|The APNIC Whois Database is an official, publicly accessible, record that contains information regarding organizations that hold IP addresses and AS Numbers in the Asia Pacific region. During APNIC 41 in Auckland, New Zealand, the Policy SIG meeting dedicated an entire session to the topic; “Improving APNIC Whois Data Quality”.|
The Session included presentations from APNIC staff and a community discussion among those present.This page includes this brief Executive Summary, a more detailed Report, and finally, Contributions from the floor as bullet points for each speaker.
This page includes this brief Executive Summary, a more detailed Report, and finally, Contributions from the floor as bullet points for each speaker.
Secretariat presentations included an introduction from APNIC Security Specialist, Adli Wahid, who spoke about the importance of data accuracy and the need to be responsive to contact attempts from other network operators, security organizations such as CERTs and CSIRTs, as well as Law Enforcement Agencies in accordance to local laws.
While accuracy of routing data is important, the issue that causes the most frustration among network operators is often the accuracy of contact points. APNIC Policy requires resource holders to register Administrative, Technical, and Abuse contacts for each IP address block and Autonomous System Number they hold. Policy also requires the registration of Incident Response Team (IRT) contacts in the whois.
Often however, these four Points of Contact (PoCs) are either inaccurate or unresponsive making contact with the network operator difficult or impossible. Vivek Nigram, APNIC Member Services Manager, reported on the Secretariat’s procedures for handling of the (approximately) 1000 plus Invalid Contact Reports lodged each year, but stressed that even with APNICs access to other, confidential contact points, it is frequently impossible to resolve these reports satisfactorily as APNIC policy and procedures have a high tolerance for incorrect data and the only enforcement mechanism available to the Secretariat is to invoke the Member Agreement provisions for resource revocation.
In the final presentation, APNIC Services Director, George Kuo, spoke about some of the initiatives the APNIC Secretariat has implemented to improve data quality. These range from the development of tools to make registration records easier to update to personalized services with individual Members to assist them with their records.
He also made the point that the majority of invalid contact issues relate to customer assignments made by members, rather than the with the authoritative registration records entered by APNIC as part of the original delegation of the resources.
Following these presentations, Elly Tawhai, APNIC Senior Internet Resource Analyst (Hostmaster) explained the feature improvements to be introduced when the APNIC Whois Database software is upgraded in late 2016. In addition to software engineering and maintenance dividends expected from the upgrade, the new software will introduce a range of features, some of which will deliver benefits for those wishing to update or query the
An interactive discussion among those present raised some suggestions for future action and highlighted the challenges faced by the community and the Secretariat.
The session Chair, Sumon Ahmed Sabir APNIC Policy SIG Co-Chair emphasized the importance of whois accuracy and foreshadowed an ongoing discussion on this topic.
|At the request of the APNIC Policy SIG Chair, the Secretariat presented an informational session; “Improving APNIC Whois Data Quality” at the recent Policy SIG meeting in Auckland, New Zealand.The following is a brief summary of the discussion that took place.|
The following is a brief summary of the discussion that took place.
In the first presentation of the session, APNIC Security Specialist, Adli Wahid explained the importance of accurate and responsive whois contacts to the various security communities.
Then Vivek Nigram, APNIC Member Services Manager, reported on the Secretariat’s procedures for handling of the (approximately) 1000 plus Invalid Contact Reports lodged with APNIC per year.
Vivek stressed that although APNIC has access to different Member contacts than those listed in the whois, it was often difficult or impossible to resolve some of these even if the issues are escalated to upstream providers.
Vivek also reported that although APNIC policy and the APNIC Member agreement contained provisions capably of causing a breach for failure to provide accurate contact points, this is rarely exercised, as there is no clear guidance about how strict the Secretariat should be in these cases, or what the Secretariat should do if the contact was simply unresponsive.
In discussion following Vivek’s revolved around ARIN’s policy of emailing all whois contacts annually and denying access to services for any that are subsequently marked as invalid. ASO AC member, Aftab Siddiqui proposed Members with contacts, marked as invalid, would be denied access to MyAPNIC.
In the next presentation, APNIC Services Director, George Kuo, reported on Secretariat projects and programs designed to improve the quality of whois data. He also outlined plans to begin conducting face-to-face consultations with Members designed to improve the accuracy of their data. However, George noted that APNIC receives quite a lot of invalid contact reports and inquiries about customer assignment records, and routing records, which are not maintained by APNIC. He made the distinction between authoritative APNIC registry data and the whois data provided by Members and their customers.
Mark Foster, IT Operations Manager at NIWA pointed out that for many resource holders maintaining the accuracy of customer assignments was not an operational priority and required a significant workload that they wouldn’t do unless compelled to do so.
APNIC Deputy Director General, Sanjaya proposed a ‘rather radical idea’ that is currently being considered by the Secretariat. This is to move the customer assignments and routing registry information into a different database. This would result in one whois source with authoritative registry data that reflects the APNIC assignment and allocation of parent blocks.
The proposal received mixed support with speakers commenting for and against the proposal.
APNIC EC Member, Gaurab Upadhaya, emphasized that the discussion on whois data quality needs to clarify there are two types of data under discussion: authoritative registry data and data provided by network operators. He also proposed that rather than totally separating the data stores, these two data types could be distinctly ‘tagged’ so the source was apparent.
Aaron Hughes, ARIN Board of Trustees, suggested that a better solution might be found if a group were convened to investigate the issue, as it is a global problem that affects all RIRs. He proposed an outcome document or RFC for a system where whois data can accumulate attestations, similar to a reputation system.
Paul Rendek of the RIPE NCC said the proposal to separate the registry data from the customer assignments sounded a bit like ‘kicking the bucket down the road’ because it gave the appearance of cleaning up the whois, but in fact was just moving the problem data to a different location.
In response, George Kuo explained that creating separate stores for each data would not reduce the Secretariat’s commitment to helping the community improve the data quality.
Paul Rendek noted that while each RIR has a different perspective, all regions share the same challenge and so perhaps the proposal to split the whois could be looked at from a global perspective.
Izumi Okutani of JPNIC spoke agreeing that the discussion would need to be the subject of a wider consultation that those present for the current SIG meeting.
Policy SIG Chair, Masato Yamanishi closed the discussion noting that there was clearly support for continuing the discussion and acknowledging the suggestion that other communities might need to be consulted before any decision could be made.
The Chair requested the Secretariat prepare this summary of the discussion.