Second Level Domain, for example, www.yourbusinessname.com.au, the letters after the name and before the .au.
A 6to4 gateway adds its IPv4 address to this 2002::/16, creating a unique /48 prefix. As the IPv4 address of the gateway router is used to compose the IPv6 prefix, it is possible to reverse the process and identify the IPv4 address, which can then be looked up in the relevant RIR’s whois database.
Adjacency attestation (AAO)
An AAO is a digitally signed object that verifies that an AS has made an attestation that it has an inter-domain adjacency with one or more other ASes.
See Routing advertisement.
African Network Information Centre (AFRINIC) is the Regional Internet Registry for the African region.
Address space allocated by APNIC or NIRs to LIRs for the purpose of subsequent distribution by LIRs to their customers.
The Asia Pacific Economic Cooperation Telecommunications and Information Working Group aims to advance the development of information and communication technology (ICT) infrastructure and services as well as to promote cooperation, information sharing and the development of effective ICT policies and regulations in the Asia Pacific region.
The Asia Pacific Internet Development Trust is a fund created to benefit Internet development in the region.
APNIC (Asia Pacific Network Information Centre) is the Regional Internet Registry for the Asia Pacific region.
The APNIC Foundation actively seeks funding to support APNIC in building human and community capacity for Internet development in the Asia Pacific region.
APNIC Whois Database
The APNIC Whois Database is an official record that contains information regarding organizations that hold IP addresses and AS numbers in the Asia Pacific region.
Application Service Provider
Entity that provides specific application(s) direct to the end user.
The Asia Pacific Regional Internet Governance Forum serves as a platform for discussion, exchange and collaboration to advance Internet governance development in the Asia Pacific region.
The APrIGF Multistakeholder Steering Group helps organize the APrIGF events and promotes and encourages dialogue among all stakeholders involved with Internet governance related issues in the Asia Pacific region.
The Asia Pacific Telecommunity is an intergovernmental organization that operates in conjunction with telecom service providers, manufacturers of communications equipment, and research and development organizations active in the field of communication, information and innovation technologies.
APT — Advanced persistent threat
Advanced persistent threat is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.
American Registry for Internet Numbers (ARIN) is the Regional Internet Registry for the North American region.
arpa (or ‘.arpa’)
The Address and Routing Parameters Area top level domain, used for network infrastructure.
Address space assigned for specific use within the Internet infrastructure of a network. Assignments can be made by LIRs to their customer’s network infrastructure or to the LIR’s own infrastructure.
Assignment of a number
The process for providing an international numbering resource to an eligible applicant (when used in the formal sense as defined in Section 5.4 of ITU-T Rec. E.190 (05/97)).
The Address Supporting Organization is one of ICANN’s three supporting organizations that reviews and develops recommendations on IP address policy and advises the ICANN Board on policy issues relating to the operation, assignment, and management of IP addresses.
Refers to the amount of IP address space that you can assign or sub-allocate to your customers without the need to send in a second opinion request form for APNIC’s approval.
Australian Network Information Centre.
Autonomous System (AS)
An AS is a group of IP networks run by one or more network operators with a single clearly defined routing policy.
Autonomous System Number (ASN or AS number)
ASNs are globally unique identifiers for Autonomous Systems (ASes) and are used as identifiers to allow the ASes to exchange dynamic routing information.
These IPv6 addresses are reserved for use in documentation. They should not be used as source or destination addresses.
The Border Gateway Protocol (BGP) is the routing protocol used to exchange routing information across the Internet. BGP allows ISPs to connect to each other and for end users to connect to more than one ISP. BGP is the only protocol that is designed to deal with a network of the Internet’s size, and deal well with having multiple connections to unrelated routing domains.
Where false routing advertisements redirect traffic away from its intended destination and instead are directed to a sink point. This results in an effective Denial of Service (DoS), where the target service is taken offline. A side effect may be a rearrangement of traffic flows that could overload some network links.
Birds of a Feather meetings are informal meetings that are convened for a variety of purposes such as exchanging information and discussing new ideas or particular issues.
The Recursive Resolver’s cache is its memory where the answers for recent queries are stored. If the answer to a query is on the Recursive Resolver’s cache, the Recursive Resolver will not query any other server, but will give out the stored answer.
E.164 Country Code (as specified in ITU-T Recommendation E.164).
Country Code Top Level Domain.
The Cross Community Working Group on Enhancing ICANN Accountability is a group formed by ICANN as part of ICANN’s Enhancing Accountability Process. It was created to examine how ICANN’s accountability mechanisms should be strengthened as part of the IANA Stewardship Transition Process. Also referred to as CCWG-Accountability.
To make the original X.509 certificate standard suitable for Resource Certification it needed some minor modifications, or extensions, to provide a place to record the Internet number resources held by the private key holder. See X.509.
Computer Emergency Response Teams (CERTs) or Computer Security Incident Response Teams (CSIRTs) are expert groups that respond to cybersecurity incidents, such as malware, DDoS, and ransomware attacks. These groups play a vital role in the maintenance of the networks that comprise the Internet.
Classless Inter Domain Routing is a method of categorizing IP addresses for the purpose of allocating IP addresses to users and for efficiently routing IP packets on the Internet.
A method of splitting software functions, for example, a PC-based email client and a network-based email server.
A specific country, a group of countries in an integrated numbering plan or a specific geographical area (when used in a formal sense of an ITU-T Rec. E.164 Country Code).
Customer Premises Equipment is any telecommunications equipment sold or leased by the carrier to the customer that is installed at the customer’s location. It is typically installed to originate, route, or terminate telecommunication between the customer premises and the carrier or telco’s location from which the service is leased.
The Consolidated RIR IANA Stewardship Proposal Team (CRISP) is a group representing the Internet numbering community that produced a proposal for the IANA Stewardship Transition Process.
Critical Internet infrastructure
A collective terms for all hardware and software systems that constitute essential components in the operation of the Internet.
See CERTs above.
The Cross Community Working Group to Develop an IANA Stewardship Transition Proposal on Naming Related Functions (CWG) is a group representing the domain name community to produce a proposal for the IANA Stewardship Transition Process.
The Dashboard for Autonomous System Health is an APNIC product to help you rapidly track suspicious traffic seen coming from your network.
Distributed denial-of-service is a DoS attack launched from multiple computers.
A digital certificate is an electronic certificate used to prove your identity or your right to access information or services online. A digital certificate is required in order to access secured services of APNIC. The digital certificates used by APNIC conform to Standard X.509.
A digital signature is an electronic signature that authenticates the identity of a message sender, or document signer and possibly to ensure that the original content of the message or document has arrived unchanged.
The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities.
Domain Name Security Extensions are extensions to the DNS that provide authentication of the origin of DNS data, integrity of data and authentication of denial of existence.
A set of host names consisting of a single domain name and all the domain names below it.
As part of the Domain Name System, domain names identify IP resources, such as an Internet website.
Denial-of-service is a type of Internet attack where an attacker attempts to prevent legitimate users from accessing information or services generally by flooding the service provider with bogus requests or traffic.
The international public telecommunication numbering plan.
E.164 number (for geographical areas)
An E.164 number typically consisting of three fields, CC (country code), NDC (national destination code), and SN (subscriber number).
Principles and responsibilities for the management, assignment and reclamation of E Series international numbering resources.
A number from ITU-T Rec E.164 numbering plan that uniquely indicates a public network termination point.
In the .arpa domain, the subdomain of ENUM names for E.164 numbers.
The APNIC Executive Council serves as the governing board of APNIC, as defined in the APNIC By-laws. Each member of the EC serves a two-year term of office but is eligible for re-election at the end of each term.
An end site is defined as an end user (subscriber) who has a business relationship with a service provider that involves that service provider: (i) Assigning address space to the end user; (ii) Providing transit service for the end user to other sites; (iii) Carrying the end user’s traffic; and (iv) Advertising an aggregate prefix route that contains the end user’s assignment.
Telephone Number Mapping – a protocol and an IETF WG.
A system for connecting a number of computer systems to form a local area network.
Governmental Advisory Committee, one of ICANN’s stakeholder groups. The GAC provides ICANN with input from governments on issues of public policy.
ICANN’s Global Domains Division oversees generic domain operations, domain name industry engagement and web services.
A service defined by the ITU-T, provisioned on the public switched network, … to enable the provision of that international service between two or more countries … (when used in the formal sense as defined in Section 4.14 of ITU-T Rec. E.164 (05/97)).
Other than the exceptions documented in this table, the operators of networks using these addresses can be found using the whois servers of the RIRs listed in the registry.
Generic Top Level Domain hosting/webhosting — a location (a server somewhere, connected to the Internet) that houses your Internet address.
Packet-based multimedia communication systems.
The HD-Ratio is a way of measuring the efficiency of address assignment [RFC 3194]. It is an adaption of the HD-Ratio originally defined in [RFC 1715] and is expressed as the number of allocated objects divided by the maximum number of allocatable objects. In the case of the ‘IPv6 Address Allocation and Assignment Policy document, the objects are IPv6 site addresses (/56s) assigned from an IPv6 prefix of a given size.
These are resources delegated to organizations by APNIC before the introduction of a membership structure. These resources have always been registered in the APNIC Whois Database but if the resource holder did not become an APNIC Member at any time after the introduction of the membership structure, the resources were not made subject to current APNIC policies.
Hypertext Transfer Protocol is an application layer protocol for distributed, collaborative, hypermedia information systems.
The Internet Architecture Board provides long-range technical direction for Internet development, ensuring the Internet continues to grow and evolve as a platform for global communication and innovation.
The Internet Assigned Numbers Authority is a standards organization that oversees global IP address allocation, ASN allocation, root zone management in the DNS, media types, and other IP-related symbols and Internet numbers.
The IANAPlan Working Group is a group representing the Internet protocols and parameters community that produced a proposal for the IANA Stewardship Transition Process.
The Internet Corporation of Assigned Names and Numbers is a multistakeholder group and nonprofit organization responsible for coordinating the maintenance and procedures of several databases related to the Internet’s names and numerical spaces, ensuring the network’s stable and secure operation.
The IANA Stewardship Transition Coordination Group was formed by ICANN to oversee the IANA Stewardship Transition Process. This group is responsible for collecting and evaluating proposals on the IANA Stewardship Transition Process from the Domain Names Community (CWG), Number Resources Community (CRISP Team), and the Protocol and Parameters Community (IANAPlan WG).
The Internet Engineering Steering Group (IESG) is part of ISOC and is responsible for technical management of IETF activities and the Internet standards process.
The Internet Engineering Task Force is an open standards organization, which develops and promotes voluntary Internet standards, in particular, the standards that comprise the Internet protocol suite.
The Internet Governance Forum is an annual meeting where delegates discuss public policy issues relating to the Internet.
The IGF Multistakeholder Advisory Group advises the ITU Secretary-General on the program and schedule of the IGF meetings. The MAG comprises 55 Members from governments, the private sector and civil society, including representatives from the academic and technical communities.
Where false routing advertisements redirect traffic away from the intended destination and instead directs traffic to a site that masquerades as the destination service. This form of masquerading is used to gather otherwise confidential information from users of the original service. See Phishing.
In the .arpa domain, the subdomain for IP addresses (as names) for host names.
Refers to the method of inserting routing information into the routing table. In context, it can also imply the injection of false routing information.
The Internet Directory is an APNIC product that provides data on how Internet number resources are distributed and used in the Asia Pacific region.
Inspection and alteration
Where false routing advertisements cause traffic to an intended destination to be forwarded to a compromised network segment. Here the traffic may be inspected, or even altered, before being passed onward to the actual destination.
Internet number resources
APNIC refers to IPv4 and IPv6 address blocks and ASNs as Internet number resources.
Internet Exchange Point (IX or IXP)
An Internet Exchange Point is a layer 1 and layer 2 network structure that interconnects three or more ASes for the purpose of Internet traffic interchange.
An Internet Registry (IR) is an organization that is responsible for distributing IP address space to its members or customers and for registering those distributions. IRs include: (i) APNIC and other Regional Internet Registries (RIRs); (ii) National Internet Registries (NIRs); and (iii) Local Internet Registries (LIRs).
The Internet Routing Registry is a part of the APNIC Whois Database that is used to publish information about the routing of Internet number resources. This information is then available worldwide to be used for routing validation, testing, and filtering.
The Internet of Things is a system of interrelated computing devices, mechanical and digital machines provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
The Internet Protocol is a protocol, or set of rules, for routing and addressing packets of data so that they can travel across networks and arrive at the correct destination.
An IPv4 address is a binary number consisting of 32 bits that are organized into four bytes. The four bytes are usually portrayed using a dotted decimal notation such as 184.108.40.206. Each decimal number is the equivalent of a byte; the dots used between the decimals are used to separate the bytes. For example, 220.127.116.11.
These addresses are used to embed IPv4 addresses in an IPv6 address. One use for this is in a dual-stack transition scenario where IPv4 addresses can be mapped into an IPv6 address.
The next generation Internet layer protocol for the Internet. It has a much larger address space than IPv4 with a 128-bit address. This supports 2128 addresses. They are conventionally expressed using hexadecimal strings, for example, 2001:0db8:582:ae33::29.
The Internet Society is a global nonprofit organization empowering people to keep the Internet a force for good: open, globally connected, secure, and trustworthy.
An Internet Service Provider is an organization that provides services for accessing, using, or participating in the Internet.
The Identifier Technology Health Indicator project was implemented by ICANN to monitor the health of the registered identifiers ecosystem, through a set of Identifier Technology Health Indicators, or ITHI Metrics.
The International Telecommunication Union is the United Nations specialized agency for information and communication technologies — ICTs.
The Telecommunications standardization sector of the ITU. It coordinates standards for telecommunications and Information Communication Technology such as X.509 for cybersecurity, Y.3172 for machine learning, and H.264/MPEG-4 AVC for video compression, between its Member States, Private Sector Members, and Academia Members.
Latin American & Caribbean Network Information Centre (LACNIC) is the Regional Internet Registry for Latin America and some Caribbean Islands.
A Local Area Network is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building.
These addresses are used on a single link or a non-routed common access network, such as an Ethernet LAN. They do not need to be unique outside of that link. Link-local addresses may appear as the source or destination of an IPv6 address.
Local Internet Registry (LIR)
A LIR is an Internet Registry (IR) that primarily assigns address space to the users of the network services that it provides. LIRs are generally ISPs, whose customers are primarily end users and possibly other ISPs.
This address is used when a host talks to itself over IPv6. This often happens when one program sends data to another.
Memorandum of Understanding.
These addresses are used to identify multicast groups. They should only be used as destination addresses, never as source addresses.
Describes a computer host that has multiple IP addresses to connected networks. A multihomed host is physically connected to multiple data links that can be on the same or different networks.
A DNS component that stores information about one zone (or more) of the DNS name space.
The structure of the DNS database.
Name vs address vs route
A name identifies an endpoint, an address tells where it is, and a route tells how to get there.
Number Authority Pointer (as used within IETF RFC 2916 to identify possible URLs and numbers that can be returned).
Network Address Translation (NAT) is the process of modifying a network address while in transit for the purpose of remapping a given address space into another.
National Internet Registry (NIR)
A NIR primarily allocates address space to its members or constituents that are generally LIRs organized at a national level. NIRs mostly exist in the Asia Pacific region.
NetOX (Network Operators toolboX) is an APNIC product that provides a set of tools for network operators to get information about their, and other networks, to solve routing issues and make better informed decisions like deciding which other networks to connect to.
An international network providing public correspondence services (when used in the formal sense as defined in Section 4.17 of ITU-T Rec. E.164 (05/97)).
Network function virtualization is a network architecture concept that uses the technologies of IT virtualization to virtualize entire classes of network node function into building blocks that may connect, or chain together, to create communication services.
A bit is the smallest unit of data on a binary computer. A nibble is a collection of bits on a four-bit boundary (half-byte), that is, it takes four bits to represent a single binary code decimal (BCD) or hexadecimal digit (0-9, A, B, C, D, E, F in ASCII). When IPv6 addresses are represented in the DNS, the entire binary sequence is listed as hexidecimal characters. When listed in reverse, each hexadecimal character becomes a ‘nibble boundary’.
Network Operator Groups are informal forums that bring together network operators, network engineers and other technical professionals to discuss matters relating to routing, network security, peering and interconnection, and other operational Internet issues. While the forums are generally structured around sharing relevant technical information, they also provide training and other skills development opportunities to the region’s operators.
Non-portable addresses must be returned if the network changes upstream provider.
National research and education networks are specialized ISPs dedicated to support the needs of research and education communities within an economy.
The Number Resource Organization is the coordinating body of the RIRs.
The National Telecommunications Information Administration is an agency of the US government’s Department of Commerce, which provides advice on telecommunications and policy issues.
These IPv6 addresses are used for a fixed-term experiment. They should only be visible on an end-to-end basis and routers should not see packets using them as source or destination addresses.
Ownership vs use of a number
Numbering resources … are not to be considered ‘owned’ by the assignee. Assignment of the numbering resource … confers use of the resources … (in the formal sense of Principle 5 in ITU-T Rec. E.190.).
APNIC Policy Development Process — APNIC’s resource management policies are developed by the Internet community through an open, bottom-up, multistakeholder process. The formal process used to develop these policies was itself decided by, and is controlled by, the community.
Any of several methods designed to illegally acquire sensitive or private information such as bank details, login information or personal details by fraudulently masquerading as a trustworthy entity.
Public Key Infrastructure is a combination of technologies that allow the verification and secure exchange of data through the use of encryption, digitally signed certificates, and public and private keys.
Portable addresses can be retained by the network if the network changes upstream provider.
APNIC makes portable allocations to organizations. That is, it distributes address space to IRs for the purpose of subsequent distribution by them.
The Public Switched Telephone Network is the aggregate of the world’s circuit-switched telephone networks that are operated by national, regional, or local telephony operators, providing infrastructure and services for public telecommunication.
Quality of Service is the description or measurement of the overall performance of a service, such as a telephony or computer network or a cloud computing service, particularly the performance seen by the users of the network.
A protocol interaction between a client and a server.
Registration Data Access Protocol is an alternative to whois for accessing Internet number resource registration data. It provides standardization of queries and responses; internationalization consideration to cater for languages other than English in data objects; and redirection capabilities to allow seamless referrals to other registries.
Entity that provides direct services to domain name registrants by processing name registrations.
Entity that runs the DNS authoritative server for a specific domain.
The client-based software that queries a DNS name server and receives the response.
Reverse DNS delegation or RDNS
Reverse DNS delegations allow applications to map to a domain name from an IP address. Reverse delegation is achieved by use of the pseudo-domain names in-addr.arpa (IPv4) and ip6.arpa (IPv6).
Request For Comments – the name for an Internet standards-related specification.
Réseaux IP Européens Network Co-ordination Centre (RIPE NCC) is the Regional Internet Registry for Europe, the Middle East and parts of Central Asia.
Regional Internet Registries (RIRs) are established and authorized by respective regional communities and recognized by IANA to serve and represent large geographical regions. The primary role of RIRs is to manage and distribute public Internet address space within their respective regions.
Resource Origin Authorization lists the prefixes that an ASN is authorized to announce. ROAs therefore state which AS is authorized to originate certain IP prefixes. Once validated, a ROA can be used to generate route filters.
Route Origin Validation is the application of RPKI to validate the origin AS. It’s the mechanism by which route advertisements can be authenticated as originating from an expected AS.
The root level is the top level of the DNS, a hierarchical tree-like structure that maps domain names to IP addresses. Top level domains include .com, .org, and country-level names such as .ca nd .au.
A DNS server pointing to all top- level domains.
Each router announces or advertises a list of routes it can process, expressed as ranges of IP addresses for which it can provide routing service. Put simply, a router tells its peers, “If you have traffic intended for IP addresses in the range between 192.0.0.1 and 18.104.22.168 (for example), pass me those packets”.
Resource Public Key Infrastructure (see also PKI) is a structure of digitally signed certificates that contain attestations regarding the right to use Internet number resources.
A DNS Resource Record is a unit of information entry in DNS zone files; RRs are the basic building blocks of host-name and IP information and are used to resolve all DNS queries. Resource records come in a fairly wide variety of types in order to provide extended name-resolution services.
Software Defined Networking technology is an approach to network management that enables the network to be programmed using software applications. This helps operators manage the entire network consistently regardless of the underlying network technology.
Second opinion request
The process that is used to seek APNIC’s approval of assignments or sub-allocations that exceed your assignment window.
Service Registrar (for ENUM)
Entity that provides direct services to ENUM registrants and hosts NAPTR records that contain (service-specific) URIs.
ITU-T Study Group 2.
Special Interest Groups are formed with a focus on a particular subject area. SIGs provide an open public forum to discuss topics of interest to APNIC and the Internet community in the Asia Pacific region. Face-to-face SIG meetings are held at APNIC conferences, which are held twice per year. SIGs are chaired by members of the community with relevant knowledge and expertise.
Session Initiation Protocol is a signalling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications.
Simple Mail Transfer Protocol is a communication protocol for electronic mail transmission. As an Internet standard, SMTP was first defined in 1982 by RFC 821, and updated in 2008 by RFC 5321 to Extended SMTP additions, which is the protocol variety in widespread use today.
IP addresses are sub-allocated when they are distributed to an organization that will further assign them to their own end users.
The routing prefix of a designated IP address.
Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network.
Time to Live (TTL)
One of the fields in the DNS records is the TTL (Time-To-Live) field. This is the number of milliseconds corresponding to the amount of time that the Recursive Resolver should keep the answer in its memory.
Top-Level Domain (TLD) Server
A Top-Level Domain (TLD) Server is known to the root servers. It is authoritative for TLDs (for example .com, .org, .net).
Test Traffic Measurement comprehensively measured key parameters regarding the connectivity of the host’s site to other parts of the Internet.
The Recursive Resolver is expecting the answer packet on the same UDP port from where the query was sent.
Unique Local Addresses (ULAs)
These addresses are reserved for local use in home and enterprise environments and are not public address space. These addresses might not be unique and there is no formal address registration. Packets with these addresses in the source or destination fields are not intended to be routed on the public Internet but are intended to be routed within the enterprise or organization.
Uniform Resource Identifier — a URL is a URI.
Uniform Resource Locator is a specific type of URI.
United States government.
A Variable Length Subnet Mask (VLSM) is a method of allocating IP addresses and other Internet number resources to subnets, according to their individual needs. This serves as an alternative to using a general, network-wide rule.
Voice over IP, also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol networks, such as the Internet.
Working Party 1 of SG 2.
An X. 509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.
In the DNS, a contiguous portion of a domain consisting of names or delegations. Formally, a domain name belongs to exactly one (authoritative) zone.
zone (or ‘zone’)
A segment of an ENUM domain name (used in the Berlin Liaison Statement (now RFC 3026) solely for convenience).