RS-DENIED-ROUTES
• To create or update a non-hierarchical route-set object, you do not need to pass the authorization of any objects except the maintainer referenced in the mnt-by attribute.
Hierarchical route-set objects
A hierarchical route-set object lists one or more of the following in the route-set attribute in addition to the
route-set name beginning with ‘RS-’ that defines the route-set:
• Route set
• AS number
• AS set
Hierarchical route-set names should be used when creating sets of routes specific to your own or your
customers’ routes. APNIC recommends the following format to allow you to manage multiple route-set
objects for you and your customer networks:
<as-number>:RS-<organization>
Example: AS1:RS-CUSTOMERS
Please note:
• Each item listed must be separated by a colon.
• There must be at least one valid route-set name in the attribute beginning with ‘RS-’. To create or update a hierarchical route-set object, you must pass the auth method of the mntner of objects to the left of the name of
the route-set object you are creating. For example, in the example given above, authorization would have to be
given by AS1.
Authorization is determined by first using the mnt-lower attribute of maintainer specified in the associated
inetnum, aut-num, as-set, or route-set objects listed. If the mnt-lower is absent, the mnt-by attribute is used.
rtr-set
A rtr-set object defines a set of routers. A rtr-set object may be either non-hierarchical or hierarchical
depending how the object is named.
Non-hierarchical rtr-set objects
Non-hierarchical rtr-set objects must begin with ‘RTRS-’ and cannot include anything other than a single rtr-set
name in the rtr-set attribute. Non-hierarchical route-set names are best used when using an RPSL compliant
database to manage internal network configurations.
Example: RTRS-EXAMPLENET-SYDNEY
To create or update a non-hierarchical rtr-set object, you do not need to pass the authorization of any objects
except the maintainer referenced in the rtr-set object’s mnt-by attribute.
Hierarchical rtr-set objects
A hierarchical rtr-set object lists one or more aut-num in the route-set attribute in addition to the route-set
name beginning with ‘RTRS-’ that defines the route-set.
Hierarchical rtr-set names should be used when creating sets of routers specific to your own or your
customers’ routers. APNIC recommends the following format to allow you to manage multiple rtr-set objects
for your network:
<as-number>:RTRS-<description>
Example: AS1:RTRS-EXAMPLENET-FUTUNA-SITE
Please note:
• Each item listed must be separated by a colon
• There must be at least one valid rtr-set name in the attribute beginning with ‘RTRS-’
To create or update a hierarchical rtr-set object, you must pass the auth method of the mntner of objects
to the left of the name of the route-set object you are creating. For example, in the example given above,
authorization would have to be given by AS1. Authorization is determined by first using the mnt-lower
attribute of maintainer specified in the associated inetnum, aut-num, as-set, or route-set objects listed. If the
mnt-lower is absent, the mnt-by attribute is used.
Object templates
as-block
as-block:
descr:
country:
remarks:
tech-c:
admin-c:
notify:
mnt-lower:
mnt-by:
changed:
source:
[mandatory]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[optional]
[optional]
[mandatory]
[mandatory]
[mandatory]
[single]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[primary/lookup key]
[]
[]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[]
[]
[mandatory]
[mandatory]
[optional]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[optional]
[optional]
[mandatory]
[mandatory]
[mandatory]
[single]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[]
[]
[]
[inverse key]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[]
[]
[mandatory]
[mandatory]
[mandatory]
[mandatory]
[optional]
[optional]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[optional]
[optional]
[optional]
[mandatory]
[single]
[single]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[]
[]
[]
[]
[]
[]
[]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
as-set
as-set:
descr:
country:
members:
mbrs-by-ref:
remarks:
tech-c:
admin-c:
notify:
mnt-lower:
mnt-by:
changed:
source:
aut-num
aut-num:
as-name:
descr:
country:
member-of:
import:
export:
default:
remarks:
tech-c:
admin-c:
notify:
mnt-lower:
mnt-routes:
mnt-by:
10
aut-num
changed:
source:
[mandatory]
[mandatory]
[multiple]
[single]
[]
[]
[mandatory]
[mandatory]
[optional]
[mandatory]
[mandatory]
[mandatory]
[mandatory]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[single]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[multiple]
[single]
[]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[]
[]
[inverse key]
[inverse key]
[inverse key]
[]
[]
[]
[mandatory]
[mandatory]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[optional]
[optional]
[mandatory]
[mandatory]
[mandatory]
[single]
[multiple]
[single]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[]
[]
[]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[]
[]
[mandatory]
[mandatory]
[mandatory]
[mandatory]
[mandatory]
[mandatory]
[optional]
[mandatory]
[single]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[lookup key]
[]
[]
[inverse key]
[inverse key]
[inverse key]
[]
domain
domain:
descr:
country:
tech-c:
admin-c:
zone-c:
nserver:
sub-dom:
dom-net:
remarks:
notify:
mnt-lower:
mnt-by:
refer:
changed:
source:
filter-set
filter-set:
descr:
filter:
mp-filter:
remarks:
tech-c:
admin-c:
notify:
mnt-lower:
mnt-by:
changed:
source:
inet6num
inet6num:
netname:
descr:
country:
tech-c:
admin-c:
rev-srv:
status:
11
inet6num
remarks:
notify:
mnt-lower:
mnt-by:
mnt-routes:
changed:
source:
[optional]
[optional]
[optional]
[mandatory]
[optional]
[mandatory]
[mandatory]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[]
[]
[mandatory]
[mandatory]
[mandatory]
[mandatory]
[mandatory]
[mandatory]
[optional]
[mandatory]
[optional]
[optional]
[optional]
[mandatory]
[optional]
[mandatory]
[mandatory]
[single]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[lookup key]
[]
[]
[inverse key]
[inverse key]
[inverse key]
[]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[]
[]
[mandatory]
[mandatory]
[optional]
[mandatory]
[mandatory]
[optional]
[optional]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[optional]
[mandatory]
[mandatory]
[mandatory]
[single]
[multiple]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[]
[]
[inverse key]
[lookup key]
[lookup key]
[]
[]
[inverse key]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[]
[]
inetnum
inetnum:
netname:
descr:
country:
tech-c:
admin-c:
rev-srv:
status:
remarks:
notify:
mnt-lower:
mnt-by:
mnt-routes:
changed:
source:
inet-rtr
inet-rtr:
descr:
alias:
local-as:
ifaddr:
interface:
peer:
mp-peer:
member-of:
remarks:
admin-c:
tech-c:
notify:
mnt-by:
changed:
source:
12
key-cert
key-cert:
method:
owner:
fingerpr:
certif:
remarks:
notify:
admin-c:
tech-c:
mnt-by:
changed:
source:
[mandatory]
[generated]
[generated]
[generated]
[mandatory]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[mandatory]
[mandatory]
[single]
[single]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[]
[]
[inverse key]
[]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[]
[]
[mandatory]
[mandatory]
[optional]
[mandatory]
[optional]
[mandatory]
[optional]
[mandatory]
[optional]
[optional]
[mandatory]
[mandatory]
[mandatory]
[mandatory]
[single]
[multiple]
[single]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[multiple]
[single]
[]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[]
[inverse key]
[inverse key]
[inverse key]
[]
[]
[mandatory]
[mandatory]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[optional]
[mandatory]
[optional]
[mandatory]
[mandatory]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[]
[]
[]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[]
[]
mnter
mnter:
descr:
country:
admin-c:
tech-c:
upd-to:
mnt-nfy:
auth:
remarks:
notify:
mnt-by:
referral-by:
changed:
source:
peering-set
peering-set:
descr:
peering:
mp-peering:
remarks:
tech-c:
admin-c:
notify:
mnt-by:
mnt-lower
changed:
source:
13
person
person:
address:
country:
phone:
fax-no:
e-mail:
nic-hdl:
remarks:
notify:
mnt-by:
changed:
source:
[mandatory]
[mandatory]
[mandatory]
[mandatory]
[optional]
[mandatory]
[mandatory]
[optional]
[optional]
[mandatory]
[mandatory]
[mandatory]
[single]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[lookup key]
[]
[]
[]
[]
[lookup key]
[]
[inverse key]
[inverse key]
[]
[]
[mandatory]
[mandatory]
[mandatory]
[mandatory]
[optional]
[mandatory]
[optional]
[mandatory]
[mandatory]
[mandatory]
[optional]
[optional]
[mandatory]
[mandatory]
[mandatory]
[single]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[lookup key]
[]
[]
[]
[]
[lookup key]
[]
[inverse key]
[inverse key]
[]
[inverse key]
[inverse key]
[]
[]
[mandatory]
[mandatory]
[optional]
[mandatory]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[single]
[multiple]
[single]
[single]
[multiple]
[multiple]
[multiple]
[single]
[single]
[single]
[single]
[multiple]
[multiple]
[]
[]
[primary/inverse key]
[]
[inverse key]
[]
[]
[]
[]
[]
[]
[inverse key]
role
role:
address:
country:
phone:
fax-no:
e-mail:
trouble:
admin-c:
tech-c:
nic-hdl:
remarks:
notify:
mnt-by:
changed:
source:
route
route:
descr:
country:
origin:
holes:
member-of:
inject:
aggr-mtd:
aggr-bndry:
export-comps:
components:
remarks:
notify:
14
route
mnt-lower:
mnt-routes:
mnt-by:
changed:
source:
[optional]
[optional]
[mandatory]
[mandatory]
[mandatory]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[inverse key]
[inverse key]
[inverse key]
[]
[]
[mandatory]
[mandatory]
[mandatory]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[mandatory]
[single]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[single]
[single]
[single]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[]
[primary/inverse key]
[]
[]
[]
[]
[]
[]
[]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[]
[]
[mandatory]
[mandatory]
[optional]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[optional]
[mandatory]
[optional]
[mandatory]
[mandatory]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[]
[]
[]
[inverse key]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[]
[]
[mandatory]
[mandatory]
[optional]
[single]
[multiple]
[multiple]
[]
[]
route6
route6:
descr:
origin:
holes:
member-of:
inject:
aggr-mtd:
aggr-bndry:
export-comps:
components:
remarks:
notify:
mnt-lower:
mnt-routes:
mnt-by:
changed:
source:
route-set
route-set:
descr:
members:
mp-members:
mbrs-by-ref:
remarks:
tech-c:
admin-c:
notify:
mnt-by:
mnt-lower
changed:
source:
rtr-set
rtr-set:
descr:
members:
15
rtr-set
mp-members:
mbrs-by-ref:
remarks:
tech-c:
admin-c:
notify:
mnt-by:
mnt-lower:
changed:
source:
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[optional]
[mandatory]
[optional]
[mandatory]
[mandatory]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[]
[inverse key]
[]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[inverse key]
[]
[]
Attributes and values
Note: Attributes marked with an * now support the 4-byte AS number syntax.
as-block objects
Mandatory attributes
Attributes
as-block*
Description
A range of AS numbers delegated to a Regional or National Internet Registry.
admin-c
The AS numbers in the range are subsequently assigned by the registry to members or
end-users in the region. Information on individual AS numbers within an as-block object are
stored in the appropriate Internet Registry’s whois database.
The NIC-handle of an on-site contact person object.
tech-c
In the web interface, the admin-c field contains a link to the person object the NIC-handle
belongs to.
The NIC-handle of a technical person object.
mnt-by
changed
In the web interface, the tech-c field contains a link to the person object the NIC-handle
belongs to.
The identifier of a registered mntner object used for authorization and authentication.
The email address of who last updated the database object and the date it occurred.
source
The changed attribute is not a network contact address, as it merely records who made the
most recent change to the registration information. All APNIC addresses will initially record
an APNIC address in this attribute, as APNIC creates the first database object.
The name of the database from which the data was obtained.
Optional fields
Attributes
descr
country
remarks
notify
16
Description
Description of the Internet Registry delegated the range of AS numbers shown in the asblock.
Two letter ISO 3166 code of the country or economy where the admin-c is based.
Details of codes are specified in ISO 3166.
Information on the registry that maintains details of AS numbers assigned from the as-block.
Also includes where to direct a whois client to find further information on the AS numbers.
The e-mail address to which notifications of changes to the object should be sent.
Attributes
mnt-lower
Description
The identifier of a registered mntner object used to authorize the creation of aut-num
objects within the range specified by the as-block.
If no mnt-lower is specified, the mnt-by attribute is used for authorization.
as-set objects
The as-set object allows you to group AS numbers with similar properties. For example, instead of referring
to many individual AS numbers in the import and export attributes of the aut-num object, you can refer to a
single as-set object.
For example, using the following as-set object:
• as-set: AS1:AS-CUSTOMERS
• members: AS2, AS3, AS4, AS5
Instead of using this long import statement:
import: from AS2 accept AS2
You could replace it with this simple import statement:
import: from AS1:AS-CUSTOMERS accept AS1:AS-CUSTOMERS
If you use automated tools used to configure routers, the aut-num objects associated with the as-set object
will be returned, and all individual routes that originate from the AS numbers will be injected into your
configuration files.
17
Attribute
as-set*
Function
technical
Description
The name of a set of aut-num objects.
The as-set attribute may take two forms:
1. Non-hierarchical
A non-hierarchical as-set attribute must begin with ‘AS-’.
Non-hierarchical as-set names should only be used to create as-set
objects that can be used across many networks, for example, unallocated
AS numbers.
Example: AS-UNALLOCATED ASNs
2. Hierarchical
A hierarchical as-set attribute consists of as-set names and AS numbers
separated by colons ‘:’. There must be at least one set-name within the
hierarchical name that starts with ‘AS-’.
Hierarchical as-set names should be used when creating sets of AS
numbers specific to your own, your customers’, or your peers’ networks.
APNIC recommends the following format to allow you to manage
multiple as-set objects for your network:
• <origin-as-number>:AS-CUSTOMERS
• <origin-as-number>:AS-PEERS
descr
tech-c
admin-c
mnt-by
changed
source
18
administrative
Example: AS1:AS-CUSTOMERS
A short description related to the object’s purpose.
administrative
Example: Peers for AS1 ExampleNet
The NIC-handle of a technical person or role object.
administrative
In the web interface, the tech-c attribute contains a link to the person or
role object to which the NIC-handle belongs.
The NIC-handle of an on-site contact person or role object.
administrative
administrative
administrative
In the web interface, the admin-c attribute contains a link to that person
or role object to which the NIC-handle belongs.
The identifier of a registered mntner object used for authorization and
authentication.
In the web interface, the mnt-by attribute contains a link to the specified
mntner.
The email address of who last updated the database object and the date
it occurred.
Every time a change is made to a database object, this attribute will show
the email address of the person who made those changes. This is not to
be used as a contact address.
Optional attributes
Attribute
country
Function
administrative
members*
technical
Description
Two-letter code of the country where the admin-c is based. Details
of country codes are specified in ISO3166 (http://www.apnic.net/info/
reference/lookup_codes.html)
Explicitly lists members of the as-set. Members of an as-set can be:
• AS numbers
• AS sets
mbrs-by-ref
technical/
administrative
If this attribute is used, the aut-num or as-set objects referred to should
not include a reference to this as-set object in their own member-of
attributes. Attempts to do so will result in an authorization failure.
The identifier of a registered mntner object that can be used to add
members to the as-set indirectly.
To include an aut-num or as-set object as a member in this as-set, the
mntner specified in the mbrs-by-ref attribute must refer to this as-set
in the appropriate aut-num or as-set object’s member-of attribute. This
allows the maintainer to choose which of the objects they maintain should
be part of the set. If the maintainer chooses not to list the set in the
member-of attribute of an object, that object will not be included in the
set.
To allow any aut-num or as-set to be a member of this as-set, use the
keyword ANY.
remarks
notify
mnt-lower
administrative
administrative
administrative
If the mbrs-by-ref attribute is not used, the as-set will only include objects
specified the members attribute.
General remarks. May include a URL or email address.
The e-mail address to which notifications of changes to an object will be
sent.
When this attribute contains [email protected], it means APNIC staff
are notified of changes to the object.
Sometimes there is a hierarchy of maintainers. In these cases, mnt-lower is
used as well as mnt-by.
aut-num (Autonomous System) objects
Autonomous System (AS) numbers (aut-num objects) are globally unique identifiers for autonomous systems.
An AS is a group of IP networks having a single clearly defined routing policy run by one or more network
operators.
An aut-num object contains details of the organization that was delegated the AS number as well as the AS’s
routing information.
Using aut-num objects
Use aut-num objects to help configure your network’s routers. Aut-num objects, in combination with other
routing objects, can be used to describe your routing policy in a compact form. This can help your network
identify routing policy errors and omissions more easily than by reading long configuration files.
19
Use automated tools, such as the IRRToolset, to retrieve information from the aut-num objects to create
router configuration files for different architectures. Configuration files produced this way should be much less
prone to error than manually configured routers.
Network administrators can use aut-num objects to debug network problems.
Attribute
Function
aut-num*
technical
as-name
administrative
admin-c
administrative
tech-c
mnt-by
changed
source
20
administrative
administrative
administrative
administrative
Description
The Autonomous System (AS) number.
A descriptive name used to identify an AS.
authentication.
mntner.
it occurred.
Optional attributes
Attribute
country
Function
administrative
member-of*
technical
Description
The two letter ISO 3166 code of the country or economy where the
admin-c is based. Details of the codes are specified in ISO 3166 (http://
www.apnic.net/info/reference/lookup_codes.html).
Identifies as-set objects of which this aut-num object is intended to be a
member.
An aut-num may be useful to include in an as-set if your network
maintains a number of Autonomous Systems or wishes to include its
routes in an upstream provider’s routing information.
To be included in an as-set, the as-set object must:
• Include the keyword “ANY” or the AS number’s mbrs-by-ref attribute
and/or
• List the AS number in the members attribute
Note: Do not include an as-set in this attribute if this aut-num is
explicitly mentioned in the as-set object’s members attribute. Attempts to
do so will result in an authorization failure.
import
technical
For more information on as-set objects, see the attributes of the as-set
object.
The inbound IPv4 routing policy of the AS.
Use this attribute if you plan to use the APNIC Routing Registry to help
automate the configuration of your routers.
The routing policy is specified by a series of expressions that describe
which peer networks the AS will accept routing information from. Each
import attribute lists an AS number or address prefix and may include
any costs associated with accepting routing information from that peer.
Information in the import attribute must use the following format:
import: from <peering-1> [action <action-1>]
accept <filter>
For more information, see RFC 2622, section 6.1.
21
Attribute
mp-import*
Function
technical
Description
This attribute performs the same function as the import attribute above.
The difference is that mp-import allows both IPv4 and IPv6 address
families to be specified.
The inbound IPv4 or IPv6 routing policy of the AS.
which peer networks the AS will accept routing information from. Each
mp-import attribute lists an AS number or address prefix and may include
any costs associated with accepting routing information from that peer.
Information in the mp-import attribute must use the following format:
mp-import: [protocol <protocol-1>] [into
<protocol-2>]
afi <afi-list>
from <peering-1> [action <action-1>]
export*
technical
accept (<filter>|<filter> except
<importexpression>|
refine <importexpression>)
The outbound routing policy of the AS.
<filter>
which peer networks the AS will export routing information to. Each
export attribute lists an AS number or address prefix.
Information in the export attribute must use the following format:
export: to <peering-1> [action <action-1>]
announce <filter>
22
Attribute
mp-export*
Function
technical
Description
This attribute performs the same function as the export attribute above.
The difference is that mp-export allows both IPv4 and IPv6 address
families to be specified.
which peer networks the AS will export routing information to. Each mpexport attribute lists an AS number or address prefix.
Information in the mp-export attribute must use the following format:
mp-export: [protocol <protocol-1>] [into
<protocol-2>]
afi <afi-list>
to <mp-peering-1> [action <action-1>]
announce <mp-filter>
default*
technical
The peer network the AS will use for as a default; that is, when the AS has
no more-specific information on where to send the traffic.
Use this attribute if you plan to use the APNIC Routing Registry to
help automate the configuration of your routers and you do not have a
complex import/export policy.
Each default attribute lists an AS number or address prefix and may
include a policy filter.
Information in the default attribute must use the following format (using
multiple lines as necessary):
default: to <peering> [action <action>]
[networks <filter>]
23
Attribute
mp-default*
Function
technical
Description
This attribute performs the same function as the default attribute above.
The difference is that mp-default allows both IPv4 and IPv6 addresses to
be specified.
Use this attribute if you plan to use the APNIC Routing Registry to
help automate the configuration of your routers and you do not have a
complex import/export policy.
Each mp-default attribute lists an AS number or address prefix and may
include a policy filter.
Information in the mp-default attribute must use the following format
(using multiple lines as necessary):
mp-default: [protocol <protocol-1>] [into
<protocol-1>] afi <afi-list> to <mp-peering>
[action <action-1>] announce <filter>
remarks
notify
administrative
administrative
mnt-lower
administrative
mnt-routes
administrative
The email address to which notifications of changes to an object will be
sent.
When the attribute contains [email protected] it means APNIC staff are
notified of changes to the object.
The identifiers of registered mntner objects used to control the creation
of hierarchically named as-set objects that use the name of the aut-num
object. If no mnt-lower attribute is listed, mnt-by is referred to when
authorizing hierarchically named as-set objects.
The identifier of a registered mntner object used to control the creation
of route objects
domain
Attributes of reverse delegation (domain) scripts
Attributes
domain
Description
The name of the reverse delegation.
For IPv4 reverse delegation, use the format x.x.x.x.in-addr.arpa.
Examples:
• 181.137.202.in-addr.arpa
• 137.202.in-addr.arpa
descr
For IPv6 reverse delegations, use the format x.x.x.x.ip6.arpa.
The name of the organization responsible for the reverse delegation. Or can describe the
use of the IP range described in the domain object.
Examples:
• Reverse delegation for ExampleNet-WF
• Reverse delegation for 202.137.181.0/20
• Reverse delegation for Sparkynet customer
24
Attributes
admin-c
tech-c
zone-c
nserver
mnt-by
Description
The NIC-handle of an on-site contact person or role object. There may be more than one
admin-c listed.
In the web interface, the admin-c field contains a link to the person or role object the NIChandle belongs to.
The NIC-handle of a technical contact person or role object. There may be more than one
tech-c listed.
In the web interface, the tech-c field contains a link to the person or role object the NIChandle belongs to.
The NIC-handle of a person or role object with authority over a zone. There may be more
than one zone-c listed.
In the web interface, the zone-c attribute contains a link to the person or role object the
NIC-handle belongs to.
A list of nameservers for a domain object. A minimum of two nameservers is mandatory.
The identifier of a registered mntner object used for authorization and authentication of
changes to the domain object.
changes
In the web interface, the mnt-by attribute contains a link to the specified mntner.
source
Every time a change is made to a database object, this attribute will show the email address
of the person who made those changes. This is not to be used as a contact address.
Optional fields
Attributes
country
sub-dom
Description
Two letter ISO 3166 code of the country or economy where the admin-c is based. Details
of codes are specified in ISO 3166 (http://www.apnic.net/info/reference/lookup_codes.
html)
This attribute is not applicable to reverse domains. Do not use this attribute.
dom-net
APNIC Whois Database uses RIPE v3 database software. Some functions and options in
RIPE software are not applicable to the APNIC Whois Database.
remarks
notify
The e-mail address to which notifications of changes to an object should be sent.
mnt-lower
refer
The notify attribute is not to be used as a contact point for the organization responsible for
the reverse domain.
The identifier of a registered mntner object used to authorize the creation of reverse
domain objects more specific than the reverse domain specified by this object.
25
filter-set
The filter-set object is an advanced routing object that can be used by more complex networks to filter
imported and exported routes.
For more information, see RFC 2622 (http://www.ietf.org/rfc/rfc2622.txt), section 5.4.
Attribute
filter-set*
descr
tech-c
admin-c
mnt-by
changed
source
Function
technical
Description
The name of the filter set. The filter-set must begin with “FLTR-“.
administrative
Example: FLTR-EXAMPLENET
administrative
Example: Filter local community routes
administrative
administrative
administrative
administrative
authentication.
mntner.
it occurred.
Optional attributes
Attribute
filter*
Function
technical
Description
The policy filter of the set.
The policy filter is a logical expression which, when applied to a set of
routes, returns a subset of those routes.
Example: filter: (AS1 or fltr-foo) and <AS2>
Important: The filter and mp-filter attributes cannot appear together
within the same object.
For more information, see RFC 2622 (http://www.ietf.org/rfc/rfc2622.txt),
section 5.4.
26
Attribute
mp-filter*
Function
technical
remarks
notify
administrative
administrative
mnt-lower
administrative
Description
Logical expression which, when applied to a set of IPv4 or IPv6 routes,
returns a subset of these routes. For more information, see RFC 4012
(http://www.ietf.org/rfc/rfc4012.txt), section 2.5.2.
The filter and mp-filter attributes cannot appear together within the same
object.
The email address to which notifications of changes to an object will be
sent. When this attribute contains [email protected], it means APNIC
staff are notified of changes to the object.
inet-rtr
An inet-rtr can be used by automated tools to determine which AS a router belongs to. It can be used to
register information about peering relationships.
The inet-rtr object can also be useful if you are using RPSL to configure your internal network.
Attribute
inet-rtr*
descr
Function
technical
Description
The valid DNS name of the router described.
administrative
Example: inet-rtr: rtr.example.net
Examples:
• descr: Border router for Sparkynet
local-as*
tech-c
admin-c
mnt-by
technical
• descr: Beijing - china
Specifies the AS number of the AS that operates the router.
administrative
Example: local-as: AS1
administrative
administrative
authentication.
In the web interface, the mntner attribute contains a link to the specified
mntner.
27
Attribute
changed
source
Function
administrative
administrative
Description
it occurred.
The changed attribute is not a network contact address, as it merely
records who made the most recent change to the registration
information. All APNIC addresses will initially record an APNIC address in
this field, as APNIC creates the first database object.
Optional attributes
Attribute
alias
ifaddr*
interface*
Function
technicaladvanced
technical
technicaladvanced
Description
Alternative canonical DNS for the router
Describes all the inter-router serial port interfaces for all the line cards.
The interface address (ifaddr) attribute must be in the format:
<ipv4-address> masklen <integer> [action <action>]
Example: ifaddr: 147.45.0.17 masklen 32
peer*
technicaladvanced
section 9.
This attribute performs the same function as the ifaddr attribute above.
The difference is that interface allows both IPv4 and IPv6 address families
to be specified.
Describes all the inter-router serial port interfaces for all the line cards.
The interface address (interface) attribute must be in the format:
afi <afi> <ipv4-address> masklen <integer> [action
<action>]
or:
afi <afi> <ipv6-address> masklen <integer> [action
<action>] [tunnel <remote-endpoint-address>,<encap
sulation>]
section 4.5.
28
Attribute
mp-peer*
Function
technicaladvanced
Description
This attribute performs the same function as the peer attribute above. The
difference is that mp-peer allows both IPv4 and IPv6 address families to be
specified.
Specifies the protocol used to peer with another router.
Example:
<protocol> afi <afi> <ipv4- or ipv6- address>
<options>
| <protocol> <inet-rtr-name> <options>
| <protocol> <rtr-set-name> <options>
| <protocol> <peering-set-name> <options>
remarks
notify
administrative
administrative
section 4.5.
The email address to which notifications of changes to an object should
be sent.
inetnum
Attributes
inetnum
netname
descr
country
admin-c
Description
The range of IP address space described by the object
The name of a range of IP address space
Description of the organization allocated or assigned the address space shown in the
inetnum.
Two-letter ISO 3166 code of the country or economy where the admin-c is based. Details
of the code are specified in ISO 3166 (http://www.apnic.net/info/reference/lookup_codes.
html).
admin-c listed.
In the web interface, the admin-c attribute contains a link to the person or role object the
tech-c
To report spam or network abuse (http://www.apnic.net/info/faq/abuse/index.html), please
use the email of the admin-c.
tech-c listed.
In the web interface, the tech-c attribute contains a link to the person or role object the
use the email of the tech-c.
29
Attributes
status
mnt-by
changed
Description
All inetnum objects under the APNIC Whois Database must have a status attribute. The
status attribute must be one of the following values:
Status
Definition
Value set by
ALLOCATED
Address space allocated by APNIC or NIRs
APNIC/NIR
PORTABLE
to LIRs for the purpose of subsequent
ONLY
distribution by LIRs to their customers. These
allocations remain valid even if the network
changes upstream provider.
ALLOCATED NONAddress space allocated by LIRs to their
LIR/ISP
PORTABLE
customers for subsequent assignment by those
customers. These allocations (and assignments
made from these allocations) must be
returned if the network changes upstream
provider.
ASSIGNED PORTABLE
Assignments made by APNIC or NIRs, for
APNIC/NIR
example, small multihoming assignments or
ONLY
IXP assignments. These assignments remain
valid if the network changes upstream
provider.
ASSIGNED NONAssignments made by LIRs to their
LIR/ISP
PORTABLE
customers for specific use within the Internet
infrastructure they operate. Assignments
must only be made for specific, documented
purposes and may not be sub-assigned. These
assignments must be returned if the network
The identifier of a registered mntner object used for authorization and authentication. In
the web interface, the mntner attribute contains a link to the specified mntner.
source
Do not send spam or hacking complaints to this address.
The name of the database from which the data were obtained.
Optional attributes
30
Attributes
rev-srv
Description
Domain name server for the range of IP addresses specified in the inetnum.
remarks
Note: This attribute is deprecated. APNIC suggests the creation of a reverse delegation
domain object to hold this information.
General remarks. May include a URL or instructions on where to send abuse complaints.
Attributes
notify
Description
When this attribute contains [email protected], it means APNIC staff are notified of
changes to the object.
mnt-lower
mnt-routes
Sometimes there is a hierarchy of maintainers. In these cases, mnt-lower is used as well as
mnt-by.
The identifier of a registered mntner object used to controls the creation of route objects
associated with the address range specified by the inetnum object.
IPv6 attributes and values
inet6num
Attributes
inet6num
netname
descr
country
admin-c
Description
The range of IP address space described by the object.
The name of a range of IP address space.
Description of the organization allocated or assigned the address space shown in the
inet6num.
Two-letter ISO 3166 code of the country or economy where the admin-c is based. Details
of the code are specified in ISO 3166 (http://www.apnic.net/info/reference/lookup_codes.
html).
admin-c listed.
tech-c
To report spam or network abuse if no mnt-irt is included in the inet6num object (http://
www.apnic.net/info/faq/abuse/index.html), please use the email of the admin-c.
tech-c listed.
To report spam or network abuse if no mnt-irt is included in the inet6num object (http://
www.apnic.net/info/faq/abuse/index.html), please use the email of the tech-c.
31
Attributes
status
mnt-by
changed
Description
All inet6num objects under the APNIC Whois Database must have a status attribute. The
status attribute must be one of the following values:
Status
Definition
Value set by
ALLOCATED
Address space allocated by APNIC or NIRs
APNIC/NIR
PORTABLE
to LIRs for the purpose of subsequent
ONLY
distribution by LIRs to their customers.
These allocations remain valid if the network
ALLOCATED NONAddress space allocated by LIRs to their
LIR/ISP
PORTABLE
customers for subsequent assignment by
those customers. These allocations (and
assignments made from these allocations)
must be returned if the network changes
upstream provider.
ASSIGNED PORTABLE
Assignments made by APNIC or NIRs, for
APNIC/NIR
example, small multihoming assignments or
ONLY
IXP assignments. These assignments remain
valid if the network changes upstream
provider.
ASSIGNED NONAssignments made by LIRs to their
LIR/ISP
PORTABLE
customers for specific use within the Internet
infrastructure they operate. Assignments
must only be made for specific, documented
purposes and may not be sub-assigned. These
assignments must be returned if the network
The identifier of a registered mntner object used for authorization and authentication. In the
web interface, the mntner attribute contains a link to the specified mntner.
source
The name of the database from which the data were obtained.
Optional attributes
32
Attributes
rev-srv
Description
Domain name server for the range of IP addresses specified in the inetnum.
remarks
Note: This attribute is deprecated. APNIC suggests the creation of a reverse delegation
domain object to hold this information.
Attributes
notify
Description
changes to the object.
mnt-lower
mnt-routes
Sometimes there is a hierarchy of maintainers. In these cases, mnt-lower is used as well as
mnt-by.
The identifier of a registered mntner object used to control the creation of route objects
associated with the address range specified by the inetnum object.
key-cert
Attributes
key-cert
Description
Defines the public key using the format:
PGPKEY-<id>
owner
Where <id> is the identity of the PGP public key expressed in 8-digit hexadecimal format
without “0x” prefix.
The owner of the public key.
Example: Zane Ulrich <[email protected]>
fingerpr
certif
This attribute is generated automatically by the database software and must be omitted
from the template when creating a key-cert object.
A fingerprint of the key certificate generated by the database.
This attribute is generated automatically by the database software and must be omitted
from the template when creating a key-cert object.
The public key in ASCII armored format. Includes all the lines of the exported key, the
beginning and end markers, and the empty line which separates the header from the key
body.
Example:
certif: ---BEGIN PGP PUBLIC KEY BLOCK--certif: Version: 2.6.3ia
certif:
certif: mQA9AzZizeQAAAEBgJsq2YfoInVOWlLxalmR14GlUzEd0WgrUH
certif: a/uqWiLnvN59S4rgDQAFEbQeSm9lIFRoZSBVc2VyIDxqb2VAiL
certif: wUQNmLN5ee83n1LiuANAQFOFQGAmowlUYtF+xnWBdMNDKBiOSy
certif: YvpKr05Aycn8Rb55E1onZL5KhNMYU/gd
certif: =nfno
mnt-by
changed
certif: ---END PGP PUBLIC KEY BLOCK--The identifier of a registered mntner object used for authorization and authentication.
33
Attributes
source
Description
Optional attributes
Attributes
admin-c
tech-c
remarks
notify
Description
admin-c listed.
tech-c listed.
General remarks. May include a URL.
The email address to which notifications of changes to this object should be sent.
mntner
Attributes
mntner
Description
The unique name of a mntner object. APNIC recommends the following formats:
Maintainer for resource registrations: <maint>-<iso3166-code><organization>
Example: MAINT-WF-SPARKYNET
Maintainer for person object: <maint>- <iso3166-code>- <person>
Example: MAINT-WF-ZANE-ULRICH
descr
admin-c
upd-to
auth
A short description of the mntner object and the name of the organization associated with
it.
The NIC-handle of an administrative contact person object. There may be more than one
admin-c listed.
In the web interface, the admin-c attribute contains a link to that person object the NIChandle belongs to.
The email address to be notified when attempts to update objects protected by the
mntner are rejected due to a lack of authentication.
Scheme used to authenticate update requests.
Authentication options available are:
• CRYPT-PW
• PGP-KEY
• MD5
For information on how to use these authentication options, see Authentication options for
maintainer objects.
Example: auth: PGP-499E1F0A
34
Attributes
mnt-by
Description
referral-by
The maintainer that created this mntner object. Once the mntner object has been created,
this attribute cannot be altered.
changed
All mntner objects are manually created by APNIC hostmasters, so this attribute will
contain: MAINT-APNIC-AP.
source
Optional attributes
Attributes
country
tech-c
mnt-nfy
remarks
notify
Description
of codes are specified in ISO 3166 (http://www.apnic.net/info/reference/lookup_codes.html)
The NIC-handle of a technical contact person object. There may be more than one tech-c
listed.
In the web interface, the tech-c attribute contains a link to the person object the NIChandle belongs to.
The email address to be notified when an object protected by a mntner is successfully
updated.
The email address to which notifications of changes to this object should be sent.
peering-set*
Use peering-set objects to simplify peering statements in the import and export attributes of aut-num objects
Attribute
peering-set*
Function
technical
Description
The name of the filter set.
The peering-set must begin with ‘PRNG-’.
descr
admin-c
tech-c
administrative
administrative
administrative
Example: PRNG-EXAMPLENET
Example: Peering at IX123
The NIC-handle of an administrative contact person object. There may be
more than one admin-c listed.
In the web interface, the admin-c attribute contains a link to the person
object the NIC-handle belongs to.
35
Attribute
mnt-by
Function
administrative
Description
authentication.
mntner.
it occurred.
changed
source
Optional attributes
Attribute
peering*
Function
technical
Description
Peering is used for importing or exporting IPv4 routes. Although the
peering attribute is optional, at least one peering or mp-peering must be
present in the peering-set object.
The peering attribute can specify:
Other peering sets, for example: PRNG-XAM
Peering statements, for example: AS2 at 9.9.9.1
mp-peering*
technical
section 5.6
This attribute performs the same function as the peering attribute above.
The difference is that mp-peering allows both IPv4 and IPv6 address
families to be specified. Although the mp-peering attribute is optional,
at least one peering or mp-peering must be present in the peering-set
object.
Peerings used for importing or exporting IPv4 and IPv6 routes.
remarks
notify
mnt-lower
administrative
administrative
administrative
The mp-peering attribute can specify other peering sets, for example:
PRNG-XAM6
sent.
When this attribute contains [email protected], it means APNIC staff are
notified of changes to the object.
person
Attributes
person
36
Description
The full name of an administrative, technical, or zone contact person referenced in another
object.
Attributes
address
phone
email
nid-hdl
mnt-by
Description
Full postal address for the person.
Telephone number for the person.
The email address for the person. To report spam or network abuse (http://www.apnic.
net/info/faq/abuse/index.html), please use the email specified here.
The NIC-handle of the person object.
changed
Note: If you are creating a new person object and do not have an existing mntner
object, please specify MAINT-NEW as the mnt-by value. You will then need to create a
new maintainer (which requires a person NIC-handle) after creating your person object.
Alternatively, create your new person and new maintainer objects at the same time using
the APNIC person and maintainer object request form (ftp://ftp.apnic.net/apnic/docs/
mntner-person-request).
source
Optional attributes
Attributes
country
fax-no
remarks
notify
Description
Two letter ISO 3166 (http://www.apnic.net/info/reference/lookup_codes.html) code of the
country or economy where the person is based.
Details of codes are specified in ISO 3166.
The fax number for the person.
changes to the object. Do not send spam or hacking complaints to this address.
role
APNIC strongly recommends the use of role objects. For more information on how to use role objects, see
Creating role objects (http://www.apnic.net/db/role.html)
Attributes
role
address
phone
email
Description
The full name of an administrative, technical or zone contact person specified in another
object.
Full postal address for the role account.
Telephone number for the role function.
The email address for the role account.
use the email specified here.
37
Attributes
admin-c
tech-c
Description
The NIC-handle of an on-site contact person object. As more than one person often fulfils
a role function, there may be more than one admin-c listed.
In the web interface, the admin-c attribute contains a link to the person object the NIChandle belongs to.
The NIC-handle of a technical contact person or role object. As more than one person
often fulfils a role function, there may be more than one tech-c listed.
nic-hdl
The NIC-handle of the role object.
mnt-by
Example: SNOC100-AP
changed
source
Optional attributes
Attributes
country
Description
of codes are specified in ISO 3166 (http://www.apnic.net/info/reference/lookup_codes.html)
fax-no
The fax number of the role function.
abuse-mailbox Specifies the e-mail address to which abuse complaints should be sent.
remarks
notify
Syntax: An e-mail address as defined in RFC 2822.
When this attribute contains [email protected], it means APNIC staff are notified of changes
to the object. Do not send spam or hacking complaints to this address.
route
Use route objects to help configure your network’s routers. Route objects, in combination with the aut-num
and other related objects, can be used to describe your routing policy in a compact form. This can help your
network identify routing policy errors and omissions more easily than by reading long configuration files.
Use automated tools, such as IRRToolset, to retrieve information from the route objects to create router
configuration files for different architectures. Configuration files produced this way are less prone to errors
than manually configured routers.
If your network needs are complex, there are optional advanced technical attributes that allow you to specify
route aggregation.
Attribute
route
38
Function
technical
Description
The address prefix to be routed. For example, 202.137.181.0/20
Attribute
descr
Function
administrative
origin*
technical
Description
A short description related to the object, including the organization
responsible for the route object.
The AS number used to route the address prefix described in the route
attribute.
The AS number must be registered in the APNIC Whois Database before
it can be referenced in the route object.
Note: If the same address prefix is routed by more than one AS, that
is, the network is multihomed, the origin attribute distinguishes between
route objects with the same prefix in the route attribute.
mnt-by
changed
source
For example: AS1
authentication.
administrative
mntner.
it occurred.
administrative
administrative
Optional attributes
Attribute
country
holes
member-of*
Function
administrative
technicaladvanced
technical
Description
Two letter code of the country where the admin-c is based.
Details of country codes are specified in ISO 3166 (http://www.apnic.
net/info/reference/lookup_codes.html).
Lists address prefixes that are not reachable through the route.
Use this attribute to identify parts of the route object’s address prefix that
have not yet been assigned.
Identifies a route-set object of which you wish this route to be a member.
Note: To be included as a member of the route-set, the route-set object
must specify the maintainer of the route object in the route-set object’s
mbrs-by-ref attribute.
inject
technicaladvanced
section 8.1.
Specifies which routers perform the aggregation and when the routers
should perform the aggregation.
section 8.1.
39
Attribute
aggr-mtd*
aggr-bndry*
exportscomps*
Function
technicaladvanced
technicaladvanced
technicaladvanced
components* technicaladvanced
remarks
mnt-lower
administrative
administrative
mnt-routes
administrative
Description
Specifies how the route aggregate is generated.
section 8.1.
TA set of Autonomous Systems that form the aggregation boundary.
If the aggr-bndry attribute is not included, the AS specified in the origin
attribute is the sole aggregation boundary.
section 8.1.
Specifies an RPSL filter that matches the more specific routes that need
to be exported outside the aggregation boundary.
section 8.1.
The component routes used to form the aggregate.
section 8.1.
If no mnt-routes attribute is included, the registered mntner object
specified in the mnt-lower attribute is used to control the creation of
more specific route objects within the prefix covered by this route object.
of route objects more specific than this route object. The identifier of a
registered mntner object used to control the creation of route objects
more specific than this route object. The identifier of a registered mntner
object used to control the creation of route objects more specific than
this route object.
route6
Use route6 objects to help configure your network’s routers. Route6 objects, in combination with the autnum and other related objects, can be used to describe your IPv6 routing policy in a compact form. This can
help your network identify routing policy errors and omissions more easily than by reading long configuration
files.
Use automated tools, such as IRRToolset, to retrieve information from the route objects to create router
configuration files for different architectures. Configuration files produced this way are less prone to errors
than manually configured routers.
If your network needs are complex, there are optional advanced technical attributes that allow you to specify
route aggregation.
Attribute
route6
descr
40
Function
technical
administrative
Description
The address prefix to be routed. For example, 2001:0DB8::/32
responsible for the route6 object.
Attribute
origin*
Function
technical
Description
The AS number used to route the address prefix described in the route6
attribute.
The AS number must be registered in the APNIC Whois Database before
it can be referenced in the route6 object.
Note: If the same address prefix is routed by more than one AS, that
is, the network is multihomed, the origin attribute distinguishes between
route6 objects with the same prefix in the route attribute.
mnt-by
changed
source
administrative
administrative
administrative
For example: AS1
authentication.
mntner.
it occurred.
Optional attributes
Attribute
country
holes
member-of*
Function
administrative
technicaladvanced
technical
Description
Two letter code of the country where the admin-c is based.
Details of country codes are specified in ISO 3166 (http://www.apnic.
net/info/reference/lookup_codes.html).
Lists address prefixes that are not reachable through the route.
Use this attribute to identify parts of the route6 object’s address prefix
that have not yet been assigned.
must specify the maintainer of the route6 object in the route-set object’s
inject
aggr-mtd*
technicaladvanced
technicaladvanced
section 8.1.
Specifies which routers perform the aggregation and when the routers
should perform the aggregation.
section 8.1.
Specifies how the route aggregate is generated.
section 8.1.
41
Attribute
aggr-bndry*
exportscomps*
components*
remarks
cross-mnt
Function
technicaladvanced
technicaladvanced
technicaladvanced
administrative
administrative
notify
administrative
mnt-lower
administrative
mnt_routes
administrative
Description
TA set of Autonomous Systems that form the aggregation boundary.
If the aggr-bndry attribute is not included, the AS specified in the origin
attribute is the sole aggregation boundary.
section 8.1.
Specifies an RPSL filter that matches the more specific routes that need
to be exported outside the aggregation boundary.
section 8.1.
The component routes used to form the aggregate.
section 8.1.
A mntner object to be notified of any overlaps with the prefix specified
in the route object.
When an overlapping route is added or removed, a notification will be
sent to the email addresses listed in the email attribute of the specified
mntner object.
The e-mail address to which notifications of changes to an object should
be sent.
If no mnt-routes attribute is included, the registered mntner object
specified in the mnt-lower attribute is used to control the creation of
more specific route objects within the prefix covered by this route object.
of route objects more specific than this route object. The identifier of a
registered mntner object used to control the creation of route objects
more specific than this route object. The identifier of a registered mntner
object used to control the creation of route objects more specific than
this route object..
route-set*
The route-set object allows you to group routes with similar properties. For example, instead of referring to
many individual route objects in the import and export attributes of the aut-num object, you can refer to a
single route-set object.
For example, by using the following route-set object:
route-set: AS1:RS-CUSTOMERS members: 202.137.181.0/22, 203.1.0.0/24,
203.2.0.0/23
Instead of using this long import statement:
import: from AS1 accept {202.137.181.0/22, 203.1.0.0/24, 203.2.0.0
You could replace it with this single import statement:
import: from AS1 accept AS1:RS: CUSTOMERS
42
If you use automated tools used to configure routers, the route objects associated with the route-set object
will be returned, and all individual routes that form the route-set will be injected into your configuration files.
You can also use route-set objects to specify routes your network will not accept, for example private IP
address ranges such as 10/8.
For more information, see RFC 2650 - Using RPSL in Practice http://www.ietf.org/rfc/rfc2650.txt
Attribute
route-set*
Function
technical
Description
The name of the route-set.
The route-set attribute ma take two forms:
1. Non-hierarchical
A non-hierarchical route-set attribute must begin with ‘RS-’.
Non-hierarchical route-set names should only be used to create routeset objects that can be used across many networks, for example, denied
routes.
Example: RS-DENIED-ROUTES
2. Hierarchical
A hierarchical route-set attribute consists of route-set names and AS
numbers separated by colons ‘:’. There must be at least one set-name
within the hierarchical name that starts with ‘RS-’.
Hierarchical route-set names should be used when creating sets of routes
specific to your own or your customers’ routes. APNIC recommends the
following format to allow you to manage multiple route-set objects for
you and your customer networks:
<as-number>:RS-<organization>
descr
admin-c
tech-c
mnt-by
administrative
Example: AS1:RS-EXAMPLENET
responsible for the route object.
administrative
Example: Denied outbound and inbound routes
The NIC-handle of an on-site contact person or role object. There may be
more than one admin-c listed.
administrative
administrative
In the web interface, the admin-c field contains a link to the person or
role object the NIC-handle belongs to.
The NIC-handle of a technical contact person or role object. There may
be more than one tech-c listed.
In the web interface, the tech-c field contains a link to the person or role
object the NIC-handle belongs to.
authentication.
mntner.
43
Attribute
changed
source
Function
administrative
administrative
Description
it occurred.
Optional attributes
Attribute
members*
Function
technical
Description
The members attribute lists the IPv6 routes that form the route-set.
Members can be specified as any of the following:
• Address prefix range
• Route-set name
• Route-set name followed by a range operator
• AS number
• AS set
In practice, it is probably most useful to specify route or route-set objects
as members.
mpmembers*
technical
Note: If this attribute is used, the member objects should not include
a reference to this route-set object in their own member-of attributes.
Attempts to do so will result in an authorization failure.
This attribute performs the same function as the members attribute
above. The difference is that mp-members allows both IPv4 and IPv6
address families to be specified.
The members attribute lists the IPv4 and IPv6 routes that form the routeset. Members can be specified as any of the following:
• afi <afi-list> list of <address-prefix-range>
• Route-set name
• Route-set name followed by a range operator
44
Attribute
mbrs-by-ref
Function
technical
Description
members to the route-set indirectly.
For example, use this attribute if you have created a route-set to hold all
your customer routes and trust the customers to update and delete their
routes as necessary.
To include an object as a member in this route-set, the mntner specified
in the mbrs-by-ref attribute must include refer to this route-set in the
appropriate object’s member-of attribute. This allows the maintainer to
choose which of the objects they maintain should be part of the set. If the
maintainer chooses not to list the set in the member-of attribute of an
object, that object will not be included in the set.
To allow any object to be a member of this route-set, use the keyword
ANY.
member-of
technical
If the mbrs-by-ref attribute is not used, the route-set will only include
objects specified the members attribute.
must specify the maintainer of the route object in the route-set object’s
remarks
notify
administrative
administrative
mnt-lower
administrative
section 8.1.
The e-mail address to which notifications of changes to an object should
be sent.
rtr-set*
The rtr-set object allows you to group routers (inet-rtr objects) with similar properties. For example, instead
of updating individual router configurations, you could use automated tools to update the configuration of all
routers listed in the rtr-set object. This helps to avoid different configurations resulting from individual updates
of routers across your network.
This object is most useful for larger, more complex networks with many routers or networks running their
own RPSL databases to manage their internal network.
For more information, see RFC 2622 (http://www.ietf.org/rfc/rfc2622.txt), section 5.5.
45
Attribute
rtr-set*
Function
technical
Description
The name of the set of routers.
The rtr-set attribute may take two forms:
1. Non-hierarchical
A non-hierarchical rtr-set attribute must begin with ‘RTRS-’.
Example: RTRS-EXAMPLENET
2. Hierarchical
A hierarchical rtr-set attribute consists of rtr-set names and AS numbers
separated by colons ‘:’. At least one set-name within the hierarchical name
must start with ‘RTRS-’. All the set name components of a hierarchical
rtr-set name have to be rtr-set names.
Hierarchical rtr-set names should be used when creating sets of routers
specific to your own or your customers’ routers. APNIC recommends the
following format to allow you to manage multiple rtr-set objects for your
network:
<as-number>:RTRS-<description>
descr
administrative
Example: AS1:RTRS-EXAMPLENET-FUTUNA-SITE
tech-c
administrative
Example: Border and peering routers of Sparkynet
administrative
admin-c
mnt-by
changed
source
46
administrative
administrative
administrative
authentication.
mntner.
The email address of who last updated the database object and the date it
occurred.
Optional attributes
Attribute
members*
Function
technical
Description
Explicitly lists IPv4 members of the rtr-set. Members of an rtr-set can be:
• inet-rtr objects
• other rtr-set objects
mpmembers*
technical
If this attribute is used, the inet-rtr or rtr-set objects referred to should
not include a reference to this rtr-set object in their own member-of
attributes. Attempts to do so will result in an authorization failure.
This attribute performs the same function as the members attribute
above. The difference is that mp-members allows both IPv4 and IPv6
address families to be specified.
Explicitly lists IPv4 or IPv6 members of the rtr-set. Members of an rtr-set
can be:
• inet-rtr objects
• other rtr-set objects
• ipv4 address
mbrs-by-ref
technical/
administrative
• ipv6-address
members to the rtr-set indirectly.
To include an inet-rtr or rtr-set object as a member in this rtr-set, the
mntner specified in the mbrs-by-ref attribute must refer to this rtr-set in
the appropriate inet-rtr or rtr-set object’s member-ofattribute. This allows
the maintainer to choose which of the objects they maintain should be
part of the set. If the maintainer chooses not to list the set in the memberof attribute of an object, that object will not be included in the set.
To allow any inet-rtr or rtr-set object to be a member of this rtr-set, use
the keyword ANY.
remarks
notify
mnt-lower
administrative
administrative
administrative
If the mbrs-by-ref attribute is not used, the rtr-set will only include objects
specified the members attribute.
sent.
When this attribute contains [email protected], it means APNIC staff
are notified of changes to the object.
usd as well as mnt-by.
47
Use the Test APNIC database
APNIC operates a test database where users may learn how to use the APNIC Whois Database.
The test database is for training and learning only. The sample data in the test database is not a copy of the
data in the APNIC Whois Database and changes to the test database will not be reflected in the APNIC
Whois Database. The APNIC Test Whois Database is not an authoritative source of whois data and no value
should be put on the data in the test database.
APNIC processes two-byte and four-byte AS numbers, which can be previewed in the APNIC Test Whois
Database.
The syntax for two-byte numbers will remain unchanged.
Queries: Four-byte entries can be queried using the true 32-bit integer value OR using the following format:
<high order 16-bit value in decimal>.<low order 16 bit value in decimal>
For example, the true 32-bit integer value AS70143 can also be expressed as AS1.4607
Note: Four-byte updates can only be done using the double decimal format.
Getting started with the APNIC Test Whois Database
Before you can register any resources in the APNIC Test Whois Database, you must first create your own
person and maintainer objects.
1. Create a person object
In the mnt-by attribute you must specify: MAINT-AP-TESTAPNIC-NULL
Submit the person object to: [email protected]
See Submitting Objects to the APNIC Test Whois Database (ftp://ftp.apnic.net/apnic/docs/test-whois-db.txt) for
more information on creating a person for the test database.
2. Create a maintainer object
Refer to your new test database person objects in the admin-c and tech-c attributes. In the referral-by
attribute, you must specify: MAINT-AP-TESTAPNIC-NULL
Submit the maintainer object to: [email protected]
See Submitting Objects to the APNIC Test Whois Database for more information on creating a maintainer
object for the test database.
3. (Optional) Update the maintainer of your person object
Follow normal APNIC Whois Database update email procedures to update your person object and then
submit the object to [email protected]
Creating objects in the APNIC Test Whois Database
Send all new and updated objects to: [email protected].
You will receive an acknowledgement message in the same format as acknowledgement messages from
the APNIC Whois Database. To troubleshoot any errors you receive, please see the documentation for the
APNIC Whois Database.
Creating IP address objects in the APNIC Test Whois Database
To create inetnum or inet6num objects with a status of ALLOCATED PORTABLE or ASSIGNED
PORTABLE, you must specify MAINT-AP-TESTAPNIC-NULL in the mnt-by attribute. If you attempt to use
any other maintainer in this attribute, your submission will fail.
48
You may specify any maintainer you choose when creating inetnum or inet6num objects with a status of
ALLOCATED NON-PORTABLE or ASSIGNED NON-PORTABLE.
Querying the APNIC Test Whois Database
To search for objects in the test database, use the following command syntax:
whois -h testwhois.apnic.net <lookup-key>
Example:
whois -h testwhois.apnic.net MAINT-AP-TESTAPNIC-NULL
The whois query options available in the APNIC Whois Database are also available in the APNIC Test Whois
Database. For more information, see APNIC Whois Database query options.
Additional notes on use
Please note that APNIC may remove all or any data from the test database at any time.
If you have any questions about using the test database, please email [email protected]
How to structure a query
Simple queries
If you enter a search term in the query box, all object types and lookup keys are searched for a match on
those search terms.
Person and role objects referenced by the object matching the query will also be returned.
Queries using primary and lookup keys
Example: whois –h whois.apnic.net 202.12.29.0
Lookup key
Address prefix or range or
single address
Network name
Person
NIC-handle
Maintainer
Reverse domain
AS number
AS number – AS number
Set name
Domain
Objects returned by query
IPv4: Most specific inetnum and route object. If single address, returns inetrtr with matching ifaddr attribute.
IPv6: Most specific inet6num and route6 object. If single address, returns
inet-rtr with matching address attribute
All inetnum and inet6num objects with a netname attribute containing the
name specified in the query.
All person and role objects with a person or role attribute containing the
name specified in the query argument.
person or role object with a matching nic-hdl attribute.
mntner object with a matching primary key.
domain with a matching primary key
aut-num object with a matching aut-num attribute and associated as-block.
as-block object whose primary key matches or fully contains the query
range
as-set, filter-set, peering-set, route-set or rtr-set with a matching primary
key
inet-rtr objects with a matching primary key
49
Advanced queries
The user controls search results by specifying options to govern the search. Search options include:
• IP address lookups:
1.
Less specific query options
2.
More specific query options
3.
Exact lookups
4.
Associated reverse domains
1. Less specific query options
Use these options to view IP address blocks that match or are larger than the IP address or range you wish to
query.
Query option
Details
-I First level less specific Use this option when querying:
• a single IP address
• a range of IP addresses
• an IP address prefix
This option returns the smallest IP address range that includes the IP address or
range specified in the query.
Hint: When querying the APNIC Whois Database on an IP address range, -l is
the default option.
Example searches:
• -l 61.48.0.130
• -l 61.48.0.0-61.48.0.255
• -l 61.48.0.0/24
50
Query option
-L All levels less specific
Details
Use this option when querying:
• a single IP address
This option returns all IP address ranges that include the IP address or range
specified in the query.
Hint: Use this option to view any upstream IP address blocks associated with the
query range.
Viewing the upstream IP address range can be useful for network troubleshooting.
Please note: As well as upstream address blocks, the top level ‘parent’ range
allocated to APNIC by IANA will also be returned. APNIC makes allocations
from this range, but does not operate the networks that use these addresses. The
netname of the APNIC IP address block begins with ‘APNIC-AP’ (or similar).
Example searches:
• -L 61.48.0.130
• -L 61.48.0.0-61.48.0.255
• -L 61.48.0.0/24
51
2. More specific query options
Use these options to view IP address blocks that match or are smaller than the IP address or range you wish
to query.
Query option
Details
-m First level more specific Use this option when querying:
This option returns first level more specific address ranges within the
boundaries of the IP address range specified in the query.
Hint: Use this option to:
• view assignments made from a network’s allocation block to customers
• view allocations or assignments made from an RIR or NIR block to networks
Example searches:
• -m 41.48.0.0-61.55.255.255
-M All levels more specific
• -m 41.48.0.0/12
This option returns all more specific address ranges within the boundaries of
the IP address range specified in the query.
Hint: Use this option to:
• View all allocations and assignments made from a specified address block.
• Check that no unauthorized address blocks have been created under address
space allocated or assigned to your network.
Note: Do not use this option to view all allocations and assignments in a /8.
If you do try to do this, you will be blocked by the server for excessive query
load.
Example searches:
• -M 41.48.0.0-61.55.255.255
• -M 41.48.0.0/12
52
3. Exact lookups
Use this option to view the IP address blocks that exactly match the IP address range you wish to query.
Query option
Details
-x Exact match only Use this option when querying:
This option returns:
The specific address range specified in the query. If no exact match is found, nothing
will be returned.
Hint: Use this option to view details of a specific address range you know exists.
Note: If you are not sure of the exact address range, do not use this option. Instead,
use one of the following options: -l, -L, -m, -M.
Example searches:
• -x 61.49.9.128-61.49.9.143
• -x 61.0.0.0/8
53
4. Associated reverse domains
Use this option to view reverse domains associated with IP address blocks returned by the query on an IP
address or range.
Query option
-d Return associated reverse
domains
Details
• A single IP address
• A range of IP addresses
• An IP address prefix
This option returns an exact match, or the smallest IP address range that
includes the IP address or range specified in the query. It also returns the
smallest reverse domain that encompasses that IP address range.
Hints: Use this option to:
• View the reverse domain associated with an IP address or range.
• Check if reverse domains have been created for all assigned address space.
Use this option in combination with -l, -L, -m or -M to view reverse
domains associated with all IP address ranges returned by the normal -l,
-L, -m or -M queries.
Use this option in combination with -T to restrict the search results to
reverse domains only
Note: All assigned address space should have associated reverse domains
created in the APNIC Whois Database. To create reverse domains for
address blocks, see the Reverse DNS delegations resource guide.
Example searches:
• -d 61.49.9.128-61.49.9.143
• -d 61.49.9.128
• -d -M 61.48.0.0/15
• -d -T domain 61.48.0.0/15
54
Query option
Inverse queries
Details
Use this option when searching for objects in the APNIC Whois Database that have an
attribute matching the attribute type chosen from the inverse lookup scroll list and the
query text given by the user.
This option returns all objects that have an attribute that matches the query text and
attribute type.
Hint: Use this option to::
• View all objects maintained by a particular maintainer
• View all objects where a particular NIC-handle is referenced
Note: Use -i person or -i mntner when staff leave a network to identify objects
referencing that person that need to be updated.
Example searches:
• -i notify [email protected]
Object types
• -i tech-c,admin-c,zone-c DNS3-AP
Use this option when you need to limit your search to particular types of objects.
This option returns results that match the query AND are of the object type specified in
the scroll list.
Hint: Use this option to reduce the number of objects returned if the specified query
text appears in a number of object types.
Use this option in combination with -i options, or -d to limit the types of objects
returned by the search.
Example searches:
• -T person telstra
• -T person -i mnt-by apnic-hm
IP address lookups
Example: whois -h whois.apnic.net -l 202.12.29.0
Flag
-L
-m
All less specific inetnum, inet6num, route, or route6 objects, including exact matches.
First level more specific inetnum, inet6num, route, or route6 objects, excluding exact matches.
-M
All more specific inetnum, inet6num, route, or route6 objects, excluding exact matches.
-l
First level less specific inetnum, inet6num, route, or route6 objects, excluding exact matches.
-x
Only an exact match on a prefix will be performed. If no exact match is found, no objects are
returned.
Enables use of the -m, -M, -l and -L flags for lookups on reverse delegation domains.
-d
55
Inverse queries
Example: whois –h whois.apnic.net –I pn NO4-AP
Flag
-i pn
Alternative flag Lookup key
-i admin-c
NIC-handle or person
-i person
-i mb
-i mnt-by
-i ml
-i mnt-lower
-i mn
-i mnt-nfy
-i nv
-i notify
-i ns
-i nserver
-i rz
-i rev-srv
-i sd
-i sub-dom
-i tc
-i tech-c
-i dt
-i upd-to
-i zc
-i zone-c
-i rb
-i referral-by
- la
-i local-as
-i mr
-i mbrs-by-ref
Maintainer
Maintainer
email
email
Domain or address
prefix or range or single
address
Domain or address
prefix or range or single
address
Domain
email
Maintainer
AS number
Maintainer
-i mo
-i member-of
Set name
-i mu
-i mnt-routes
Maintainer
-i or
-i origin
AS number
-i ac
56
Objects with a matching admin-c attribute
Objects with matching admin-c, tech-c, zone-c, or crossnfy attributes
Objects with a matching mnt-by attribute
Objects with a matching mnt-lower attribute
mntner objects with a matching mnt-nfy attribute
Objects with a matching notify attribute
domain objects with a matching nserver attribute
inetnum and inet6num objects with a matching rev-srv
attribute
domain objects with a matching sub-dom attribute
Objects with a matching tech-c attribute
mntner objects with a matching upd-to attribute
Objects with a matching zone-c attribute
mntner objects with a matching referral-by attribute
inet-rtr objects with a matching local-as attribute
Set objects (as-set, route-set, and rtr-set) with a
matching mbrs-by-ref attribute.
Objects with a matching member-of attribute, provided
that their membership claim is validated by the mbrsby-ref attribute of the set
aut-num, inetnum, and route objects with a matching
mnt-routes attribute
route and route6 objects with a matching origin
attribute
Example: whois -h whois.apnic.net -T domain -i mb APNIC-HM
Flag
-r
Argument
-T
Comma-separated list
of object types, no white
space allowed
-a
-s
Comma-separated list
of object types, no white
space allowed
-F
Effect
Switches off recursion for contact information after retrieving the objects
that match the lookup key
Restricts the types of objects to look up in the query
Specifies that the server should perform lookups in all available sources.
See also the ‘in-q sources’ query
Specifies which sources and in which order the sources are to be looked
up when performing a query
Produces output using shorthand notation for attribute names. Produces
slower responses.
Switches off use of the referral mechanism for domain lookups, so that
the database returns an object in the local database that exactly matches
the lookup argument, rather than doing a referral lookup.
Only the primary keys of an object are returned. The exceptions are set
objects, where the members attributes will also be returned. This flag
does not apply to person and role objects.
-R
-K
Informational queries
Example: whois -h whois.apnic.net -q sources
Flag
-t
-v
-q
-q
Argument
Object type
Object type
‘help’
‘source’
version
Effect
Template for the specified object type
Verbose template for the specified object type
Help on query options available in the database
Current set of sources along with the information required for mirroring
Current version of the server
57
58
Revision
Date
Version
1
28 January 2009
1.0
[SN] Manual created
2
2 February 2010
1.0
[JA] Replaced “trouble” with “abuse-mailbox” p.38
Comment
59
Asia Pacific Network Information Centre
Address PO Box 2131, Milton, Brisbane QLD 4064 Australia Phone +61 71 3858 3100
Fax +61 7 3858 3199 Email [email protected] SIP [email protected]
w w w. a p n i c . n e t
©APNIC Pty Ltd 2009

Using the APNIC Whois Database

Transcription

Similar documents

Protecting Resource Records in APNIC Whois Database Database SIG APNIC-16, Seoul

The APNIC Database Overview

APNIC Whois Tutorial

Machine Learning with WEKA

Attribute analysis of GPR and seismic data for material property

nissan nissan - Catalyst Outdoor

SOA-IM Poster

Learning To Detect Unseen Object Classes by Between

Search for Complex Objects based on Combination of Attributes and