From memsvcs at arin.net Wed Jun 4 15:33:05 2003 From: memsvcs at arin.net (Member Services) Date: Wed, 4 Jun 2003 15:33:05 -0400 (EDT) Subject: [ppml] Policy Proposal 2003-9: WHOIS Acceptable Use Policy and Bulk WHOIS Access Message-ID: Policy Proposal 2003-9: WHOIS Acceptable Use Policy and Bulk WHOIS Access ARIN welcomes feedback and discussion about the following policy proposal. This policy was originally proposed in the weeks leading up to the ARIN Public Policy meeting held in Memphis, Tennessee, April 7-8, 2003. As a result of the discussions that occurred on the public policy mailing list and at the meeting, the ARIN Advisory Council decided to recommend to the ARIN Board of Trustees that the proposed policy be abandoned in its present form and that a new policy effort be undertaken. In the weeks following the Public Policy meeting the ARIN AC further discussed this policy and noted the discussion that took place on the public policy list. It was noted that with wording changes that had been suggested, this policy should be discussed further. During the week of May 28, the Chair of the AC contacted the author of the original proposal and discussed this possibility with him. They agreed that this would be a good solution. Accordingly, the AC has voted to recommend that this proposal be further discussed. This policy proposal discussion will take place on the ARIN Public Policy Mailing List (ppml at arin.net). Subscription information is available at http://www.arin.net/mailing_lists/index.html Member Services American Registry for Internet Numbers (ARIN) ### * ### Policy Proposal 2003-9: WHOIS Acceptable Use Policy and Bulk WHOIS Access This proposal obsoletes current Bulk WHOIS Policy 2002-4 and changes current Bulk Whois Acceptable Use Policy (AUP) to become general WHOIS Acceptable Use policy that would apply to all WHOIS queries. In particular: 1. An acceptable use policy called "WHOIS Acceptable Use Policy" is to be published on ARIN website as follows: "ARIN WHOIS Data is for Internet operations and technical research purposes pertaining to Internet Operations only. It may not be used for advertising, direct marketing, marketing research or similar purposes. Use of ARIN WHOIS data for these activities is explicitly forbidden. ARIN requests to be notified of any such activities or suspicions thereof. Redistributing ARIN WHOIS Data is explicitly forbidden. It is permissible to publish data on an individual query or small number of queries at a time basis as long as reasonable precautions are taken to prevent automated querying by database harvesters. ARIN reserves the right to restrict access to the WHOIS database in its sole discretion to ensure operational stability. ARIN may restrict or terminate your access to the WHOIS database for failure to abide by these terms of use. ' 2. Automated Internet-based access to WHOIS data with individual queries (such as by using WHOIS protocol) will include a one-line statement that data is provided and can only be used according to 'ARIN WHOIS Acceptable Use Policy' with a link to where the policy is published on ARIN website, all other access to WHOIS data must include entire ARIN WHOIS AUP. 3. A policy for bulk WHOIS access will be published on ARIN website as follows: "Access to the entire WHOIS database or large portion of it may be obtained by any organization or individual provided that this organization or individual agrees in writing to ARIN WHOIS Acceptable Use Policy. WHOIS data provided under bulk WHOIS access will not include any information that is marked as private. Access to WHOIS data may be by way of: Individual WHOIS queries FTP or other type of download Hard media distribution (such as CDROM) Access provided by means of the public Internet must require authentication if the protocol being used supports it. ARIN may request authentication information be changed on a regular basis for those who desire repeat access to the bulk data. Bulk WHOIS requests for CDROM or similar hard media delivery must be filled and signed individually for each request and ARIN may charge an appropriate fee to cover media and labor costs." From william at elan.net Wed Jun 4 13:04:00 2003 From: william at elan.net (william at elan.net) Date: Wed, 4 Jun 2003 10:04:00 -0700 (PDT) Subject: [ppml] Re: [arin-announce] Policy Proposal 2003-9: WHOIS Acceptable Use Policy and Bulk WHOIS Access In-Reply-To: Message-ID: For those interested I made a little history page regarding this proposal, it includes all the versions that were produced as well as my appeal letter to AC to withdraw its recomendation as well as copies and links to discussions on ppml and otherwise that have relevance to proposal: http://www.elan.net/~william/arin_whoisaup_history.htm On Wed, 4 Jun 2003, Member Services wrote: > > Policy Proposal 2003-9: WHOIS Acceptable Use Policy > and Bulk WHOIS Access > > ARIN welcomes feedback and discussion about the following policy > proposal. This policy was originally proposed in the weeks leading up > to the ARIN Public Policy meeting held in Memphis, Tennessee, April 7-8, > 2003. As a result of the discussions that occurred on the public policy > mailing list and at the meeting, the ARIN Advisory Council decided to > recommend to the ARIN Board of Trustees that the proposed policy be > abandoned in its present form and that a new policy effort be undertaken. > > In the weeks following the Public Policy meeting the ARIN AC further > discussed this policy and noted the discussion that took place on the > public policy list. It was noted that with wording changes that had been > suggested, this policy should be discussed further. During the week of > May 28, the Chair of the AC contacted the author of the original > proposal and discussed this possibility with him. They agreed that this > would be a good solution. Accordingly, the AC has voted to recommend > that this proposal be further discussed. > > This policy proposal discussion will take place on the ARIN Public > Policy Mailing List (ppml at arin.net). Subscription information is > available at http://www.arin.net/mailing_lists/index.html > > Member Services > American Registry for Internet Numbers (ARIN) > > ### * ### > > Policy Proposal 2003-9: WHOIS Acceptable Use Policy and > Bulk WHOIS Access > > > This proposal obsoletes current Bulk WHOIS Policy 2002-4 and changes > current Bulk Whois Acceptable Use Policy (AUP) to become general WHOIS > Acceptable Use policy that would apply to all WHOIS queries. In > particular: > > 1. An acceptable use policy called "WHOIS Acceptable Use Policy" is to > be published on ARIN website as follows: > > "ARIN WHOIS Data is for Internet operations and technical research > purposes pertaining to Internet Operations only. It may not be used for > advertising, direct marketing, marketing research or similar purposes. > Use of ARIN WHOIS data for these activities is explicitly forbidden. > ARIN requests to be notified of any such activities or suspicions > thereof. > > Redistributing ARIN WHOIS Data is explicitly forbidden. It is > permissible to publish data on an individual query or small number of > queries at a time basis as long as reasonable precautions are taken to > prevent automated querying by database harvesters. ARIN reserves the > right to restrict access to the WHOIS database in its sole discretion to > ensure operational stability. > > ARIN may restrict or terminate your access to the WHOIS database for > failure to abide by these terms of use. ' > > 2. Automated Internet-based access to WHOIS data with individual queries > (such as by using WHOIS protocol) will include a one-line statement > that data is provided and can only be used according to 'ARIN WHOIS > Acceptable Use Policy' with a link to where the policy is published on > ARIN website, all other access to WHOIS data must include entire ARIN > WHOIS AUP. > > 3. A policy for bulk WHOIS access will be published on ARIN website as > follows: > > "Access to the entire WHOIS database or large portion of it may be > obtained by any organization or individual provided that this > organization or individual agrees in writing to ARIN WHOIS Acceptable > Use Policy. WHOIS data provided under bulk WHOIS access will not include > any information that is marked as private. > > Access to WHOIS data may be by way of: > > Individual WHOIS queries > > FTP or other type of download > > Hard media distribution (such as CDROM) > > Access provided by means of the public Internet must require > authentication if the protocol being used supports it. ARIN may request > authentication information be changed on a regular basis for those who > desire repeat access to the bulk data. Bulk WHOIS requests for CDROM or > similar hard media delivery must be filled and signed individually for > each request and ARIN may charge an appropriate fee to cover media and > labor costs." > From Stacy_Taylor at icgcomm.com Thu Jun 5 13:17:52 2003 From: Stacy_Taylor at icgcomm.com (Taylor, Stacy) Date: Thu, 5 Jun 2003 11:17:52 -0600 Subject: No subject Message-ID: <5BDB545714D0764F8452CC5A25DDEEFA04DAE11F@denexg21.icgcomm.com> Dear William, Regarding your formal request for the reversal of the AC decision to abandon Policy Proposal 2003-9, we are happy to inform you that the AC had completed that action prior to receiving your request. Please refer to the announcement from Member Services that was posted to the PPML yesterday at 3:39 PM EDT. The AC would like to thank you for actively participating in the ARIN Policy Proposal Evaluation Process. Thank you, Stacy Taylor Member of the ARIN AC From Michael.Dillon at radianz.com Fri Jun 6 06:15:13 2003 From: Michael.Dillon at radianz.com (Michael.Dillon at radianz.com) Date: Fri, 6 Jun 2003 11:15:13 +0100 Subject: [ppml] Policy Proposal 2003-9: WHOIS Acceptable Use Policy and Bulk WHOIS Access Message-ID: >Policy Proposal 2003-9: WHOIS Acceptable Use Policy >and Bulk WHOIS Access It's short, easy to read and easy to understand. I like it. --Michael Dillon From john at chagres.net Tue Jun 10 01:34:25 2003 From: john at chagres.net (John M. Brown) Date: Mon, 9 Jun 2003 23:34:25 -0600 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) Message-ID: <000101c32f11$f4204190$feecdfd8@laptoy> 3. A policy for bulk WHOIS and or ARIN INADDR access will be published on ARIN website as follows: "Access to the entire WHOIS or ARIN INADDR database or large portion of it may be obtained by any organization or individual provided that this organization or individual agrees in writing to ARIN WHOIS/INADDR Acceptable Use Policy. WHOIS or ARIN INADDR data provided under bulk WHOIS access will not include any information that is marked as private. Access to WHOIS/INADDR data may be by way of: Individual WHOIS/DNS queries FTP or other type of download Hard media distribution (such as CDROM) ----- Given that ARIN now has policy 2002-1 Lame In-addr, providing access to the in-addr view that ARIN has would be useful for the internet operational and research community, and help reduce lame issues. This access would allow service providers access to the IN-ADDR tree and allow them to self verify what deligations they are listed as authoritative for. It would allow the research community a better source of data for research and other activities. respectfully, john brown From william at elan.net Tue Jun 10 01:43:31 2003 From: william at elan.net (william at elan.net) Date: Mon, 9 Jun 2003 22:43:31 -0700 (PDT) Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <000101c32f11$f4204190$feecdfd8@laptoy> Message-ID: Why do you need policy for providing in-addr data as bulk? I think ARIN already provides this all publicly as it, see ftp://ftp.arin.net/pub/zones Do you need something more then that? On Mon, 9 Jun 2003, John M. Brown wrote: > 3. A policy for bulk WHOIS and or ARIN INADDR access will be published > on > ARIN website as follows: > > "Access to the entire WHOIS or ARIN INADDR database or large portion of > it may be obtained by any organization or individual provided that this > organization or individual agrees in writing to ARIN WHOIS/INADDR > Acceptable > Use Policy. WHOIS or ARIN INADDR data provided under bulk WHOIS access > will not include any information that is marked as private. > > Access to WHOIS/INADDR data may be by way of: > > Individual WHOIS/DNS queries > > FTP or other type of download > > Hard media distribution (such as CDROM) > > > ----- > > Given that ARIN now has policy 2002-1 Lame In-addr, providing > access to the in-addr view that ARIN has would be useful for > the internet operational and research community, and help reduce > lame issues. This access would allow service providers access > to the IN-ADDR tree and allow them to self verify what > deligations they are listed as authoritative for. It would > allow the research community a better source of data for > research and other activities. > > > respectfully, > > john brown From john at chagres.net Tue Jun 10 06:13:01 2003 From: john at chagres.net (John M. Brown) Date: Tue, 10 Jun 2003 04:13:01 -0600 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: Message-ID: <000601c32f38$dfb0b600$feecdfd8@laptoy> because that URL does not provide complete data and is only for a specific project, per richardj (6-6-03). research the allocated space as listed at http://www.iana.org/assignments/ipv4-address-space and you will find the ftp site is missing a good chuck of space. > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of william at elan.net > Sent: Monday, June 09, 2003 11:44 PM > To: John M. Brown > Cc: ppml at arin.net > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > (WHOIS and INADDR access) > > > Why do you need policy for providing in-addr data as bulk? I > think ARIN > already provides this all publicly as it, see > ftp://ftp.arin.net/pub/zones > > Do you need something more then > that? > > On Mon, 9 Jun 2003, John M. Brown wrote: > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > be published > > on > > ARIN website as follows: > > > > "Access to the entire WHOIS or ARIN INADDR database or > large portion > > of > > it may be obtained by any organization or individual > provided that this > > organization or individual agrees in writing to ARIN WHOIS/INADDR > > Acceptable > > Use Policy. WHOIS or ARIN INADDR data provided under bulk > WHOIS access > > will not include any information that is marked as private. > > > > Access to WHOIS/INADDR data may be by way of: > > > > Individual WHOIS/DNS queries > > > > FTP or other type of download > > > > Hard media distribution (such as CDROM) > > > > > > ----- > > > > Given that ARIN now has policy 2002-1 Lame In-addr, > providing access > > to the in-addr view that ARIN has would be useful for the internet > > operational and research community, and help reduce lame > issues. This > > access would allow service providers access to the IN-ADDR tree and > > allow them to self verify what deligations they are listed as > > authoritative for. It would allow the research community a better > > source of data for research and other activities. > > > > > > respectfully, > > > > john brown > From william at elan.net Tue Jun 10 03:44:26 2003 From: william at elan.net (william at elan.net) Date: Tue, 10 Jun 2003 00:44:26 -0700 (PDT) Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <000601c32f38$dfb0b600$feecdfd8@laptoy> Message-ID: On Tue, 10 Jun 2003, John M. Brown wrote: > because that URL does not provide complete data and > is only for a specific project, per richardj (6-6-03). > > research the allocated space as listed at > http://www.iana.org/assignments/ipv4-address-space > > and you will find the ftp site is missing a good chuck > of space. Fine, lets get ARIN to listen and provide the data for all other /8 blocks! Still the question is do we need a policy for this? If we do should it actually require authentication similar to bulk whois to get the data or is current system of getting it by ftp enough? In my opinion adding in-addr to bulk-whois proposal is both not approriate as whois data is a lot more complex and has rather specific privacy issues, its unnecessory and it sounds bad as far as you wrote it (i.e. what you proposed - "arin whois inaddr aup"). First I think we need to ask ARIN if they are willing to get all the inaddr data out on their ftp site on their own based on current polices and procedures (they do after all provide entire ASN list including all those ASNs they inherited from Internic, so why is it so different for inaddr?). If they do not want to do it, then propose a simple policy: "ARIN will provide public access to complete INADDR data for all ip blocks in its database for public download by ftp" > > -----Original Message----- > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > > Behalf Of william at elan.net > > Sent: Monday, June 09, 2003 11:44 PM > > To: John M. Brown > > Cc: ppml at arin.net > > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > > (WHOIS and INADDR access) > > > > > > Why do you need policy for providing in-addr data as bulk? I > > think ARIN > > already provides this all publicly as it, see > > ftp://ftp.arin.net/pub/zones > > > > Do you need something more then > > that? > > > > On Mon, 9 Jun 2003, John M. Brown wrote: > > > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > > be published > > > on > > > ARIN website as follows: > > > > > > "Access to the entire WHOIS or ARIN INADDR database or > > large portion > > > of > > > it may be obtained by any organization or individual > > provided that this > > > organization or individual agrees in writing to ARIN WHOIS/INADDR > > > Acceptable > > > Use Policy. WHOIS or ARIN INADDR data provided under bulk > > WHOIS access > > > will not include any information that is marked as private. > > > > > > Access to WHOIS/INADDR data may be by way of: > > > > > > Individual WHOIS/DNS queries > > > > > > FTP or other type of download > > > > > > Hard media distribution (such as CDROM) > > > > > > > > > ----- > > > > > > Given that ARIN now has policy 2002-1 Lame In-addr, > > providing access > > > to the in-addr view that ARIN has would be useful for the internet > > > operational and research community, and help reduce lame > > issues. This > > > access would allow service providers access to the IN-ADDR tree and > > > allow them to self verify what deligations they are listed as > > > authoritative for. It would allow the research community a better > > > source of data for research and other activities. > > > > > > > > > respectfully, > > > > > > john brown > > From john at chagres.net Tue Jun 10 06:39:18 2003 From: john at chagres.net (John Brown) Date: Tue, 10 Jun 2003 04:39:18 -0600 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: ; from william@elan.net on Tue, Jun 10, 2003 at 12:44:26AM -0700 References: <000601c32f38$dfb0b600$feecdfd8@laptoy> Message-ID: <20030610043918.A88537@alderaan.chagres.net> On Tue, Jun 10, 2003 at 12:44:26AM -0700, william at elan.net wrote: > > Fine, lets get ARIN to listen and provide the data for all other /8 blocks! I think that is an over statment, and certainly not something I'm asking for. ARIN was clearly specifide and not the other RIR's. For them they each have their proper venue, and its not here. > > Still the question is do we need a policy for this? If we do should it > actually require authentication similar to bulk whois to get the data or > is current system of getting it by ftp enough? Based on email from ARIN staff last fall, they used to provide the data upon request, but started refusing the data until there was a policy in place. The ARIN AC (post my resignation) did not feel it was something in their scope as defined by the board. THe board has said that the AC is to deal with clear and crisp IP allocation policies only. I think even the whois is not within their view based on the direction from the board. > > In my opinion adding in-addr to bulk-whois proposal is both not approriate > as whois data is a lot more complex and has rather specific privacy issues, > its unnecessory and it sounds bad as far as you wrote it (i.e. what you > proposed - "arin whois inaddr aup"). I agree, WHOIS is more complex and has privacy issues. Hence the IN-ADDR should be an easy issue to deal with. I don't believe I used those words you are attributing to me. Please correct or quote correctly.... What I stated is that access to the whois OR inaddr carried with it the same level of restrictions and conditions. This would be more protection for the IN-ADDR and continue to protect the whois data. > First I think we need to ask ARIN if they are willing to get all the > inaddr data out on their ftp site on their own based on current polices > and procedures (they do after all provide entire ASN list including all > those ASNs they inherited from Internic, so why is it so different for > inaddr?). If they do not want to do it, then propose a simple policy: > "ARIN will provide public access to complete INADDR data for all ip > blocks in its database for public download by ftp" Well todate ARIN has refused to provide IN-ADDR lacking a policy. I can dig up the email from ARIN staff issued last fall, if needed. Agreed they have the ASN data, the IN-ADDR seems easy as well since they have to gen the zone for their NS set anyway. Personally I believe that ARIN should have an AUP for this data. John Brown > > > > -----Original Message----- > > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > > > Behalf Of william at elan.net > > > Sent: Monday, June 09, 2003 11:44 PM > > > To: John M. Brown > > > Cc: ppml at arin.net > > > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > > > (WHOIS and INADDR access) > > > > > > > > > Why do you need policy for providing in-addr data as bulk? I > > > think ARIN > > > already provides this all publicly as it, see > > > ftp://ftp.arin.net/pub/zones > > > > > > Do you need something more then > > > that? > > > > > > On Mon, 9 Jun 2003, John M. Brown wrote: > > > > > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > > > be published > > > > on > > > > ARIN website as follows: > > > > > > > > "Access to the entire WHOIS or ARIN INADDR database or > > > large portion > > > > of > > > > it may be obtained by any organization or individual > > > provided that this > > > > organization or individual agrees in writing to ARIN WHOIS/INADDR > > > > Acceptable > > > > Use Policy. WHOIS or ARIN INADDR data provided under bulk > > > WHOIS access > > > > will not include any information that is marked as private. > > > > > > > > Access to WHOIS/INADDR data may be by way of: > > > > > > > > Individual WHOIS/DNS queries > > > > > > > > FTP or other type of download > > > > > > > > Hard media distribution (such as CDROM) > > > > > > > > > > > > ----- > > > > > > > > Given that ARIN now has policy 2002-1 Lame In-addr, > > > providing access > > > > to the in-addr view that ARIN has would be useful for the internet > > > > operational and research community, and help reduce lame > > > issues. This > > > > access would allow service providers access to the IN-ADDR tree and > > > > allow them to self verify what deligations they are listed as > > > > authoritative for. It would allow the research community a better > > > > source of data for research and other activities. > > > > > > > > > > > > respectfully, > > > > > > > > john brown > > > > From william at elan.net Tue Jun 10 04:42:56 2003 From: william at elan.net (william at elan.net) Date: Tue, 10 Jun 2003 01:42:56 -0700 (PDT) Subject: Public access to IN-ADDR zone files (was - Re: [ppml] A proposal to modify proposal 2003-9 WHOIS and INADDR access) In-Reply-To: <20030610043918.A88537@alderaan.chagres.net> Message-ID: I'll wait for an answer on this maillist from ARIN staff and if in their view policy is necessary step for them to release all in-addr zone files. Also as representatives of all other RIRs are present, perhaps they would like to comment if their RIR has policies in regards to INADDR access and if so what they are and how it is handled. If it is clear INADDR policy is necessary and there are others on the mailing list who think it should go together with whois, then I'll consider modifying whois aup policy to include references to inaddr zones. My others comments to your email inline... On Tue, 10 Jun 2003, John Brown wrote: > On Tue, Jun 10, 2003 at 12:44:26AM -0700, william at elan.net wrote: > > > > Fine, lets get ARIN to listen and provide the data for all other /8 blocks! > > I think that is an over statment, and certainly not something I'm asking for. Yes, I sometimes make statements like that just go get the point across :) > ARIN was clearly specifide and not the other RIR's. For them they each > have their proper venue, and its not here. I only meant for /8 blocks in ARIN region (which is to include all legacy ip block currently under ARIN control). > > Still the question is do we need a policy for this? If we do should it > > actually require authentication similar to bulk whois to get the data or > > is current system of getting it by ftp enough? > > Based on email from ARIN staff last fall, they used to provide the data > upon request, but started refusing the data until there was a policy in > place. > > The ARIN AC (post my resignation) did not feel it was something in their > scope as defined by the board. THe board has said that the AC is to > deal with clear and crisp IP allocation policies only. I think even > the whois is not within their view based on the direction from the board. Based on their recent behavior ARIN AC clearly saw whois as something in their "view" even more then that as they tried to push everyone else out. I'm not about to into another discussion on what ARIN AC does/did right or wrong now or before and I already said that I do not agree about ARIN AC being moved into policy making position rather then having them provide guidence on unclear operational issues that ARIN may have. But it does not matter if its AC issue or if they are dealing with it or not, if this is something people want and ARIN is not willing to do it on its own and wants policy in place for it, then you should propose such a policy and I'll support you in that. > > In my opinion adding in-addr to bulk-whois proposal is both not approriate > > as whois data is a lot more complex and has rather specific privacy issues, > > its unnecessory and it sounds bad as far as you wrote it (i.e. what you > > proposed - "arin whois inaddr aup"). > > I agree, WHOIS is more complex and has privacy issues. Hence the IN-ADDR > should be an easy issue to deal with. That is why it should be separate issue from whois. > I don't believe I used those words you are attributing to me. Please > correct or quote correctly.... "ARIN WHOIS/INADDR Acceptable Use Policy" - directly from your email below > What I stated is that access to the whois OR inaddr carried with it the > same level of restrictions and conditions. This would be more protection > for the IN-ADDR and continue to protect the whois data. Why do we need protection for IN-ADDR? Has this ever been missused? How? > > First I think we need to ask ARIN if they are willing to get all the > > inaddr data out on their ftp site on their own based on current polices > > and procedures (they do after all provide entire ASN list including all > > those ASNs they inherited from Internic, so why is it so different for > > inaddr?). If they do not want to do it, then propose a simple policy: > > "ARIN will provide public access to complete INADDR data for all ip > > blocks in its database for public download by ftp" > > Well todate ARIN has refused to provide IN-ADDR lacking a policy. I can > dig up the email from ARIN staff issued last fall, if needed. Dig up, in the mean time, lets wait for somebody from arin staff to answer on the list. > Agreed they have the ASN data, the IN-ADDR seems easy as well since they > have to gen the zone for their NS set anyway. Exactly! > Personally I believe that ARIN should have an AUP for this data. Can you elaborate on why and explain the reasons? > John Brown > > > > > > > -----Original Message----- > > > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > > > > Behalf Of william at elan.net > > > > Sent: Monday, June 09, 2003 11:44 PM > > > > To: John M. Brown > > > > Cc: ppml at arin.net > > > > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > > > > (WHOIS and INADDR access) > > > > > > > > > > > > Why do you need policy for providing in-addr data as bulk? I > > > > think ARIN > > > > already provides this all publicly as it, see > > > > ftp://ftp.arin.net/pub/zones > > > > > > > > Do you need something more then > > > > that? > > > > > > > > On Mon, 9 Jun 2003, John M. Brown wrote: > > > > > > > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > > > > be published > > > > > on > > > > > ARIN website as follows: > > > > > > > > > > "Access to the entire WHOIS or ARIN INADDR database or > > > > large portion > > > > > of > > > > > it may be obtained by any organization or individual > > > > provided that this > > > > > organization or individual agrees in writing to ARIN WHOIS/INADDR > > > > > Acceptable > > > > > Use Policy. WHOIS or ARIN INADDR data provided under bulk > > > > WHOIS access > > > > > will not include any information that is marked as private. > > > > > > > > > > Access to WHOIS/INADDR data may be by way of: > > > > > > > > > > Individual WHOIS/DNS queries > > > > > > > > > > FTP or other type of download > > > > > > > > > > Hard media distribution (such as CDROM) > > > > > > > > > > > > > > > ----- > > > > > > > > > > Given that ARIN now has policy 2002-1 Lame In-addr, > > > > providing access > > > > > to the in-addr view that ARIN has would be useful for the internet > > > > > operational and research community, and help reduce lame > > > > issues. This > > > > > access would allow service providers access to the IN-ADDR tree and > > > > > allow them to self verify what deligations they are listed as > > > > > authoritative for. It would allow the research community a better > > > > > source of data for research and other activities. > > > > > > > > > > > > > > > respectfully, > > > > > > > > > > john brown From owen at delong.com Tue Jun 10 12:09:16 2003 From: owen at delong.com (Owen DeLong) Date: Tue, 10 Jun 2003 09:09:16 -0700 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <20030610043918.A88537@alderaan.chagres.net> References: <000601c32f38$dfb0b600$feecdfd8@laptoy> <20030610043918.A88537@alderaan.chagres.net> Message-ID: <2147483647.1055236156@imac-en0.delong.sj.ca.us> OK... I guess I'll throw my hat in the ring here... I think that the IN-ADDR data should be provided. If ARIN staff feels a policy is needed, then I think two things have happened... 1. ARIN staff has become too policy focused. IN-ADDR can be easily mapped by repeatedly hitting the DNS servers and there are no privacy issues with it. The data should simply be made available. As such, I hope this will provide the impetus for RichardJ to get whatever approvals are necessary from ARIN Management/BOD to make this happen without policy. 2. We have discovered the need for additional clarification to the ARIN staff of what should and should not require formal public policies to accomplish. Personally, I think that the ARIN IN-ADDR zone file(s) should be made available via FTP and/or HTTP and that should be the end of it. However, I am not diametrically opposed to applying the same AUP to WHOIS and IN-ADDR. I think it is policy overkill, but, it's certainly better than not having the IN-ADDR information available at all. Owen --On Tuesday, June 10, 2003 4:39 AM -0600 John Brown wrote: > On Tue, Jun 10, 2003 at 12:44:26AM -0700, william at elan.net wrote: >> >> Fine, lets get ARIN to listen and provide the data for all other /8 >> blocks! > > I think that is an over statment, and certainly not something I'm asking > for. ARIN was clearly specifide and not the other RIR's. For them they > each have their proper venue, and its not here. > > >> >> Still the question is do we need a policy for this? If we do should it >> actually require authentication similar to bulk whois to get the data or >> is current system of getting it by ftp enough? > > Based on email from ARIN staff last fall, they used to provide the data > upon request, but started refusing the data until there was a policy in > place. > > The ARIN AC (post my resignation) did not feel it was something in their > scope as defined by the board. THe board has said that the AC is to > deal with clear and crisp IP allocation policies only. I think even > the whois is not within their view based on the direction from the board. > > >> >> In my opinion adding in-addr to bulk-whois proposal is both not >> approriate as whois data is a lot more complex and has rather specific >> privacy issues, its unnecessory and it sounds bad as far as you wrote it >> (i.e. what you proposed - "arin whois inaddr aup"). > > I agree, WHOIS is more complex and has privacy issues. Hence the IN-ADDR > should be an easy issue to deal with. > > I don't believe I used those words you are attributing to me. Please > correct or quote correctly.... > > What I stated is that access to the whois OR inaddr carried with it the > same level of restrictions and conditions. This would be more protection > for the IN-ADDR and continue to protect the whois data. > > > >> First I think we need to ask ARIN if they are willing to get all the >> inaddr data out on their ftp site on their own based on current polices >> and procedures (they do after all provide entire ASN list including all >> those ASNs they inherited from Internic, so why is it so different for >> inaddr?). If they do not want to do it, then propose a simple policy: >> "ARIN will provide public access to complete INADDR data for all ip >> blocks in its database for public download by ftp" > > Well todate ARIN has refused to provide IN-ADDR lacking a policy. I can > dig up the email from ARIN staff issued last fall, if needed. > > Agreed they have the ASN data, the IN-ADDR seems easy as well since they > have to gen the zone for their NS set anyway. > > Personally I believe that ARIN should have an AUP for this data. > > John Brown > >> >> > > -----Original Message----- >> > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On >> > > Behalf Of william at elan.net >> > > Sent: Monday, June 09, 2003 11:44 PM >> > > To: John M. Brown >> > > Cc: ppml at arin.net >> > > Subject: Re: [ppml] A proposal to modify proposal 2003-9 >> > > (WHOIS and INADDR access) >> > > >> > > >> > > Why do you need policy for providing in-addr data as bulk? I >> > > think ARIN >> > > already provides this all publicly as it, see >> > > ftp://ftp.arin.net/pub/zones >> > > >> > > Do you need something more then >> > > that? >> > > >> > > On Mon, 9 Jun 2003, John M. Brown wrote: >> > > >> > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will >> > > be published >> > > > on >> > > > ARIN website as follows: >> > > > >> > > > "Access to the entire WHOIS or ARIN INADDR database or >> > > large portion >> > > > of >> > > > it may be obtained by any organization or individual >> > > provided that this >> > > > organization or individual agrees in writing to ARIN WHOIS/INADDR >> > > > Acceptable >> > > > Use Policy. WHOIS or ARIN INADDR data provided under bulk >> > > WHOIS access >> > > > will not include any information that is marked as private. >> > > > >> > > > Access to WHOIS/INADDR data may be by way of: >> > > > >> > > > Individual WHOIS/DNS queries >> > > > >> > > > FTP or other type of download >> > > > >> > > > Hard media distribution (such as CDROM) >> > > > >> > > > >> > > > ----- >> > > > >> > > > Given that ARIN now has policy 2002-1 Lame In-addr, >> > > providing access >> > > > to the in-addr view that ARIN has would be useful for the internet >> > > > operational and research community, and help reduce lame >> > > issues. This >> > > > access would allow service providers access to the IN-ADDR tree >> > > > and allow them to self verify what deligations they are listed as >> > > > authoritative for. It would allow the research community a better >> > > > source of data for research and other activities. >> > > > >> > > > >> > > > respectfully, >> > > > >> > > > john brown >> > > >> From baptista at dot-god.com Tue Jun 10 12:32:57 2003 From: baptista at dot-god.com (Joe Baptista) Date: Tue, 10 Jun 2003 12:32:57 -0400 (EDT) Subject: [ppml] INADDR access should be axfr off all the INADDR DNS servers (WAS) A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <2147483647.1055236156@imac-en0.delong.sj.ca.us> Message-ID: Frankly I think restricting access to the INADDR zone is lunacy. What if all the INADDR servers are under attack and reverse resolution goes offline. Would it not be nice if ISP's had the option of slaving the zone via axfr. Of course the zone is now a mess. And I did not give permission nor have any of the legacy ipv4 allocations been given an opportunity to comment. It was my understanding that our reverse resolution was IN-ADDR.arpa. Now I find out we no longer have our allocation listed in the IN-ADDR.arpa zone. Instead in one case we now are listed in the 199.IN-ADDR.arpa zone. and so on and so forth. It seems that arin has taken over our zones without our permission, consent or knowledge. I never agreed to this when we applied for our direct allocations. Does anyone know. What are the legal ramification of the RIR taking over legacy IN-ADDR.arpa zones. Was there a policy covering this? In any case dividing the IN-ADDR.arpa into zones controlled by the RIR is not in my opinion good policy. In order to avoid disaster in case of attack against the IN-ADDR.arpa zone it would be prudent for isp's to have the ability to slave the zone. but the way it's now divided up is a nighmare to anyone since you have to slave bits and pieces of it and that provided the RIR's have axfr turned on, and you know which zones you want to slave and which RIR carries it. What nonsense. I personally used to slave IN-ADDR.arpa and now i can't anymore since it no longer provides the security needed to avoid a potential attach againt the IN-ADDR.arpa servers. The RIR being in the middle have messed it up. regards joe baptista Joe Baptista - only at www.baptista.god another useless fact .... A bolt of lightning can strike the Earth with a force as great as 100 million volts. On Tue, 10 Jun 2003, Owen DeLong wrote: > OK... I guess I'll throw my hat in the ring here... > > I think that the IN-ADDR data should be provided. If ARIN staff feels > a policy is needed, then I think two things have happened... > > 1. ARIN staff has become too policy focused. IN-ADDR can > be easily mapped by repeatedly hitting the DNS servers > and there are no privacy issues with it. The data should > simply be made available. As such, I hope this will provide > the impetus for RichardJ to get whatever approvals are > necessary from ARIN Management/BOD to make this happen without > policy. > > 2. We have discovered the need for additional clarification to > the ARIN staff of what should and should not require > formal public policies to accomplish. > > Personally, I think that the ARIN IN-ADDR zone file(s) should be made > available > via FTP and/or HTTP and that should be the end of it. > > However, I am not diametrically opposed to applying the same AUP to WHOIS > and IN-ADDR. I think it is policy overkill, but, it's certainly better > than not having the IN-ADDR information available at all. > > Owen > > > --On Tuesday, June 10, 2003 4:39 AM -0600 John Brown > wrote: > > > On Tue, Jun 10, 2003 at 12:44:26AM -0700, william at elan.net wrote: > >> > >> Fine, lets get ARIN to listen and provide the data for all other /8 > >> blocks! > > > > I think that is an over statment, and certainly not something I'm asking > > for. ARIN was clearly specifide and not the other RIR's. For them they > > each have their proper venue, and its not here. > > > > > >> > >> Still the question is do we need a policy for this? If we do should it > >> actually require authentication similar to bulk whois to get the data or > >> is current system of getting it by ftp enough? > > > > Based on email from ARIN staff last fall, they used to provide the data > > upon request, but started refusing the data until there was a policy in > > place. > > > > The ARIN AC (post my resignation) did not feel it was something in their > > scope as defined by the board. THe board has said that the AC is to > > deal with clear and crisp IP allocation policies only. I think even > > the whois is not within their view based on the direction from the board. > > > > > >> > >> In my opinion adding in-addr to bulk-whois proposal is both not > >> approriate as whois data is a lot more complex and has rather specific > >> privacy issues, its unnecessory and it sounds bad as far as you wrote it > >> (i.e. what you proposed - "arin whois inaddr aup"). > > > > I agree, WHOIS is more complex and has privacy issues. Hence the IN-ADDR > > should be an easy issue to deal with. > > > > I don't believe I used those words you are attributing to me. Please > > correct or quote correctly.... > > > > What I stated is that access to the whois OR inaddr carried with it the > > same level of restrictions and conditions. This would be more protection > > for the IN-ADDR and continue to protect the whois data. > > > > > > > >> First I think we need to ask ARIN if they are willing to get all the > >> inaddr data out on their ftp site on their own based on current polices > >> and procedures (they do after all provide entire ASN list including all > >> those ASNs they inherited from Internic, so why is it so different for > >> inaddr?). If they do not want to do it, then propose a simple policy: > >> "ARIN will provide public access to complete INADDR data for all ip > >> blocks in its database for public download by ftp" > > > > Well todate ARIN has refused to provide IN-ADDR lacking a policy. I can > > dig up the email from ARIN staff issued last fall, if needed. > > > > Agreed they have the ASN data, the IN-ADDR seems easy as well since they > > have to gen the zone for their NS set anyway. > > > > Personally I believe that ARIN should have an AUP for this data. > > > > John Brown > > > >> > >> > > -----Original Message----- > >> > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > >> > > Behalf Of william at elan.net > >> > > Sent: Monday, June 09, 2003 11:44 PM > >> > > To: John M. Brown > >> > > Cc: ppml at arin.net > >> > > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > >> > > (WHOIS and INADDR access) > >> > > > >> > > > >> > > Why do you need policy for providing in-addr data as bulk? I > >> > > think ARIN > >> > > already provides this all publicly as it, see > >> > > ftp://ftp.arin.net/pub/zones > >> > > > >> > > Do you need something more then > >> > > that? > >> > > > >> > > On Mon, 9 Jun 2003, John M. Brown wrote: > >> > > > >> > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > >> > > be published > >> > > > on > >> > > > ARIN website as follows: > >> > > > > >> > > > "Access to the entire WHOIS or ARIN INADDR database or > >> > > large portion > >> > > > of > >> > > > it may be obtained by any organization or individual > >> > > provided that this > >> > > > organization or individual agrees in writing to ARIN WHOIS/INADDR > >> > > > Acceptable > >> > > > Use Policy. WHOIS or ARIN INADDR data provided under bulk > >> > > WHOIS access > >> > > > will not include any information that is marked as private. > >> > > > > >> > > > Access to WHOIS/INADDR data may be by way of: > >> > > > > >> > > > Individual WHOIS/DNS queries > >> > > > > >> > > > FTP or other type of download > >> > > > > >> > > > Hard media distribution (such as CDROM) > >> > > > > >> > > > > >> > > > ----- > >> > > > > >> > > > Given that ARIN now has policy 2002-1 Lame In-addr, > >> > > providing access > >> > > > to the in-addr view that ARIN has would be useful for the internet > >> > > > operational and research community, and help reduce lame > >> > > issues. This > >> > > > access would allow service providers access to the IN-ADDR tree > >> > > > and allow them to self verify what deligations they are listed as > >> > > > authoritative for. It would allow the research community a better > >> > > > source of data for research and other activities. > >> > > > > >> > > > > >> > > > respectfully, > >> > > > > >> > > > john brown > >> > > > >> > > > From ahp at hilander.com Tue Jun 10 13:24:16 2003 From: ahp at hilander.com (Alec H. Peterson) Date: Tue, 10 Jun 2003 11:24:16 -0600 Subject: [ppml] INADDR access should be axfr off all the INADDR DNS servers (WAS) A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: References: Message-ID: <2147483647.1055244256@[192.168.255.1]> AXFR places far more load on a DNS server than an FTP download places on an FTP server. When a DNS server serves an AXFR request, it has to build what it is sending on the fly, out of the copy that it has in its database (be that database in-core or somwhere else). All an FTP server needs to do is read the data off of disk and spew it out a TCP socket. This is why the various large TLDs do not provide access to their zones via AXFR. FTP (or HTTP or whatever) is a far more efficient method to serve a large chunk of data. Alec --On Tuesday, June 10, 2003 12:32 -0400 Joe Baptista wrote: > > Frankly I think restricting access to the INADDR zone is lunacy. What if > all the INADDR servers are under attack and reverse resolution goes > offline. Would it not be nice if ISP's had the option of slaving the > zone via axfr. > > Of course the zone is now a mess. And I did not give permission nor have > any of the legacy ipv4 allocations been given an opportunity to comment. > > It was my understanding that our reverse resolution was IN-ADDR.arpa. Now > I find out we no longer have our allocation listed in the IN-ADDR.arpa > zone. Instead in one case we now are listed in the 199.IN-ADDR.arpa zone. > and so on and so forth. It seems that arin has taken over our zones > without our permission, consent or knowledge. I never agreed to this when > we applied for our direct allocations. Does anyone know. What are the > legal ramification of the RIR taking over legacy IN-ADDR.arpa zones. Was > there a policy covering this? > > In any case dividing the IN-ADDR.arpa into zones controlled by the RIR is > not in my opinion good policy. In order to avoid disaster in case of > attack against the IN-ADDR.arpa zone it would be prudent for isp's to have > the ability to slave the zone. but the way it's now divided up is a > nighmare to anyone since you have to slave bits and pieces of it and that > provided the RIR's have axfr turned on, and you know which zones you want > to slave and which RIR carries it. What nonsense. > > I personally used to slave IN-ADDR.arpa and now i can't anymore since it > no longer provides the security needed to avoid a potential attach againt > the IN-ADDR.arpa servers. The RIR being in the middle have messed it up. -- Alec H. Peterson -- ahp at hilander.com Chief Technology Officer Catbird Networks, http://www.catbird.com From jmcburnett at msmgmt.com Tue Jun 10 13:25:05 2003 From: jmcburnett at msmgmt.com (McBurnett, Jim) Date: Tue, 10 Jun 2003 13:25:05 -0400 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) Message-ID: <390E55B947E7C848898AEBB9E5077060014EAB5A@msmdcfs01.msmgmt.com> Owen, I agree with the availability.. And to take that one step farther. Should ARIN decide not to make it available, I foresee what you have said: Repetive DNS server hits. HMM.. I see a script in the works... I imagine a script could pull down the entire database in a week.. And not load the server too much..... And finally, Policies? if ARIN needs a Policy for everything, then how will they every get anything done... But honestly, I think this whole topic is about justifing workload or preventing workload. let's get the label right..... J -----Original Message----- From: Owen DeLong [mailto:owen at delong.com] Sent: Tuesday, June 10, 2003 12:09 PM To: ppml at arin.net Subject: Re: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) OK... I guess I'll throw my hat in the ring here... I think that the IN-ADDR data should be provided. If ARIN staff feels a policy is needed, then I think two things have happened... 1. ARIN staff has become too policy focused. IN-ADDR can be easily mapped by repeatedly hitting the DNS servers and there are no privacy issues with it. The data should simply be made available. As such, I hope this will provide the impetus for RichardJ to get whatever approvals are necessary from ARIN Management/BOD to make this happen without policy. 2. We have discovered the need for additional clarification to the ARIN staff of what should and should not require formal public policies to accomplish. Personally, I think that the ARIN IN-ADDR zone file(s) should be made available via FTP and/or HTTP and that should be the end of it. However, I am not diametrically opposed to applying the same AUP to WHOIS and IN-ADDR. I think it is policy overkill, but, it's certainly better than not having the IN-ADDR information available at all. Owen --On Tuesday, June 10, 2003 4:39 AM -0600 John Brown wrote: > On Tue, Jun 10, 2003 at 12:44:26AM -0700, william at elan.net wrote: >> >> Fine, lets get ARIN to listen and provide the data for all other /8 >> blocks! > > I think that is an over statment, and certainly not something I'm asking > for. ARIN was clearly specifide and not the other RIR's. For them they > each have their proper venue, and its not here. > > >> >> Still the question is do we need a policy for this? If we do should it >> actually require authentication similar to bulk whois to get the data or >> is current system of getting it by ftp enough? > > Based on email from ARIN staff last fall, they used to provide the data > upon request, but started refusing the data until there was a policy in > place. > > The ARIN AC (post my resignation) did not feel it was something in their > scope as defined by the board. THe board has said that the AC is to > deal with clear and crisp IP allocation policies only. I think even > the whois is not within their view based on the direction from the board. > > >> >> In my opinion adding in-addr to bulk-whois proposal is both not >> approriate as whois data is a lot more complex and has rather specific >> privacy issues, its unnecessory and it sounds bad as far as you wrote it >> (i.e. what you proposed - "arin whois inaddr aup"). > > I agree, WHOIS is more complex and has privacy issues. Hence the IN-ADDR > should be an easy issue to deal with. > > I don't believe I used those words you are attributing to me. Please > correct or quote correctly.... > > What I stated is that access to the whois OR inaddr carried with it the > same level of restrictions and conditions. This would be more protection > for the IN-ADDR and continue to protect the whois data. > > > >> First I think we need to ask ARIN if they are willing to get all the >> inaddr data out on their ftp site on their own based on current polices >> and procedures (they do after all provide entire ASN list including all >> those ASNs they inherited from Internic, so why is it so different for >> inaddr?). If they do not want to do it, then propose a simple policy: >> "ARIN will provide public access to complete INADDR data for all ip >> blocks in its database for public download by ftp" > > Well todate ARIN has refused to provide IN-ADDR lacking a policy. I can > dig up the email from ARIN staff issued last fall, if needed. > > Agreed they have the ASN data, the IN-ADDR seems easy as well since they > have to gen the zone for their NS set anyway. > > Personally I believe that ARIN should have an AUP for this data. > > John Brown > >> >> > > -----Original Message----- >> > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On >> > > Behalf Of william at elan.net >> > > Sent: Monday, June 09, 2003 11:44 PM >> > > To: John M. Brown >> > > Cc: ppml at arin.net >> > > Subject: Re: [ppml] A proposal to modify proposal 2003-9 >> > > (WHOIS and INADDR access) >> > > >> > > >> > > Why do you need policy for providing in-addr data as bulk? I >> > > think ARIN >> > > already provides this all publicly as it, see >> > > ftp://ftp.arin.net/pub/zones >> > > >> > > Do you need something more then >> > > that? >> > > >> > > On Mon, 9 Jun 2003, John M. Brown wrote: >> > > >> > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will >> > > be published >> > > > on >> > > > ARIN website as follows: >> > > > >> > > > "Access to the entire WHOIS or ARIN INADDR database or >> > > large portion >> > > > of >> > > > it may be obtained by any organization or individual >> > > provided that this >> > > > organization or individual agrees in writing to ARIN WHOIS/INADDR >> > > > Acceptable >> > > > Use Policy. WHOIS or ARIN INADDR data provided under bulk >> > > WHOIS access >> > > > will not include any information that is marked as private. >> > > > >> > > > Access to WHOIS/INADDR data may be by way of: >> > > > >> > > > Individual WHOIS/DNS queries >> > > > >> > > > FTP or other type of download >> > > > >> > > > Hard media distribution (such as CDROM) >> > > > >> > > > >> > > > ----- >> > > > >> > > > Given that ARIN now has policy 2002-1 Lame In-addr, >> > > providing access >> > > > to the in-addr view that ARIN has would be useful for the internet >> > > > operational and research community, and help reduce lame >> > > issues. This >> > > > access would allow service providers access to the IN-ADDR tree >> > > > and allow them to self verify what deligations they are listed as >> > > > authoritative for. It would allow the research community a better >> > > > source of data for research and other activities. >> > > > >> > > > >> > > > respectfully, >> > > > >> > > > john brown >> > > >> From woody at pch.net Tue Jun 10 13:36:33 2003 From: woody at pch.net (Bill Woodcock) Date: Tue, 10 Jun 2003 10:36:33 -0700 (PDT) Subject: [ppml] INADDR access should be axfr off all the INADDR DNS servers (WAS) A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <2147483647.1055244256@[192.168.255.1]> Message-ID: > When a DNS server serves an AXFR request, it has to build what it is > sending on the fly, out of the copy that it has in its database (be that > database in-core or somwhere else). All an FTP server needs to do is read > the data off of disk and spew it out a TCP socket. > This is why the various large TLDs do not provide access to their zones via > AXFR. If I believed that, you'd have a bridge to sell me. AXFR is handled by separate hosts than production queries in every major TLD operation I know of. So there's no performance impact between the two. -Bill From ahp at hilander.com Tue Jun 10 13:42:53 2003 From: ahp at hilander.com (Alec H. Peterson) Date: Tue, 10 Jun 2003 11:42:53 -0600 Subject: [ppml] INADDR access should be axfr off all the INADDR DNS servers (WAS) A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: References: Message-ID: <2147483647.1055245373@[192.168.255.1]> --On Tuesday, June 10, 2003 10:36 -0700 Bill Woodcock wrote: > > If I believed that, you'd have a bridge to sell me. > > AXFR is handled by separate hosts than production queries in every major > TLD operation I know of. So there's no performance impact between the > two. That doesn't change the fact that it is a larger load on a DNS server than it is an FTP or WWW server. Alec -- Alec H. Peterson -- ahp at hilander.com Chief Technology Officer Catbird Networks, http://www.catbird.com From john at chagres.net Tue Jun 10 14:26:42 2003 From: john at chagres.net (John M. Brown) Date: Tue, 10 Jun 2003 12:26:42 -0600 Subject: [ppml] INADDR access should be axfr off all the INADDR DNS servers (WAS) A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <2147483647.1055244256@[192.168.255.1]> Message-ID: <000a01c32f7d$d76abd20$7d7ba8c0@laptoy> AXFR is not the answer, and I wouldn't support that process. Daily FTP access to .gz is just fine. As long as the data is whats being loaded towards arin's NS's john brown > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of Alec H. Peterson > Sent: Tuesday, June 10, 2003 11:24 AM > To: Joe Baptista; ARIN Public Policy List ppml > Subject: Re: [ppml] INADDR access should be axfr off all the > INADDR DNS servers (WAS) A proposal to modify proposal 2003-9 > (WHOIS and INADDR access) > > > AXFR places far more load on a DNS server than an FTP > download places on an > FTP server. > > When a DNS server serves an AXFR request, it has to build what it is > sending on the fly, out of the copy that it has in its > database (be that > database in-core or somwhere else). All an FTP server needs > to do is read > the data off of disk and spew it out a TCP socket. > > This is why the various large TLDs do not provide access to > their zones via > AXFR. FTP (or HTTP or whatever) is a far more efficient > method to serve a > large chunk of data. > > Alec > > --On Tuesday, June 10, 2003 12:32 -0400 Joe Baptista > > wrote: > > > > > Frankly I think restricting access to the INADDR zone is > lunacy. What > > if all the INADDR servers are under attack and reverse > resolution goes > > offline. Would it not be nice if ISP's had the option of > slaving the > > zone via axfr. > > > > Of course the zone is now a mess. And I did not give > permission nor > > have any of the legacy ipv4 allocations been given an > opportunity to > > comment. > > > > It was my understanding that our reverse resolution was > IN-ADDR.arpa. > > Now I find out we no longer have our allocation listed in the > > IN-ADDR.arpa zone. Instead in one case we now are listed in the > > 199.IN-ADDR.arpa zone. and so on and so forth. It seems > that arin has > > taken over our zones without our permission, consent or > knowledge. I > > never agreed to this when we applied for our direct > allocations. Does > > anyone know. What are the legal ramification of the RIR > taking over > > legacy IN-ADDR.arpa zones. Was there a policy covering this? > > > > In any case dividing the IN-ADDR.arpa into zones controlled > by the RIR > > is not in my opinion good policy. In order to avoid > disaster in case > > of attack against the IN-ADDR.arpa zone it would be prudent > for isp's > > to have the ability to slave the zone. but the way it's > now divided > > up is a nighmare to anyone since you have to slave bits and > pieces of > > it and that provided the RIR's have axfr turned on, and you > know which > > zones you want to slave and which RIR carries it. What nonsense. > > > > I personally used to slave IN-ADDR.arpa and now i can't > anymore since > > it no longer provides the security needed to avoid a > potential attach > > againt the IN-ADDR.arpa servers. The RIR being in the middle have > > messed it up. > > > > -- > Alec H. Peterson -- ahp at hilander.com > Chief Technology Officer > Catbird Networks, http://www.catbird.com > From john at chagres.net Tue Jun 10 14:28:53 2003 From: john at chagres.net (John M. Brown) Date: Tue, 10 Jun 2003 12:28:53 -0600 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <390E55B947E7C848898AEBB9E5077060014EAB5A@msmdcfs01.msmgmt.com> Message-ID: <000b01c32f7e$260607a0$7d7ba8c0@laptoy> Ummm, SMP multi-threaded is such a wonderful thing. > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of McBurnett, Jim > Sent: Tuesday, June 10, 2003 11:25 AM > To: Owen DeLong; ppml at arin.net > Subject: RE: [ppml] A proposal to modify proposal 2003-9 > (WHOIS and INADDR access) > > > Owen, > I agree with the availability.. > And to take that one step farther. > Should ARIN decide not to make it available, I foresee what > you have said: Repetive DNS server hits. HMM.. I see a script > in the works... > I imagine a script could pull down the entire database in a > week.. And not load the server too much..... > > And finally, Policies? if ARIN needs a Policy for everything, > then how will they every get anything done... > But honestly, I think this whole topic is about justifing > workload or preventing workload. let's get the label right..... > > J > > -----Original Message----- > From: Owen DeLong [mailto:owen at delong.com] > Sent: Tuesday, June 10, 2003 12:09 PM > To: ppml at arin.net > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > (WHOIS and INADDR access) > > > OK... I guess I'll throw my hat in the ring here... > > I think that the IN-ADDR data should be provided. If ARIN > staff feels a policy is needed, then I think two things have > happened... > > 1. ARIN staff has become too policy focused. IN-ADDR can > be easily mapped by repeatedly hitting the DNS servers > and there are no privacy issues with it. The > data should > simply be made available. As such, I hope this > will provide > the impetus for RichardJ to get whatever approvals are > necessary from ARIN Management/BOD to make this > happen without > policy. > > 2. We have discovered the need for additional > clarification to > the ARIN staff of what should and should not require > formal public policies to accomplish. > > Personally, I think that the ARIN IN-ADDR zone file(s) should be made > available > via FTP and/or HTTP and that should be the end of it. > > However, I am not diametrically opposed to applying the same > AUP to WHOIS > and IN-ADDR. I think it is policy overkill, but, it's > certainly better than not having the IN-ADDR information > available at all. > > Owen > > > --On Tuesday, June 10, 2003 4:39 AM -0600 John Brown > > wrote: > > > On Tue, Jun 10, 2003 at 12:44:26AM -0700, william at elan.net wrote: > >> > >> Fine, lets get ARIN to listen and provide the data for all > other /8 > >> blocks! > > > > I think that is an over statment, and certainly not something > I'm asking > > for. ARIN was clearly specifide and not the other RIR's. For > them they > > each have their proper venue, and its not here. > > > > > >> > >> Still the question is do we need a policy for this? If we do > should it > >> actually require authentication similar to bulk whois to get > the data or > >> is current system of getting it by ftp enough? > > > > Based on email from ARIN staff last fall, they used to > provide the data > > upon request, but started refusing the data until there was a > policy in > > place. > > > > The ARIN AC (post my resignation) did not feel it was > something in their > > scope as defined by the board. THe board has said that the AC is to > > deal with clear and crisp IP allocation policies only. I > think even > > the whois is not within their view based on the direction > from the board. > > > > > >> > >> In my opinion adding in-addr to bulk-whois proposal is both not > >> approriate as whois data is a lot more complex and has > rather specific > >> privacy issues, its unnecessory and it sounds bad as far as > you wrote it > >> (i.e. what you proposed - "arin whois inaddr aup"). > > > > I agree, WHOIS is more complex and has privacy issues. Hence > the IN-ADDR > > should be an easy issue to deal with. > > > > I don't believe I used those words you are attributing to > me. Please > > correct or quote correctly.... > > > > What I stated is that access to the whois OR inaddr carried > with it the > > same level of restrictions and conditions. This would be > more protection > > for the IN-ADDR and continue to protect the whois data. > > > > > > > >> First I think we need to ask ARIN if they are willing to > get all the > >> inaddr data out on their ftp site on their own based on > current polices > >> and procedures (they do after all provide entire ASN list > including all > >> those ASNs they inherited from Internic, so why is it so > different for > >> inaddr?). If they do not want to do it, then propose a > simple policy: > >> "ARIN will provide public access to complete INADDR data > for all ip > >> blocks in its database for public download by ftp" > > > > Well todate ARIN has refused to provide IN-ADDR lacking a > policy. I can > > dig up the email from ARIN staff issued last fall, if needed. > > > > Agreed they have the ASN data, the IN-ADDR seems easy as well > since they > > have to gen the zone for their NS set anyway. > > > > Personally I believe that ARIN should have an AUP for this data. > > > > John Brown > > > >> > >> > > -----Original Message----- > >> > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] > On Behalf > >> > > Of william at elan.net > >> > > Sent: Monday, June 09, 2003 11:44 PM > >> > > To: John M. Brown > >> > > Cc: ppml at arin.net > >> > > Subject: Re: [ppml] A proposal to modify proposal > 2003-9 (WHOIS > >> > > and INADDR access) > >> > > > >> > > > >> > > Why do you need policy for providing in-addr data as bulk? I > >> > > think ARIN already provides this all publicly as it, see > >> > > ftp://ftp.arin.net/pub/zones > >> > > > >> > > Do you need something more then > >> > > that? > >> > > > >> > > On Mon, 9 Jun 2003, John M. Brown wrote: > >> > > > >> > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > >> > > be published > >> > > > on > >> > > > ARIN website as follows: > >> > > > > >> > > > "Access to the entire WHOIS or ARIN INADDR database or > >> > > large portion > >> > > > of > >> > > > it may be obtained by any organization or individual > >> > > provided that this > >> > > > organization or individual agrees in writing to ARIN > WHOIS/INADDR > >> > > > Acceptable > >> > > > Use Policy. WHOIS or ARIN INADDR data provided under bulk > >> > > WHOIS access > >> > > > will not include any information that is marked as private. > >> > > > > >> > > > Access to WHOIS/INADDR data may be by way of: > >> > > > > >> > > > Individual WHOIS/DNS queries > >> > > > > >> > > > FTP or other type of download > >> > > > > >> > > > Hard media distribution (such as CDROM) > >> > > > > >> > > > > >> > > > ----- > >> > > > > >> > > > Given that ARIN now has policy 2002-1 Lame In-addr, > >> > > providing access > >> > > > to the in-addr view that ARIN has would be useful for > the internet > >> > > > operational and research community, and help reduce lame > >> > > issues. This > >> > > > access would allow service providers access to the > IN-ADDR tree > >> > > > and allow them to self verify what deligations they > are listed as > >> > > > authoritative for. It would allow the research > community a better > >> > > > source of data for research and other activities. > >> > > > > >> > > > > >> > > > respectfully, > >> > > > > >> > > > john brown > >> > > > >> > > From william at elan.net Tue Jun 10 13:41:34 2003 From: william at elan.net (william at elan.net) Date: Tue, 10 Jun 2003 10:41:34 -0700 (PDT) Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <390E55B947E7C848898AEBB9E5077060014EAB5A@msmdcfs01.msmgmt.com> Message-ID: On Tue, 10 Jun 2003, McBurnett, Jim wrote: > And finally, Policies? if ARIN needs a Policy for everything, > then how will they every get anything done... > But honestly, I think this whole topic is about justifing > workload or preventing workload. let's get the label right..... What workload??? They already have these zone files as they use them in the dns server. The "workload" involves setting a cron to copy them daily to publicly available ftp or web server... I simply do not understand why ARIN makes some zone files publicly available already and not others. There seems to be some kind of other reason (not "workload") behind them not putting the rest of the zone files up and I'd like to know what it is. > -----Original Message----- > From: Owen DeLong [mailto:owen at delong.com] > Sent: Tuesday, June 10, 2003 12:09 PM > To: ppml at arin.net > Subject: Re: [ppml] A proposal to modify proposal 2003-9 (WHOIS and > INADDR access) > > > OK... I guess I'll throw my hat in the ring here... > > I think that the IN-ADDR data should be provided. If ARIN staff feels > a policy is needed, then I think two things have happened... > > 1. ARIN staff has become too policy focused. IN-ADDR can > be easily mapped by repeatedly hitting the DNS servers > and there are no privacy issues with it. The > data should > simply be made available. As such, I hope this > will provide > the impetus for RichardJ to get whatever approvals are > necessary from ARIN Management/BOD to make this > happen without > policy. > > 2. We have discovered the need for additional > clarification to > the ARIN staff of what should and should not require > formal public policies to accomplish. > > Personally, I think that the ARIN IN-ADDR zone file(s) should be made > available > via FTP and/or HTTP and that should be the end of it. > > However, I am not diametrically opposed to applying the same > AUP to WHOIS > and IN-ADDR. I think it is policy overkill, but, it's certainly better > than not having the IN-ADDR information available at all. > > Owen > > > --On Tuesday, June 10, 2003 4:39 AM -0600 John Brown > wrote: > > > On Tue, Jun 10, 2003 at 12:44:26AM -0700, william at elan.net wrote: > >> > >> Fine, lets get ARIN to listen and provide the data for all other /8 > >> blocks! > > > > I think that is an over statment, and certainly not something > I'm asking > > for. ARIN was clearly specifide and not the other RIR's. For > them they > > each have their proper venue, and its not here. > > > > > >> > >> Still the question is do we need a policy for this? If we do > should it > >> actually require authentication similar to bulk whois to get > the data or > >> is current system of getting it by ftp enough? > > > > Based on email from ARIN staff last fall, they used to > provide the data > > upon request, but started refusing the data until there was a > policy in > > place. > > > > The ARIN AC (post my resignation) did not feel it was > something in their > > scope as defined by the board. THe board has said that the AC is to > > deal with clear and crisp IP allocation policies only. I think even > > the whois is not within their view based on the direction > from the board. > > > > > >> > >> In my opinion adding in-addr to bulk-whois proposal is both not > >> approriate as whois data is a lot more complex and has > rather specific > >> privacy issues, its unnecessory and it sounds bad as far as > you wrote it > >> (i.e. what you proposed - "arin whois inaddr aup"). > > > > I agree, WHOIS is more complex and has privacy issues. Hence > the IN-ADDR > > should be an easy issue to deal with. > > > > I don't believe I used those words you are attributing to me. Please > > correct or quote correctly.... > > > > What I stated is that access to the whois OR inaddr carried > with it the > > same level of restrictions and conditions. This would be > more protection > > for the IN-ADDR and continue to protect the whois data. > > > > > > > >> First I think we need to ask ARIN if they are willing to get all the > >> inaddr data out on their ftp site on their own based on > current polices > >> and procedures (they do after all provide entire ASN list > including all > >> those ASNs they inherited from Internic, so why is it so > different for > >> inaddr?). If they do not want to do it, then propose a simple policy: > >> "ARIN will provide public access to complete INADDR data for all ip > >> blocks in its database for public download by ftp" > > > > Well todate ARIN has refused to provide IN-ADDR lacking a > policy. I can > > dig up the email from ARIN staff issued last fall, if needed. > > > > Agreed they have the ASN data, the IN-ADDR seems easy as well > since they > > have to gen the zone for their NS set anyway. > > > > Personally I believe that ARIN should have an AUP for this data. > > > > John Brown > > > >> > >> > > -----Original Message----- > >> > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > >> > > Behalf Of william at elan.net > >> > > Sent: Monday, June 09, 2003 11:44 PM > >> > > To: John M. Brown > >> > > Cc: ppml at arin.net > >> > > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > >> > > (WHOIS and INADDR access) > >> > > > >> > > > >> > > Why do you need policy for providing in-addr data as bulk? I > >> > > think ARIN > >> > > already provides this all publicly as it, see > >> > > ftp://ftp.arin.net/pub/zones > >> > > > >> > > Do you need something more then > >> > > that? > >> > > > >> > > On Mon, 9 Jun 2003, John M. Brown wrote: > >> > > > >> > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > >> > > be published > >> > > > on > >> > > > ARIN website as follows: > >> > > > > >> > > > "Access to the entire WHOIS or ARIN INADDR database or > >> > > large portion > >> > > > of > >> > > > it may be obtained by any organization or individual > >> > > provided that this > >> > > > organization or individual agrees in writing to ARIN > WHOIS/INADDR > >> > > > Acceptable > >> > > > Use Policy. WHOIS or ARIN INADDR data provided under bulk > >> > > WHOIS access > >> > > > will not include any information that is marked as private. > >> > > > > >> > > > Access to WHOIS/INADDR data may be by way of: > >> > > > > >> > > > Individual WHOIS/DNS queries > >> > > > > >> > > > FTP or other type of download > >> > > > > >> > > > Hard media distribution (such as CDROM) > >> > > > > >> > > > > >> > > > ----- > >> > > > > >> > > > Given that ARIN now has policy 2002-1 Lame In-addr, > >> > > providing access > >> > > > to the in-addr view that ARIN has would be useful for > the internet > >> > > > operational and research community, and help reduce lame > >> > > issues. This > >> > > > access would allow service providers access to the IN-ADDR tree > >> > > > and allow them to self verify what deligations they > are listed as > >> > > > authoritative for. It would allow the research > community a better > >> > > > source of data for research and other activities. > >> > > > > >> > > > > >> > > > respectfully, > >> > > > > >> > > > john brown > >> > > From jmcburnett at msmgmt.com Tue Jun 10 16:58:12 2003 From: jmcburnett at msmgmt.com (McBurnett, Jim) Date: Tue, 10 Jun 2003 16:58:12 -0400 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) Message-ID: <390E55B947E7C848898AEBB9E5077060014EAB66@msmdcfs01.msmgmt.com> William, My point is: Pretend I am ARIN saying this: Why should I do anything unless the entire community agrees that I do it? Now to push that farther--- What does it take for the "COMMUNITY" to agree-- Policy... Hence They are trying to stop something from becoming work... I know it takes just a cron... But can they do it? I have seen on here in the past about how easy many of us say it is to create an automated engine for IP assignment, and they can't do that... And yes I agree.. There is some kind of reason to prevent all of it from going on the net.. And yes they are hiding behind policy-- or so it seems to me...... Whether is be a skeleton, or they are afraid it will create lots of work after everyone tells them the data is so bad thay have to clean it up there has to be a reason... But now the question of the hour--- Alec, Richard--- Et al... WHAT IS IT? J -----Original Message----- From: william at elan.net [mailto:william at elan.net] Sent: Tuesday, June 10, 2003 1:42 PM To: ppml at arin.net Subject: RE: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) On Tue, 10 Jun 2003, McBurnett, Jim wrote: > And finally, Policies? if ARIN needs a Policy for everything, > then how will they every get anything done... > But honestly, I think this whole topic is about justifing > workload or preventing workload. let's get the label right..... What workload??? They already have these zone files as they use them in the dns server. The "workload" involves setting a cron to copy them daily to publicly available ftp or web server... I simply do not understand why ARIN makes some zone files publicly available already and not others. There seems to be some kind of other reason (not "workload") behind them not putting the rest of the zone files up and I'd like to know what it is. > -----Original Message----- > From: Owen DeLong [mailto:owen at delong.com] > Sent: Tuesday, June 10, 2003 12:09 PM > To: ppml at arin.net > Subject: Re: [ppml] A proposal to modify proposal 2003-9 (WHOIS and > INADDR access) > > > OK... I guess I'll throw my hat in the ring here... > > I think that the IN-ADDR data should be provided. If ARIN staff feels > a policy is needed, then I think two things have happened... > > 1. ARIN staff has become too policy focused. IN-ADDR can > be easily mapped by repeatedly hitting the DNS servers > and there are no privacy issues with it. The > data should > simply be made available. As such, I hope this > will provide > the impetus for RichardJ to get whatever approvals are > necessary from ARIN Management/BOD to make this > happen without > policy. > > 2. We have discovered the need for additional > clarification to > the ARIN staff of what should and should not require > formal public policies to accomplish. > > Personally, I think that the ARIN IN-ADDR zone file(s) should be made > available > via FTP and/or HTTP and that should be the end of it. > > However, I am not diametrically opposed to applying the same > AUP to WHOIS > and IN-ADDR. I think it is policy overkill, but, it's certainly better > than not having the IN-ADDR information available at all. > > Owen > > > --On Tuesday, June 10, 2003 4:39 AM -0600 John Brown > wrote: > > > On Tue, Jun 10, 2003 at 12:44:26AM -0700, william at elan.net wrote: > >> > >> Fine, lets get ARIN to listen and provide the data for all other /8 > >> blocks! > > > > I think that is an over statment, and certainly not something > I'm asking > > for. ARIN was clearly specifide and not the other RIR's. For > them they > > each have their proper venue, and its not here. > > > > > >> > >> Still the question is do we need a policy for this? If we do > should it > >> actually require authentication similar to bulk whois to get > the data or > >> is current system of getting it by ftp enough? > > > > Based on email from ARIN staff last fall, they used to > provide the data > > upon request, but started refusing the data until there was a > policy in > > place. > > > > The ARIN AC (post my resignation) did not feel it was > something in their > > scope as defined by the board. THe board has said that the AC is to > > deal with clear and crisp IP allocation policies only. I think even > > the whois is not within their view based on the direction > from the board. > > > > > >> > >> In my opinion adding in-addr to bulk-whois proposal is both not > >> approriate as whois data is a lot more complex and has > rather specific > >> privacy issues, its unnecessory and it sounds bad as far as > you wrote it > >> (i.e. what you proposed - "arin whois inaddr aup"). > > > > I agree, WHOIS is more complex and has privacy issues. Hence > the IN-ADDR > > should be an easy issue to deal with. > > > > I don't believe I used those words you are attributing to me. Please > > correct or quote correctly.... > > > > What I stated is that access to the whois OR inaddr carried > with it the > > same level of restrictions and conditions. This would be > more protection > > for the IN-ADDR and continue to protect the whois data. > > > > > > > >> First I think we need to ask ARIN if they are willing to get all the > >> inaddr data out on their ftp site on their own based on > current polices > >> and procedures (they do after all provide entire ASN list > including all > >> those ASNs they inherited from Internic, so why is it so > different for > >> inaddr?). If they do not want to do it, then propose a simple policy: > >> "ARIN will provide public access to complete INADDR data for all ip > >> blocks in its database for public download by ftp" > > > > Well todate ARIN has refused to provide IN-ADDR lacking a > policy. I can > > dig up the email from ARIN staff issued last fall, if needed. > > > > Agreed they have the ASN data, the IN-ADDR seems easy as well > since they > > have to gen the zone for their NS set anyway. > > > > Personally I believe that ARIN should have an AUP for this data. > > > > John Brown > > > >> > >> > > -----Original Message----- > >> > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > >> > > Behalf Of william at elan.net > >> > > Sent: Monday, June 09, 2003 11:44 PM > >> > > To: John M. Brown > >> > > Cc: ppml at arin.net > >> > > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > >> > > (WHOIS and INADDR access) > >> > > > >> > > > >> > > Why do you need policy for providing in-addr data as bulk? I > >> > > think ARIN > >> > > already provides this all publicly as it, see > >> > > ftp://ftp.arin.net/pub/zones > >> > > > >> > > Do you need something more then > >> > > that? > >> > > > >> > > On Mon, 9 Jun 2003, John M. Brown wrote: > >> > > > >> > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > >> > > be published > >> > > > on > >> > > > ARIN website as follows: > >> > > > > >> > > > "Access to the entire WHOIS or ARIN INADDR database or > >> > > large portion > >> > > > of > >> > > > it may be obtained by any organization or individual > >> > > provided that this > >> > > > organization or individual agrees in writing to ARIN > WHOIS/INADDR > >> > > > Acceptable > >> > > > Use Policy. WHOIS or ARIN INADDR data provided under bulk > >> > > WHOIS access > >> > > > will not include any information that is marked as private. > >> > > > > >> > > > Access to WHOIS/INADDR data may be by way of: > >> > > > > >> > > > Individual WHOIS/DNS queries > >> > > > > >> > > > FTP or other type of download > >> > > > > >> > > > Hard media distribution (such as CDROM) > >> > > > > >> > > > > >> > > > ----- > >> > > > > >> > > > Given that ARIN now has policy 2002-1 Lame In-addr, > >> > > providing access > >> > > > to the in-addr view that ARIN has would be useful for > the internet > >> > > > operational and research community, and help reduce lame > >> > > issues. This > >> > > > access would allow service providers access to the IN-ADDR tree > >> > > > and allow them to self verify what deligations they > are listed as > >> > > > authoritative for. It would allow the research > community a better > >> > > > source of data for research and other activities. > >> > > > > >> > > > > >> > > > respectfully, > >> > > > > >> > > > john brown > >> > > From bmanning at karoshi.com Tue Jun 10 17:00:16 2003 From: bmanning at karoshi.com (bmanning at karoshi.com) Date: Tue, 10 Jun 2003 14:00:16 -0700 (PDT) Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR In-Reply-To: from "william@elan.net" at Jun 10, 2003 10:41:34 AM Message-ID: <200306102100.h5AL0Gh25583@karoshi.com> a couple of data points. from its inception (4q1997) through 3q2001, arin allowed zone transfers of all in-addr data. in 4q2001, arin started blocking zone transfers. --bill From richardj at arin.net Tue Jun 10 17:08:19 2003 From: richardj at arin.net (Richard Jimmerson) Date: Tue, 10 Jun 2003 17:08:19 -0400 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <000601c32f38$dfb0b600$feecdfd8@laptoy> Message-ID: <004b01c32f94$6ad44f70$548888c0@arin.net> Hello John, > > ftp://ftp.arin.net/pub/zones > because that URL does not provide complete data and > is only for a specific project, per richardj (6-6-03). Yes. Information published at this location is in support of the Early Registration Transfer (ERX) project. We only publish zone information there for which we are generating merged zone files. The information is there for the RIRs and to allow participants from the merged zones to verify that their data is getting merged properly. As new /8s are included in the ERX project, information is published to the ftp directory cited above. Would a gz file of the reversed mapped domains that ARIN manages available on an FTP site meet your needs? Do you think there should be an AUP for this? Richard Jimmerson Director of Operations American Registry for Internet Numbers (ARIN) > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of John M. Brown > Sent: Tuesday, June 10, 2003 6:13 AM > To: william at elan.net > Cc: ppml at arin.net > Subject: RE: [ppml] A proposal to modify proposal 2003-9 > (WHOIS and INADDR access) > > > because that URL does not provide complete data and > is only for a specific project, per richardj (6-6-03). > > research the allocated space as listed at > http://www.iana.org/assignments/ipv4-address-space > > and you will find the ftp site is missing a good chuck > of space. > > > > > -----Original Message----- > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > > Behalf Of william at elan.net > > Sent: Monday, June 09, 2003 11:44 PM > > To: John M. Brown > > Cc: ppml at arin.net > > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > > (WHOIS and INADDR access) > > > > > > Why do you need policy for providing in-addr data as bulk? I > > think ARIN > > already provides this all publicly as it, see > > ftp://ftp.arin.net/pub/zones > > > > Do you need something more then > > that? > > > > On Mon, 9 Jun 2003, John M. Brown wrote: > > > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > > be published > > > on > > > ARIN website as follows: > > > > > > "Access to the entire WHOIS or ARIN INADDR database or > > large portion > > > of > > > it may be obtained by any organization or individual > > provided that this > > > organization or individual agrees in writing to ARIN WHOIS/INADDR > > > Acceptable Use Policy. WHOIS or ARIN INADDR data provided > under bulk > > WHOIS access > > > will not include any information that is marked as private. > > > > > > Access to WHOIS/INADDR data may be by way of: > > > > > > Individual WHOIS/DNS queries > > > > > > FTP or other type of download > > > > > > Hard media distribution (such as CDROM) > > > > > > > > > ----- > > > > > > Given that ARIN now has policy 2002-1 Lame In-addr, > > providing access > > > to the in-addr view that ARIN has would be useful for the internet > > > operational and research community, and help reduce lame > > issues. This > > > access would allow service providers access to the > IN-ADDR tree and > > > allow them to self verify what deligations they are listed as > > > authoritative for. It would allow the research community > a better > > > source of data for research and other activities. > > > > > > > > > respectfully, > > > > > > john brown > > > From owen at delong.com Tue Jun 10 17:56:00 2003 From: owen at delong.com (Owen DeLong) Date: Tue, 10 Jun 2003 14:56:00 -0700 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <004b01c32f94$6ad44f70$548888c0@arin.net> References: <004b01c32f94$6ad44f70$548888c0@arin.net> Message-ID: <913705195.1055256960@dhcp156-215.corp.tellme.com> I don't see a need for an AUP given that the data is all publicly available by hammering the name servers. Unlike the whois servers which can easily be throttled, the nameservers would degrade service to legitimate users. Personally, I think a .tar.gz of the zone files would be quite adequate. FTP and/or HTTP is fine. Owen --On Tuesday, June 10, 2003 17:08 -0400 Richard Jimmerson wrote: > Hello John, > >> > ftp://ftp.arin.net/pub/zones >> because that URL does not provide complete data and >> is only for a specific project, per richardj (6-6-03). > > Yes. Information published at this location is in support > of the Early Registration Transfer (ERX) project. We only > publish zone information there for which we are generating > merged zone files. The information is there for the RIRs > and to allow participants from the merged zones to verify > that their data is getting merged properly. As new /8s are > included in the ERX project, information is published to the > ftp directory cited above. > > Would a gz file of the reversed mapped domains that ARIN > manages available on an FTP site meet your needs? Do you > think there should be an AUP for this? > > Richard Jimmerson > Director of Operations > American Registry for Internet Numbers (ARIN) > > >> -----Original Message----- >> From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On >> Behalf Of John M. Brown >> Sent: Tuesday, June 10, 2003 6:13 AM >> To: william at elan.net >> Cc: ppml at arin.net >> Subject: RE: [ppml] A proposal to modify proposal 2003-9 >> (WHOIS and INADDR access) >> >> >> because that URL does not provide complete data and >> is only for a specific project, per richardj (6-6-03). >> >> research the allocated space as listed at >> http://www.iana.org/assignments/ipv4-address-space >> >> and you will find the ftp site is missing a good chuck >> of space. >> >> >> >> > -----Original Message----- >> > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On >> > Behalf Of william at elan.net >> > Sent: Monday, June 09, 2003 11:44 PM >> > To: John M. Brown >> > Cc: ppml at arin.net >> > Subject: Re: [ppml] A proposal to modify proposal 2003-9 >> > (WHOIS and INADDR access) >> > >> > >> > Why do you need policy for providing in-addr data as bulk? I >> > think ARIN >> > already provides this all publicly as it, see >> > ftp://ftp.arin.net/pub/zones >> > >> > Do you need something more then >> > that? >> > >> > On Mon, 9 Jun 2003, John M. Brown wrote: >> > >> > > 3. A policy for bulk WHOIS and or ARIN INADDR access will >> > be published >> > > on >> > > ARIN website as follows: >> > > >> > > "Access to the entire WHOIS or ARIN INADDR database or >> > large portion >> > > of >> > > it may be obtained by any organization or individual >> > provided that this >> > > organization or individual agrees in writing to ARIN WHOIS/INADDR >> > > Acceptable Use Policy. WHOIS or ARIN INADDR data provided >> under bulk >> > WHOIS access >> > > will not include any information that is marked as private. >> > > >> > > Access to WHOIS/INADDR data may be by way of: >> > > >> > > Individual WHOIS/DNS queries >> > > >> > > FTP or other type of download >> > > >> > > Hard media distribution (such as CDROM) >> > > >> > > >> > > ----- >> > > >> > > Given that ARIN now has policy 2002-1 Lame In-addr, >> > providing access >> > > to the in-addr view that ARIN has would be useful for the internet >> > > operational and research community, and help reduce lame >> > issues. This >> > > access would allow service providers access to the >> IN-ADDR tree and >> > > allow them to self verify what deligations they are listed as >> > > authoritative for. It would allow the research community >> a better >> > > source of data for research and other activities. >> > > >> > > >> > > respectfully, >> > > >> > > john brown >> > >> > From john at chagres.net Tue Jun 10 18:18:25 2003 From: john at chagres.net (John M. Brown) Date: Tue, 10 Jun 2003 16:18:25 -0600 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: Message-ID: <000b01c32f9e$36636e10$feecdfd8@laptoy> > On Tue, 10 Jun 2003, McBurnett, Jim wrote: > > > And finally, Policies? if ARIN needs a Policy for everything, > > then how will they every get anything done... > > But honestly, I think this whole topic is about justifing > > workload or preventing workload. let's get the label right..... > On Tuesday William said this to Jim's post: > What workload??? They already have these zone files as they > use them in > the dns server. The "workload" involves setting a cron to copy them > daily to publicly available ftp or web server... Not respecting that there is infact a certain amount of workload is wrong. The ARIN STAFF has always done good solid work and its generally a thankless job. Work load would include: Assuring the cron worked each day and that something didn't get mucked up Assuring that the additional file transfer load didn't affect other services on the FTP server. I'm sure there are a couple of other items that I'm missing. So, there is work load. > I simply do not understand why ARIN makes some zone files publicly > available already and not others. There seems to be some kind > of other reason (not "workload") behind them not putting the rest of > the zone files up and I'd like to know what it is. I agree, I'm not sure why they stopped making this data available when previously requested. From john at chagres.net Tue Jun 10 18:19:52 2003 From: john at chagres.net (John M. Brown) Date: Tue, 10 Jun 2003 16:19:52 -0600 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR In-Reply-To: <200306102100.h5AL0Gh25583@karoshi.com> Message-ID: <000f01c32f9e$69c51dd0$feecdfd8@laptoy> ARIN also stopped providing zone files via FTP in 4q2002 I would not suggest that ARIN provide zone files via AXFR. I do not think thats scaleable. > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of bmanning at karoshi.com > Sent: Tuesday, June 10, 2003 3:00 PM > To: william at elan.net > Cc: ppml at arin.net > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > (WHOIS and INADDR > > > > a couple of data points. > > from its inception (4q1997) through 3q2001, arin allowed zone > transfers of all in-addr data. in 4q2001, arin started > blocking zone transfers. > > --bill > From john at chagres.net Tue Jun 10 18:32:22 2003 From: john at chagres.net (John M. Brown) Date: Tue, 10 Jun 2003 16:32:22 -0600 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <004b01c32f94$6ad44f70$548888c0@arin.net> Message-ID: <001001c32fa0$28feb5c0$feecdfd8@laptoy> Yes a .GZ file called arin.inaddr.zone.gz accessible via FTP and updated daily would be perfect. I believe that an AUP is in order to protect ARIN's systems from abuse and to allow ARIN the ability to prevent someone continuing to abuse. Attachment 14 or N of the gTLD ICANN Registry Agreement seems reasonable to me. As an example. http://www.icann.org/tlds/agreements/org/registry-agmt-appn-22oct02.htm Whats nice about this agreement is that its ongoing. Don't need to sign an agreement each time you want the data. Would be nice if the WHOIS data had an annual agreement that way you don't have to request each and every time. This agreement gives ARIN the ability to terminate access should someone start doing things not permitted in the agreement, and the ability to restrict access to once per day. I'd hate to see someone slam the FTP server with down load requests every hour. Part of the issue here, I think, is that by having a clear and simple AUP, everyone knows what the rules are and there can't be any (well can't is a strong word ;)) finger waving if someone is yanked from the system. Having no policy could create the issue of a decision being arbitrary, that's worse, IMHO. Let me know when I can get that GZ file :) john brown > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of Richard Jimmerson > Sent: Tuesday, June 10, 2003 3:08 PM > To: ppml at arin.net > Subject: RE: [ppml] A proposal to modify proposal 2003-9 > (WHOIS and INADDR access) > > > Hello John, > > > > ftp://ftp.arin.net/pub/zones > > because that URL does not provide complete data and > > is only for a specific project, per richardj (6-6-03). > > Yes. Information published at this location is in support > of the Early Registration Transfer (ERX) project. We only > publish zone information there for which we are generating > merged zone files. The information is there for the RIRs > and to allow participants from the merged zones to verify > that their data is getting merged properly. As new /8s are > included in the ERX project, information is published to the > ftp directory cited above. > > Would a gz file of the reversed mapped domains that ARIN > manages available on an FTP site meet your needs? Do you > think there should be an AUP for this? > > Richard Jimmerson > Director of Operations > American Registry for Internet Numbers (ARIN) > > > > -----Original Message----- > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > > Behalf Of John M. Brown > > Sent: Tuesday, June 10, 2003 6:13 AM > > To: william at elan.net > > Cc: ppml at arin.net > > Subject: RE: [ppml] A proposal to modify proposal 2003-9 > > (WHOIS and INADDR access) > > > > > > because that URL does not provide complete data and > > is only for a specific project, per richardj (6-6-03). > > > > research the allocated space as listed at > > http://www.iana.org/assignments/ipv4-address-space > > > > and you will find the ftp site is missing a good chuck > > of space. > > > > > > > > > -----Original Message----- > > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of > > > william at elan.net > > > Sent: Monday, June 09, 2003 11:44 PM > > > To: John M. Brown > > > Cc: ppml at arin.net > > > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > > > (WHOIS and INADDR access) > > > > > > > > > Why do you need policy for providing in-addr data as > bulk? I think > > > ARIN already provides this all publicly as it, see > > > ftp://ftp.arin.net/pub/zones > > > > > > Do you need something more then > > > that? > > > > > > On Mon, 9 Jun 2003, John M. Brown wrote: > > > > > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > > > be published > > > > on > > > > ARIN website as follows: > > > > > > > > "Access to the entire WHOIS or ARIN INADDR database or > > > large portion > > > > of > > > > it may be obtained by any organization or individual > > > provided that this > > > > organization or individual agrees in writing to ARIN > WHOIS/INADDR > > > > Acceptable Use Policy. WHOIS or ARIN INADDR data provided > > under bulk > > > WHOIS access > > > > will not include any information that is marked as private. > > > > > > > > Access to WHOIS/INADDR data may be by way of: > > > > > > > > Individual WHOIS/DNS queries > > > > > > > > FTP or other type of download > > > > > > > > Hard media distribution (such as CDROM) > > > > > > > > > > > > ----- > > > > > > > > Given that ARIN now has policy 2002-1 Lame In-addr, > > > providing access > > > > to the in-addr view that ARIN has would be useful for > the internet > > > > operational and research community, and help reduce lame > > > issues. This > > > > access would allow service providers access to the > > IN-ADDR tree and > > > > allow them to self verify what deligations they are listed as > > > > authoritative for. It would allow the research community > > a better > > > > source of data for research and other activities. > > > > > > > > > > > > respectfully, > > > > > > > > john brown > > > > > > From ibaker at codecutters.org Tue Jun 10 18:33:18 2003 From: ibaker at codecutters.org (Ian Baker) Date: Tue, 10 Jun 2003 23:33:18 +0100 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) References: <004b01c32f94$6ad44f70$548888c0@arin.net> <913705195.1055256960@dhcp156-215.corp.tellme.com> Message-ID: <005f01c32fa0$4d3779e0$642fa8c0@codecutters.org> Owen, Absolutely. (Speaking as someone who sought a legitimate way out of the throttle limit ;o) DNS is, IMHO, a somewhat different proposition to the WHOIS data under current discussion. (Sorry if that sounds in any way brash - not my intention. As I said, newbie here..) Regards, Ian Baker EMEA Support Manager OpenConnect Systems Ltd. ----- Original Message ----- From: "Owen DeLong" To: ; Sent: Tuesday, June 10, 2003 10:56 PM Subject: RE: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) > I don't see a need for an AUP given that the data is all publicly > available by hammering the name servers. Unlike the whois servers > which can easily be throttled, the nameservers would degrade service > to legitimate users. Personally, I think a .tar.gz of the zone files > would be quite adequate. FTP and/or HTTP is fine. > > Owen > > > --On Tuesday, June 10, 2003 17:08 -0400 Richard Jimmerson > wrote: > > > Hello John, > > > >> > ftp://ftp.arin.net/pub/zones > >> because that URL does not provide complete data and > >> is only for a specific project, per richardj (6-6-03). > > > > Yes. Information published at this location is in support > > of the Early Registration Transfer (ERX) project. We only > > publish zone information there for which we are generating > > merged zone files. The information is there for the RIRs > > and to allow participants from the merged zones to verify > > that their data is getting merged properly. As new /8s are > > included in the ERX project, information is published to the > > ftp directory cited above. > > > > Would a gz file of the reversed mapped domains that ARIN > > manages available on an FTP site meet your needs? Do you > > think there should be an AUP for this? > > > > Richard Jimmerson > > Director of Operations > > American Registry for Internet Numbers (ARIN) > > > > > >> -----Original Message----- > >> From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > >> Behalf Of John M. Brown > >> Sent: Tuesday, June 10, 2003 6:13 AM > >> To: william at elan.net > >> Cc: ppml at arin.net > >> Subject: RE: [ppml] A proposal to modify proposal 2003-9 > >> (WHOIS and INADDR access) > >> > >> > >> because that URL does not provide complete data and > >> is only for a specific project, per richardj (6-6-03). > >> > >> research the allocated space as listed at > >> http://www.iana.org/assignments/ipv4-address-space > >> > >> and you will find the ftp site is missing a good chuck > >> of space. > >> > >> > >> > >> > -----Original Message----- > >> > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > >> > Behalf Of william at elan.net > >> > Sent: Monday, June 09, 2003 11:44 PM > >> > To: John M. Brown > >> > Cc: ppml at arin.net > >> > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > >> > (WHOIS and INADDR access) > >> > > >> > > >> > Why do you need policy for providing in-addr data as bulk? I > >> > think ARIN > >> > already provides this all publicly as it, see > >> > ftp://ftp.arin.net/pub/zones > >> > > >> > Do you need something more then > >> > that? > >> > > >> > On Mon, 9 Jun 2003, John M. Brown wrote: > >> > > >> > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > >> > be published > >> > > on > >> > > ARIN website as follows: > >> > > > >> > > "Access to the entire WHOIS or ARIN INADDR database or > >> > large portion > >> > > of > >> > > it may be obtained by any organization or individual > >> > provided that this > >> > > organization or individual agrees in writing to ARIN WHOIS/INADDR > >> > > Acceptable Use Policy. WHOIS or ARIN INADDR data provided > >> under bulk > >> > WHOIS access > >> > > will not include any information that is marked as private. > >> > > > >> > > Access to WHOIS/INADDR data may be by way of: > >> > > > >> > > Individual WHOIS/DNS queries > >> > > > >> > > FTP or other type of download > >> > > > >> > > Hard media distribution (such as CDROM) > >> > > > >> > > > >> > > ----- > >> > > > >> > > Given that ARIN now has policy 2002-1 Lame In-addr, > >> > providing access > >> > > to the in-addr view that ARIN has would be useful for the internet > >> > > operational and research community, and help reduce lame > >> > issues. This > >> > > access would allow service providers access to the > >> IN-ADDR tree and > >> > > allow them to self verify what deligations they are listed as > >> > > authoritative for. It would allow the research community > >> a better > >> > > source of data for research and other activities. > >> > > > >> > > > >> > > respectfully, > >> > > > >> > > john brown > >> > > >> > > > > > > From john at chagres.net Tue Jun 10 18:34:02 2003 From: john at chagres.net (John M. Brown) Date: Tue, 10 Jun 2003 16:34:02 -0600 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <913705195.1055256960@dhcp156-215.corp.tellme.com> Message-ID: <001101c32fa0$64585810$feecdfd8@laptoy> well you dont' want some clown hammering the FTP server as well and thus needs some simple way of controlling that via policy. i believe the DNS provider for ARIN can and does throttle / limit access for those that abuse the system. I'm quite sure they have the technical means to do it as needed. > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of Owen DeLong > Sent: Tuesday, June 10, 2003 3:56 PM > To: richardj at arin.net; ppml at arin.net > Subject: RE: [ppml] A proposal to modify proposal 2003-9 > (WHOIS and INADDR access) > > > I don't see a need for an AUP given that the data is all > publicly available by hammering the name servers. Unlike the > whois servers which can easily be throttled, the nameservers > would degrade service to legitimate users. Personally, I > think a .tar.gz of the zone files would be quite adequate. > FTP and/or HTTP is fine. > > Owen > > > --On Tuesday, June 10, 2003 17:08 -0400 Richard Jimmerson > wrote: > > > Hello John, > > > >> > ftp://ftp.arin.net/pub/zones > >> because that URL does not provide complete data and > >> is only for a specific project, per richardj (6-6-03). > > > > Yes. Information published at this location is in support > > of the Early Registration Transfer (ERX) project. We only publish > > zone information there for which we are generating merged > zone files. > > The information is there for the RIRs and to allow > participants from > > the merged zones to verify that their data is getting > merged properly. > > As new /8s are included in the ERX project, information is > published > > to the ftp directory cited above. > > > > Would a gz file of the reversed mapped domains that ARIN manages > > available on an FTP site meet your needs? Do you think > there should > > be an AUP for this? > > > > Richard Jimmerson > > Director of Operations > > American Registry for Internet Numbers (ARIN) > > > > > >> -----Original Message----- > >> From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of > >> John M. Brown > >> Sent: Tuesday, June 10, 2003 6:13 AM > >> To: william at elan.net > >> Cc: ppml at arin.net > >> Subject: RE: [ppml] A proposal to modify proposal 2003-9 > (WHOIS and > >> INADDR access) > >> > >> > >> because that URL does not provide complete data and > >> is only for a specific project, per richardj (6-6-03). > >> > >> research the allocated space as listed at > >> http://www.iana.org/assignments/ipv4-address-space > >> > >> and you will find the ftp site is missing a good chuck > >> of space. > >> > >> > >> > >> > -----Original Message----- > >> > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] > On Behalf Of > >> > william at elan.net > >> > Sent: Monday, June 09, 2003 11:44 PM > >> > To: John M. Brown > >> > Cc: ppml at arin.net > >> > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > (WHOIS and > >> > INADDR access) > >> > > >> > > >> > Why do you need policy for providing in-addr data as > bulk? I think > >> > ARIN already provides this all publicly as it, see > >> > ftp://ftp.arin.net/pub/zones > >> > > >> > Do you need something more then > >> > that? > >> > > >> > On Mon, 9 Jun 2003, John M. Brown wrote: > >> > > >> > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > >> > be published > >> > > on > >> > > ARIN website as follows: > >> > > > >> > > "Access to the entire WHOIS or ARIN INADDR database or > >> > large portion > >> > > of > >> > > it may be obtained by any organization or individual > >> > provided that this > >> > > organization or individual agrees in writing to ARIN > WHOIS/INADDR > >> > > Acceptable Use Policy. WHOIS or ARIN INADDR data provided > >> under bulk > >> > WHOIS access > >> > > will not include any information that is marked as private. > >> > > > >> > > Access to WHOIS/INADDR data may be by way of: > >> > > > >> > > Individual WHOIS/DNS queries > >> > > > >> > > FTP or other type of download > >> > > > >> > > Hard media distribution (such as CDROM) > >> > > > >> > > > >> > > ----- > >> > > > >> > > Given that ARIN now has policy 2002-1 Lame In-addr, > >> > providing access > >> > > to the in-addr view that ARIN has would be useful for the > >> > > internet operational and research community, and help > reduce lame > >> > issues. This > >> > > access would allow service providers access to the > >> IN-ADDR tree and > >> > > allow them to self verify what deligations they are listed as > >> > > authoritative for. It would allow the research community > >> a better > >> > > source of data for research and other activities. > >> > > > >> > > > >> > > respectfully, > >> > > > >> > > john brown > >> > > >> > > > > > > From baptista at dot-god.com Tue Jun 10 18:55:30 2003 From: baptista at dot-god.com (Joe Baptista) Date: Tue, 10 Jun 2003 18:55:30 -0400 (EDT) Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR In-Reply-To: <200306102100.h5AL0Gh25583@karoshi.com> Message-ID: On Tue, 10 Jun 2003 bmanning at karoshi.com wrote: > > a couple of data points. > > from its inception (4q1997) through 3q2001, arin allowed zone > transfers of all in-addr data. in 4q2001, arin started blocking zone > transfers. wait a minute - used to be all zones were listed in in-addr.arpa which was available via axfr. When did arin take over the delegations - do you know. I don't remember arin doing *.in-addr.arpa since 1997. and is there a historical record available. regards joe Joe Baptista - only at www.baptista.god What Hallmark cards won't say:-) Heard your wife left you, How upset you must be. But don't fret about it... She moved in with me. From baptista at dot-god.com Tue Jun 10 18:58:07 2003 From: baptista at dot-god.com (Joe Baptista) Date: Tue, 10 Jun 2003 18:58:07 -0400 (EDT) Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <390E55B947E7C848898AEBB9E5077060014EAB66@msmdcfs01.msmgmt.com> Message-ID: On Tue, 10 Jun 2003, McBurnett, Jim wrote: > William, > My point is: > Pretend I am ARIN saying this: Why should I do anything unless > the entire community agrees that I do it? > Now to push that farther--- What does it take for the "COMMUNITY" > to agree-- Policy... > Hence They are trying to stop something from becoming work... > I know it takes just a cron... But can they do it? i hope they can do it because if they can't i think it would bring into question their competency. > I have seen on here in the past about how easy many of us say it > is to create an automated engine for IP assignment, and they can't do that... > > And yes I agree.. There is some kind of reason to prevent all of it from > going on the net.. > And yes they are hiding behind policy-- or so it seems to me...... > Whether is be a skeleton, or they are afraid it will create lots of work after > everyone tells them the data is so bad thay have to clean it up there has to be > a reason... > > But now the question of the hour--- Alec, Richard--- Et al... WHAT IS IT? thats something i've heard from time to time that some of the data is bad - portions lost - etc etc. regards joe Joe Baptista - only at www.baptista.god 4Mozilla http://mozilla.ppp/ > > J > > -----Original Message----- > From: william at elan.net [mailto:william at elan.net] > Sent: Tuesday, June 10, 2003 1:42 PM > To: ppml at arin.net > Subject: RE: [ppml] A proposal to modify proposal 2003-9 (WHOIS and > INADDR access) > > > On Tue, 10 Jun 2003, McBurnett, Jim wrote: > > > And finally, Policies? if ARIN needs a Policy for everything, > > then how will they every get anything done... > > But honestly, I think this whole topic is about justifing > > workload or preventing workload. let's get the label right..... > > What workload??? They already have these zone files as they use them in > the dns server. The "workload" involves setting a cron to copy them > daily to publicly available ftp or web server... > > I simply do not understand why ARIN makes some zone files publicly > available already and not others. There seems to be some kind of other > reason (not "workload") behind them not putting the rest of the > zone files > up and I'd like to know what it is. > > > -----Original Message----- > > From: Owen DeLong [mailto:owen at delong.com] > > Sent: Tuesday, June 10, 2003 12:09 PM > > To: ppml at arin.net > > Subject: Re: [ppml] A proposal to modify proposal 2003-9 (WHOIS and > > INADDR access) > > > > > > OK... I guess I'll throw my hat in the ring here... > > > > I think that the IN-ADDR data should be provided. If ARIN staff feels > > a policy is needed, then I think two things have happened... > > > > 1. ARIN staff has become too policy focused. IN-ADDR can > > be easily mapped by repeatedly hitting the DNS servers > > and there are no privacy issues with it. The > > data should > > simply be made available. As such, I hope this > > will provide > > the impetus for RichardJ to get whatever approvals are > > necessary from ARIN Management/BOD to make this > > happen without > > policy. > > > > 2. We have discovered the need for additional > > clarification to > > the ARIN staff of what should and should not require > > formal public policies to accomplish. > > > > Personally, I think that the ARIN IN-ADDR zone file(s) should be made > > available > > via FTP and/or HTTP and that should be the end of it. > > > > However, I am not diametrically opposed to applying the same > > AUP to WHOIS > > and IN-ADDR. I think it is policy overkill, but, it's > certainly better > > than not having the IN-ADDR information available at all. > > > > Owen > > > > > > --On Tuesday, June 10, 2003 4:39 AM -0600 John Brown > > > wrote: > > > > > On Tue, Jun 10, 2003 at 12:44:26AM -0700, william at elan.net wrote: > > >> > > >> Fine, lets get ARIN to listen and provide the data for all other /8 > > >> blocks! > > > > > > I think that is an over statment, and certainly not something > > I'm asking > > > for. ARIN was clearly specifide and not the other RIR's. For > > them they > > > each have their proper venue, and its not here. > > > > > > > > >> > > >> Still the question is do we need a policy for this? If we do > > should it > > >> actually require authentication similar to bulk whois to get > > the data or > > >> is current system of getting it by ftp enough? > > > > > > Based on email from ARIN staff last fall, they used to > > provide the data > > > upon request, but started refusing the data until there was a > > policy in > > > place. > > > > > > The ARIN AC (post my resignation) did not feel it was > > something in their > > > scope as defined by the board. THe board has said that the AC is to > > > deal with clear and crisp IP allocation policies only. I > think even > > > the whois is not within their view based on the direction > > from the board. > > > > > > > > >> > > >> In my opinion adding in-addr to bulk-whois proposal is both not > > >> approriate as whois data is a lot more complex and has > > rather specific > > >> privacy issues, its unnecessory and it sounds bad as far as > > you wrote it > > >> (i.e. what you proposed - "arin whois inaddr aup"). > > > > > > I agree, WHOIS is more complex and has privacy issues. Hence > > the IN-ADDR > > > should be an easy issue to deal with. > > > > > > I don't believe I used those words you are attributing to > me. Please > > > correct or quote correctly.... > > > > > > What I stated is that access to the whois OR inaddr carried > > with it the > > > same level of restrictions and conditions. This would be > > more protection > > > for the IN-ADDR and continue to protect the whois data. > > > > > > > > > > > >> First I think we need to ask ARIN if they are willing to > get all the > > >> inaddr data out on their ftp site on their own based on > > current polices > > >> and procedures (they do after all provide entire ASN list > > including all > > >> those ASNs they inherited from Internic, so why is it so > > different for > > >> inaddr?). If they do not want to do it, then propose a > simple policy: > > >> "ARIN will provide public access to complete INADDR data for all ip > > >> blocks in its database for public download by ftp" > > > > > > Well todate ARIN has refused to provide IN-ADDR lacking a > > policy. I can > > > dig up the email from ARIN staff issued last fall, if needed. > > > > > > Agreed they have the ASN data, the IN-ADDR seems easy as well > > since they > > > have to gen the zone for their NS set anyway. > > > > > > Personally I believe that ARIN should have an AUP for this data. > > > > > > John Brown > > > > > >> > > >> > > -----Original Message----- > > >> > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > > >> > > Behalf Of william at elan.net > > >> > > Sent: Monday, June 09, 2003 11:44 PM > > >> > > To: John M. Brown > > >> > > Cc: ppml at arin.net > > >> > > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > > >> > > (WHOIS and INADDR access) > > >> > > > > >> > > > > >> > > Why do you need policy for providing in-addr data as bulk? I > > >> > > think ARIN > > >> > > already provides this all publicly as it, see > > >> > > ftp://ftp.arin.net/pub/zones > > >> > > > > >> > > Do you need something more then > > >> > > that? > > >> > > > > >> > > On Mon, 9 Jun 2003, John M. Brown wrote: > > >> > > > > >> > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > > >> > > be published > > >> > > > on > > >> > > > ARIN website as follows: > > >> > > > > > >> > > > "Access to the entire WHOIS or ARIN INADDR database or > > >> > > large portion > > >> > > > of > > >> > > > it may be obtained by any organization or individual > > >> > > provided that this > > >> > > > organization or individual agrees in writing to ARIN > > WHOIS/INADDR > > >> > > > Acceptable > > >> > > > Use Policy. WHOIS or ARIN INADDR data provided under bulk > > >> > > WHOIS access > > >> > > > will not include any information that is marked as private. > > >> > > > > > >> > > > Access to WHOIS/INADDR data may be by way of: > > >> > > > > > >> > > > Individual WHOIS/DNS queries > > >> > > > > > >> > > > FTP or other type of download > > >> > > > > > >> > > > Hard media distribution (such as CDROM) > > >> > > > > > >> > > > > > >> > > > ----- > > >> > > > > > >> > > > Given that ARIN now has policy 2002-1 Lame In-addr, > > >> > > providing access > > >> > > > to the in-addr view that ARIN has would be useful for > > the internet > > >> > > > operational and research community, and help reduce lame > > >> > > issues. This > > >> > > > access would allow service providers access to the > IN-ADDR tree > > >> > > > and allow them to self verify what deligations they > > are listed as > > >> > > > authoritative for. It would allow the research > > community a better > > >> > > > source of data for research and other activities. > > >> > > > > > >> > > > > > >> > > > respectfully, > > >> > > > > > >> > > > john brown > > >> > > > > From baptista at dot-god.com Tue Jun 10 19:01:25 2003 From: baptista at dot-god.com (Joe Baptista) Date: Tue, 10 Jun 2003 19:01:25 -0400 (EDT) Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <004b01c32f94$6ad44f70$548888c0@arin.net> Message-ID: On Tue, 10 Jun 2003, Richard Jimmerson wrote: > Would a gz file of the reversed mapped domains that ARIN > manages available on an FTP site meet your needs? Do you > think there should be an AUP for this? Richard - when did ARIN take over the reversed mapped domains. I remember it was the case that our delegations were in the in-addr.arpa zone - now they are some as example are in the 199.in-addr.arpa zone which ARIN runs. When did that happen that you took over this? regards joe baptista Joe Baptista - only at www.baptista.god Ananse - OpenNIC search engine http://www.ananse.indy/ a Search engine for all OpenNIC TLDs. From kent at songbird.com Tue Jun 10 19:37:31 2003 From: kent at songbird.com (kent at songbird.com) Date: Tue, 10 Jun 2003 16:37:31 -0700 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <000b01c32f9e$36636e10$feecdfd8@laptoy> References: <000b01c32f9e$36636e10$feecdfd8@laptoy> Message-ID: <20030610233731.GQ28311@owl.songbird.com> On Tue, Jun 10, 2003 at 04:18:25PM -0600, John M. Brown wrote: > > On Tuesday William said this to Jim's post: > > What workload??? They already have these zone files as they > > use them in > > the dns server. The "workload" involves setting a cron to copy them > > daily to publicly available ftp or web server... > > Not respecting that there is infact a certain amount of workload is > wrong. The ARIN STAFF has always done good solid work and its > generally a thankless job. > > Work load would include: > > Assuring the cron worked each day and that something didn't get > mucked up > > Assuring that the additional file transfer load didn't affect > other services on the FTP server. > > I'm sure there are a couple of other items that I'm missing. Indeed. For example: there are internal servers that keep authoritative data, and public servers that provide data to the outside world. So there are issues of crossing security boundaries. Managing security boundaries like that is always work, because you really do have to think about what you are doing. -- Kent Crispin "Be good, and you will be Manager of Technical Operations, ICANN lonesome." crispin at icann.org,kent at songbird.com -- Mark Twain p: +1 310 823 9358 f: +1 310 823 8649 From john at chagres.net Wed Jun 11 12:08:23 2003 From: john at chagres.net (John M. Brown) Date: Wed, 11 Jun 2003 10:08:23 -0600 Subject: [ppml] A proposal to modify proposal 2003-9 (WHOIS and INADDR access) In-Reply-To: <004b01c32f94$6ad44f70$548888c0@arin.net> Message-ID: <000a01c33033$af8ee9f0$7d7ba8c0@laptoy> It was brought to my attention that I might want to spec this a bit tighter. Richard, a TAR ball of the all the in-addr.arpa zones that ARIN serves compressed with GZ would be ideal. Hope this helps. > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of Richard Jimmerson > Sent: Tuesday, June 10, 2003 3:08 PM > To: ppml at arin.net > Subject: RE: [ppml] A proposal to modify proposal 2003-9 > (WHOIS and INADDR access) > > > Hello John, > > > > ftp://ftp.arin.net/pub/zones > > because that URL does not provide complete data and > > is only for a specific project, per richardj (6-6-03). > > Yes. Information published at this location is in support > of the Early Registration Transfer (ERX) project. We only > publish zone information there for which we are generating > merged zone files. The information is there for the RIRs > and to allow participants from the merged zones to verify > that their data is getting merged properly. As new /8s are > included in the ERX project, information is published to the > ftp directory cited above. > > Would a gz file of the reversed mapped domains that ARIN > manages available on an FTP site meet your needs? Do you > think there should be an AUP for this? > > Richard Jimmerson > Director of Operations > American Registry for Internet Numbers (ARIN) > > > > -----Original Message----- > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > > Behalf Of John M. Brown > > Sent: Tuesday, June 10, 2003 6:13 AM > > To: william at elan.net > > Cc: ppml at arin.net > > Subject: RE: [ppml] A proposal to modify proposal 2003-9 > > (WHOIS and INADDR access) > > > > > > because that URL does not provide complete data and > > is only for a specific project, per richardj (6-6-03). > > > > research the allocated space as listed at > > http://www.iana.org/assignments/ipv4-address-space > > > > and you will find the ftp site is missing a good chuck > > of space. > > > > > > > > > -----Original Message----- > > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of > > > william at elan.net > > > Sent: Monday, June 09, 2003 11:44 PM > > > To: John M. Brown > > > Cc: ppml at arin.net > > > Subject: Re: [ppml] A proposal to modify proposal 2003-9 > > > (WHOIS and INADDR access) > > > > > > > > > Why do you need policy for providing in-addr data as > bulk? I think > > > ARIN already provides this all publicly as it, see > > > ftp://ftp.arin.net/pub/zones > > > > > > Do you need something more then > > > that? > > > > > > On Mon, 9 Jun 2003, John M. Brown wrote: > > > > > > > 3. A policy for bulk WHOIS and or ARIN INADDR access will > > > be published > > > > on > > > > ARIN website as follows: > > > > > > > > "Access to the entire WHOIS or ARIN INADDR database or > > > large portion > > > > of > > > > it may be obtained by any organization or individual > > > provided that this > > > > organization or individual agrees in writing to ARIN > WHOIS/INADDR > > > > Acceptable Use Policy. WHOIS or ARIN INADDR data provided > > under bulk > > > WHOIS access > > > > will not include any information that is marked as private. > > > > > > > > Access to WHOIS/INADDR data may be by way of: > > > > > > > > Individual WHOIS/DNS queries > > > > > > > > FTP or other type of download > > > > > > > > Hard media distribution (such as CDROM) > > > > > > > > > > > > ----- > > > > > > > > Given that ARIN now has policy 2002-1 Lame In-addr, > > > providing access > > > > to the in-addr view that ARIN has would be useful for > the internet > > > > operational and research community, and help reduce lame > > > issues. This > > > > access would allow service providers access to the > > IN-ADDR tree and > > > > allow them to self verify what deligations they are listed as > > > > authoritative for. It would allow the research community > > a better > > > > source of data for research and other activities. > > > > > > > > > > > > respectfully, > > > > > > > > john brown > > > > > > From john at chagres.net Wed Jun 11 17:29:00 2003 From: john at chagres.net (John M. Brown) Date: Wed, 11 Jun 2003 15:29:00 -0600 Subject: [ppml] RIPE and APNIC make in-addrs avail with no fuss. Message-ID: <000e01c33060$79163cc0$feecdfd8@laptoy> So in doing research on who has in-addr data avail it seems that ripe, apnic, lacnic make zones avail on their FTP site. According to sources, RIPE and APNIC have full data avail It seems that ARIN is the only RIR that is currently not providing this data and is making it difficult to get this data. Maybe ARIN should be less red-tape policy and more community in some areas. just a thought From ahp at hilander.com Wed Jun 11 17:38:51 2003 From: ahp at hilander.com (Alec H. Peterson) Date: Wed, 11 Jun 2003 15:38:51 -0600 Subject: [ppml] RIPE and APNIC make in-addrs avail with no fuss. In-Reply-To: <000e01c33060$79163cc0$feecdfd8@laptoy> References: <000e01c33060$79163cc0$feecdfd8@laptoy> Message-ID: <2147483647.1055345930@[192.168.255.1]> --On Wednesday, June 11, 2003 15:29 -0600 "John M. Brown" wrote: > > Maybe ARIN should be less red-tape policy > and more community in some areas. A little history here. Who here remembers the days before ARIN started? The major complaints about the InterNIC registry were related to the fact that there was very little if any way for public input into policy and procedures. When ARIN was started the idea was to fix that (along with cutting the cord with NSI, but that's another issue). Perhaps ARIN has gone too far the other way, requiring too much stuff to go through the policy process. But where should ARIN draw the line? Alec -- Alec H. Peterson -- ahp at hilander.com Chief Technology Officer Catbird Networks, http://www.catbird.com From john at chagres.net Wed Jun 11 17:48:10 2003 From: john at chagres.net (John M. Brown) Date: Wed, 11 Jun 2003 15:48:10 -0600 Subject: [ppml] RIPE and APNIC make in-addrs avail with no fuss. In-Reply-To: <2147483647.1055345930@[192.168.255.1]> Message-ID: <001001c33063$26eb0d60$feecdfd8@laptoy> common sense seems to be where to draw the line. making the inaddr data avail seems like common sense. > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of Alec H. Peterson > Sent: Wednesday, June 11, 2003 3:39 PM > To: ppml at arin.net > Subject: Re: [ppml] RIPE and APNIC make in-addrs avail with no fuss. > > > --On Wednesday, June 11, 2003 15:29 -0600 "John M. Brown" > wrote: > > > > > Maybe ARIN should be less red-tape policy > > and more community in some areas. > > A little history here. > > Who here remembers the days before ARIN started? The major > complaints > about the InterNIC registry were related to the fact that > there was very > little if any way for public input into policy and > procedures. When ARIN > was started the idea was to fix that (along with cutting the > cord with NSI, > but that's another issue). > > Perhaps ARIN has gone too far the other way, requiring too > much stuff to go > through the policy process. But where should ARIN draw the line? > > Alec > > -- > Alec H. Peterson -- ahp at hilander.com > Chief Technology Officer > Catbird Networks, http://www.catbird.com > From william at elan.net Wed Jun 11 15:38:54 2003 From: william at elan.net (william at elan.net) Date: Wed, 11 Jun 2003 12:38:54 -0700 (PDT) Subject: [ppml] RIPE and APNIC make in-addrs avail with no fuss. In-Reply-To: <2147483647.1055345930@[192.168.255.1]> Message-ID: > Perhaps ARIN has gone too far the other way, requiring too much stuff to go > through the policy process. But where should ARIN draw the line? In my view its exactly what AC is supposed to do - give ARIN its opinion if something is or is not policy issue, and if it is, then send it to policy process with either somebody from AC taking the lead or somebody else from the public proposing necessary policy. If it is not, give its view/recomendation on how to best handle it if ARIN is not sure. This entire problem with in-addr seems to have been completely unnessarily raised question for policy making. I really do not see anything wrong with ARIN just making the data publicly available (and neither do other RIRs it seems) and its not very hard when they already have this data to just copy it to ftp server (yes some work is involved to make sure copy process goes ok, etc but really this is very small considering other things arin does including without any specific policy about it). And as far as possible AUP - this is different from whois. In whois AUP, private data and email addresses and provided as a bulk and as a result its an easy case for abuse (for advertising and such), so AUP is to protect the data. While with INADDR access its not the data that people are worried but that the process of getting it may put strain on arin servers - if there needs to be an aup for such a case, it needs to be completely different then whois and should not be related to it. This is probably my last email on this subject... Lets hope arin seen all this and will make inaddr data available on their ftp soon for those who need it (I really don't think it would be that many that download it or put strain on its resources - unlike possibly if this was done by dns transfers, which idea I do not like either). -- William Leibzon Elan Communications Inc. william at elan.net From baptista at dot-god.com Thu Jun 12 03:17:27 2003 From: baptista at dot-god.com (Joe Baptista) Date: Thu, 12 Jun 2003 03:17:27 -0400 (EDT) Subject: [ppml] Poulsen: Cracking down on cyberspace land grabs Message-ID: http://www.theregister.co.uk/content/55/31156.html Cracking down on cyberspace land grabs By Kevin Poulsen, SecurityFocus Posted: 11/06/2003 at 22:47 GMT The people who keep the Internet running are coming to terms with address space hijacking, an old scam that's turned suddenly nasty, writes Kevin Poulsen of SecurityFocus. Earlier this year an expanse of Internet address space belonging to the County of Los Angeles was put to some uses that had little to do with effective municipal governance. Some county addresses inexplicably began hosting porn websites, while others generated suspicious scanning activity that tripped intrusion detection systems around the net. And then there was the spam, suddenly oozing from the county's cyberspace like sludge moving down the Los Angeles river after a rain -- low-interest mortgages, bargain ink jet cartridges, an abundance of "sizzling teens" in adult situations. It turns out the official records of the address block had been doctored, and L.A. County no longer owned the space -- at least as far as the rest of the world was concerned. All 65,534 addresses now belonged to one Emil Kacperski, the 20-something owner of a small unincorporated hosting company in Northern California. No one was more surprised than county officials, who'd been using the space on an internal county-wide network since 1995. "We found out when we got a call from some outfit overseas, saying they were being hacked and they investigated the IP address and it was one of ours," says Dennis Shelley, associate CIO for the county. "We followed up on it, and we found out that it had been hijacked." Los Angeles County had been hit by a growing type of hi-tech fraud, in which large, and usually dormant, segments of the Internet's address space are taken away from their registered users through an elaborate shell game of forged letters, ephemeral domain names and anonymous corporate fronts. The patsies in the scheme are the four non-profit registries that parcel out address space around the world and keep track of who's using it. The prizes are the coveted "Class B" or "/16" (read "slash-sixteen") address blocks that Internet authorities passed out like candy in the days when address space was bountiful, but are harder to get legitimately now. The most rapacious consumers of the stolen address space are spammers trying to stay a step ahead of anti-spam blacklists. A /16 provides a lot of addresses to hide behind, a lot of launch pads for unwanted e-mail, squats for hastily-erected spamvertised websites, and attack points from which one can scan the Internet for misconfigured proxy servers-- useful for laundering even more spam. Some anti-spam investigators believe an underground economy exists in which a large block of address space is broken down and re-sold in smaller chunks like a boosted Acura in a chop-shop. "Money is changing hands," says Kai Schlichting, a veteran network engineer who tracks down stolen IP space in his spare time. "I wouldn't be surprised if you could sell a /16 for $100,000 in bits and pieces." Hijacking an IP block is cheap, and it bypasses conservation measures imposed by the regional registries: to get a large allocation legally, one must first demonstrate an immediate need for the space; it's not enough to want it. Then you have to pay the registry as much as $10,000 in fees. In contrast, to snake someone else's domain all the scamster has to do is write a letter on fake company letterhead changing the contact information for the allocation, or in some circumstances just forge an e-mail message from the owner. Investigators say that some hijackers have resorted to cloning an entire company by incorporating under a similar name. Kacperski, owner of the Walnut Creek, Calif. hosting company Atrivo, says he acquired L.A. County's space after becoming frustrated by the cost and bureaucracy of getting a larger block through approved channels. In a telephone interview, the entrepreneur admitted that the /16 wasn't his, but he denied taking it himself. He says he purchased it from a gray-market broker he met online, who claimed to have the right to sell the block. "He called it 'borrowed space,'" says Kacperski. "We ended up paying the person for the block and he ended up [transfering] it to us... He assured us there'd be no problems." The price, he claims, was a paltry $500, transferred through PayPal, though he was instructed to use only a tiny fraction of the space. SecurityFocus could not locate the broker. (Kacperski blames the spam, and other anti-social net traffic, on a single bad customer that he quickly cut off.) Regardless of who stole it, Los Angeles County quickly got its space back. But elsewhere the scam has intensified in recent months, with at least seven large allocations found newly-diverted, and countless other cases suspected. Last month anti-spam groups and concerned network operators formed a private mailing list to investigate the phenomenon outside the view of cyberjackers. "There's anything up to 100 of these blocks out there on the loose," estimates Richard Cox, an IT forensics guru with Mandarin Technology in the U.K. "That's the magnitude that we're dealing with here." The Trafalgar House Case Network operators were galvanized by a particularly brazen case in April, when a trail of spam led to the discovery that no-less than six /16s -- nearly 400,000 addresses -- had been misappropriated from Trafalgar House, a British construction and shipping conglomerate that's now part of Aker Kvaerner, headquartered in Norway. From the U.K., Cox discovered that the perpetrators conned the American Registry for Internet Numbers (ARIN) into changing the contact information for the space. One of the /16s was traced to a Dutch spammer, and the other five to a mysterious company called "Fedfinancial Corp." Fedfinancial managed to convince ARIN that it had been contracted to provide network management services for Trafalgar. ARIN won't say exactly how it was swindled, but registration records show the grifters had an authentic-looking e-mail address at a newly-minted "traf-infosystems.net" domain, and a genuine street address with matching voice and fax telephone numbers. But the phone numbers ring to Nevada and Offshore Business Formation, a company that sets up corporations for a fee, and takes orders over the Web. Public records show that they incorporated Fedfinancial as a Nevada corporation last January, on behalf of an unnamed client. The street address is also theirs. ARIN president Ray Plzak says the registry doesn't comment on specific cases, but acknowledged that address space hijacking is a problem. "We have measures in place to detect these kinds of things, and we have a set of procedures that we follow to verify information, and we're continuously looking into ways of improving that" says Plzak. "No procedure is ever 100% perfect, and we recognize that." Once the ARIN record for a block of space has been tweaked, the new "owner" can show it to a network access provider as proof that he has the right to use the addresses. Kacperski found three providers for his purloined L.A. County block; anyone who questioned his sudden good fortune was treated to a tall tale about an old friend who bequeathed Kacperski the mammoth space when his company went bankrupt. Coincidentally, one of the providers, New York-based networking firm nLayer, also wound up routing a /16 that another customer took from the Italian logistics firm Zust-Ambrosetti in January. But nLayer insists it's doing everything reasonable to avoid harboring misappropriated space. "Obviously we don't want to be routing any IP blocks that are potentially stolen." says an nLayer representative who identified himself as Richard Steenbergen. "But nothing really shows up as a red flag when someone is listed as a contact on the block." Skepticism Sought Anti-spammers argue that access providers should be more skeptical when someone comes in with a ridiculously large allocation. "If it's a customer connecting with T1 and walking in with a /16, or two or three of them, this is something that should set off some alarm bells," says Schlichting. But additional vigilance goes against an access provider's financial interest -- they make money by connecting people, not by turning them away. And until spammers discovered the technique, IP hijacking was largely considered a dishonest but forgivable path to acquiring old, unused address space belonging to defunct companies. The perpetrators were what the Spamhaus Project describes as "a few crufty geeks" in search of "cheap digs." The scam is victimless in that it normally targets dormant allocations that are otherwise going to waste, in many cases taking blocks of space that belong to defunct companies, or, like the Trafalgar House space, have long faded from corporate memory. But like the mob moving in on a neighborhood poker game, spammers have turned a once-harmless misdemeanor into an organized and well-funded scheme. Internet defenders shudder at the thought of large portions of the net's real-estate under the control of anonymous rogue entities. "There's no accountability. You don't know who really owns this particular address space. You have no way of finding out," says Schlichting." Some even worry that malefactors will go a step further, and begin hijacking address space that's already in active use. "This whole episode has identified huge weaknesses in the Internet's own infrastructure," says Cox. "What we've seen happen is trivial compared to what we've seen possible." For now, attention is turning to what the regional registries could or should do to stop the practice, and ARIN has begun reviewing old records for signs of chicanery. "Where we find evidence that there has been a fraudulent transfer... we will remove that information and try to go back through history, if you will, and try and find out who has the earliest established legitimate use of the address space," says Plzak. What that history might yield has some network operators nervous; some of the space appropriated by those "crufty geeks" has been stratified into legitimacy by the passage of time. This week network operators on the NANOG mailing list began debating whether benevolent squatters should be granted some kind of amnesty from the coming "witch hunt." As for Kacperski, last week he received approval from ARIN for a new block of space that he can rightfully call his own. "There are forms, there are a lot of procedures, and we had to pay $2,500... This is not an easy thing to do," he says. His new block is a /20, which means he has a little over 4,000 IP addresses for his hosting company. That's not bad, but it's a long fall from the heady days when he had enough virtual real estate to serve the City of Angeles. regards joe Joe Baptista - only at www.baptista.god AddALink - The Internet Directory that you own! - http://AddALink.NOMAD From Stacy_Taylor at icgcomm.com Thu Jun 12 11:08:24 2003 From: Stacy_Taylor at icgcomm.com (Taylor, Stacy) Date: Thu, 12 Jun 2003 09:08:24 -0600 Subject: [ppml] Poulsen: Cracking down on cyberspace land grabs Message-ID: <5BDB545714D0764F8452CC5A25DDEEFA04DAE13A@denexg21.icgcomm.com> We all saw this, right? http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3029809556&category=11175 -----Original Message----- From: Joe Baptista [mailto:baptista at dot-god.com] Sent: Thursday, June 12, 2003 12:17 AM To: ARIN Public Policy List ppml Cc: Johnmacsgroup Subject: [ppml] Poulsen: Cracking down on cyberspace land grabs http://www.theregister.co.uk/content/55/31156.html Cracking down on cyberspace land grabs By Kevin Poulsen, SecurityFocus Posted: 11/06/2003 at 22:47 GMT The people who keep the Internet running are coming to terms with address space hijacking, an old scam that's turned suddenly nasty, writes Kevin Poulsen of SecurityFocus. Earlier this year an expanse of Internet address space belonging to the County of Los Angeles was put to some uses that had little to do with effective municipal governance. Some county addresses inexplicably began hosting porn websites, while others generated suspicious scanning activity that tripped intrusion detection systems around the net. And then there was the spam, suddenly oozing from the county's cyberspace like sludge moving down the Los Angeles river after a rain -- low-interest mortgages, bargain ink jet cartridges, an abundance of "sizzling teens" in adult situations. It turns out the official records of the address block had been doctored, and L.A. County no longer owned the space -- at least as far as the rest of the world was concerned. All 65,534 addresses now belonged to one Emil Kacperski, the 20-something owner of a small unincorporated hosting company in Northern California. No one was more surprised than county officials, who'd been using the space on an internal county-wide network since 1995. "We found out when we got a call from some outfit overseas, saying they were being hacked and they investigated the IP address and it was one of ours," says Dennis Shelley, associate CIO for the county. "We followed up on it, and we found out that it had been hijacked." Los Angeles County had been hit by a growing type of hi-tech fraud, in which large, and usually dormant, segments of the Internet's address space are taken away from their registered users through an elaborate shell game of forged letters, ephemeral domain names and anonymous corporate fronts. The patsies in the scheme are the four non-profit registries that parcel out address space around the world and keep track of who's using it. The prizes are the coveted "Class B" or "/16" (read "slash-sixteen") address blocks that Internet authorities passed out like candy in the days when address space was bountiful, but are harder to get legitimately now. The most rapacious consumers of the stolen address space are spammers trying to stay a step ahead of anti-spam blacklists. A /16 provides a lot of addresses to hide behind, a lot of launch pads for unwanted e-mail, squats for hastily-erected spamvertised websites, and attack points from which one can scan the Internet for misconfigured proxy servers-- useful for laundering even more spam. Some anti-spam investigators believe an underground economy exists in which a large block of address space is broken down and re-sold in smaller chunks like a boosted Acura in a chop-shop. "Money is changing hands," says Kai Schlichting, a veteran network engineer who tracks down stolen IP space in his spare time. "I wouldn't be surprised if you could sell a /16 for $100,000 in bits and pieces." Hijacking an IP block is cheap, and it bypasses conservation measures imposed by the regional registries: to get a large allocation legally, one must first demonstrate an immediate need for the space; it's not enough to want it. Then you have to pay the registry as much as $10,000 in fees. In contrast, to snake someone else's domain all the scamster has to do is write a letter on fake company letterhead changing the contact information for the allocation, or in some circumstances just forge an e-mail message from the owner. Investigators say that some hijackers have resorted to cloning an entire company by incorporating under a similar name. Kacperski, owner of the Walnut Creek, Calif. hosting company Atrivo, says he acquired L.A. County's space after becoming frustrated by the cost and bureaucracy of getting a larger block through approved channels. In a telephone interview, the entrepreneur admitted that the /16 wasn't his, but he denied taking it himself. He says he purchased it from a gray-market broker he met online, who claimed to have the right to sell the block. "He called it 'borrowed space,'" says Kacperski. "We ended up paying the person for the block and he ended up [transfering] it to us... He assured us there'd be no problems." The price, he claims, was a paltry $500, transferred through PayPal, though he was instructed to use only a tiny fraction of the space. SecurityFocus could not locate the broker. (Kacperski blames the spam, and other anti-social net traffic, on a single bad customer that he quickly cut off.) Regardless of who stole it, Los Angeles County quickly got its space back. But elsewhere the scam has intensified in recent months, with at least seven large allocations found newly-diverted, and countless other cases suspected. Last month anti-spam groups and concerned network operators formed a private mailing list to investigate the phenomenon outside the view of cyberjackers. "There's anything up to 100 of these blocks out there on the loose," estimates Richard Cox, an IT forensics guru with Mandarin Technology in the U.K. "That's the magnitude that we're dealing with here." The Trafalgar House Case Network operators were galvanized by a particularly brazen case in April, when a trail of spam led to the discovery that no-less than six /16s -- nearly 400,000 addresses -- had been misappropriated from Trafalgar House, a British construction and shipping conglomerate that's now part of Aker Kvaerner, headquartered in Norway. From the U.K., Cox discovered that the perpetrators conned the American Registry for Internet Numbers (ARIN) into changing the contact information for the space. One of the /16s was traced to a Dutch spammer, and the other five to a mysterious company called "Fedfinancial Corp." Fedfinancial managed to convince ARIN that it had been contracted to provide network management services for Trafalgar. ARIN won't say exactly how it was swindled, but registration records show the grifters had an authentic-looking e-mail address at a newly-minted "traf-infosystems.net" domain, and a genuine street address with matching voice and fax telephone numbers. But the phone numbers ring to Nevada and Offshore Business Formation, a company that sets up corporations for a fee, and takes orders over the Web. Public records show that they incorporated Fedfinancial as a Nevada corporation last January, on behalf of an unnamed client. The street address is also theirs. ARIN president Ray Plzak says the registry doesn't comment on specific cases, but acknowledged that address space hijacking is a problem. "We have measures in place to detect these kinds of things, and we have a set of procedures that we follow to verify information, and we're continuously looking into ways of improving that" says Plzak. "No procedure is ever 100% perfect, and we recognize that." Once the ARIN record for a block of space has been tweaked, the new "owner" can show it to a network access provider as proof that he has the right to use the addresses. Kacperski found three providers for his purloined L.A. County block; anyone who questioned his sudden good fortune was treated to a tall tale about an old friend who bequeathed Kacperski the mammoth space when his company went bankrupt. Coincidentally, one of the providers, New York-based networking firm nLayer, also wound up routing a /16 that another customer took from the Italian logistics firm Zust-Ambrosetti in January. But nLayer insists it's doing everything reasonable to avoid harboring misappropriated space. "Obviously we don't want to be routing any IP blocks that are potentially stolen." says an nLayer representative who identified himself as Richard Steenbergen. "But nothing really shows up as a red flag when someone is listed as a contact on the block." Skepticism Sought Anti-spammers argue that access providers should be more skeptical when someone comes in with a ridiculously large allocation. "If it's a customer connecting with T1 and walking in with a /16, or two or three of them, this is something that should set off some alarm bells," says Schlichting. But additional vigilance goes against an access provider's financial interest -- they make money by connecting people, not by turning them away. And until spammers discovered the technique, IP hijacking was largely considered a dishonest but forgivable path to acquiring old, unused address space belonging to defunct companies. The perpetrators were what the Spamhaus Project describes as "a few crufty geeks" in search of "cheap digs." The scam is victimless in that it normally targets dormant allocations that are otherwise going to waste, in many cases taking blocks of space that belong to defunct companies, or, like the Trafalgar House space, have long faded from corporate memory. But like the mob moving in on a neighborhood poker game, spammers have turned a once-harmless misdemeanor into an organized and well-funded scheme. Internet defenders shudder at the thought of large portions of the net's real-estate under the control of anonymous rogue entities. "There's no accountability. You don't know who really owns this particular address space. You have no way of finding out," says Schlichting." Some even worry that malefactors will go a step further, and begin hijacking address space that's already in active use. "This whole episode has identified huge weaknesses in the Internet's own infrastructure," says Cox. "What we've seen happen is trivial compared to what we've seen possible." For now, attention is turning to what the regional registries could or should do to stop the practice, and ARIN has begun reviewing old records for signs of chicanery. "Where we find evidence that there has been a fraudulent transfer... we will remove that information and try to go back through history, if you will, and try and find out who has the earliest established legitimate use of the address space," says Plzak. What that history might yield has some network operators nervous; some of the space appropriated by those "crufty geeks" has been stratified into legitimacy by the passage of time. This week network operators on the NANOG mailing list began debating whether benevolent squatters should be granted some kind of amnesty from the coming "witch hunt." As for Kacperski, last week he received approval from ARIN for a new block of space that he can rightfully call his own. "There are forms, there are a lot of procedures, and we had to pay $2,500... This is not an easy thing to do," he says. His new block is a /20, which means he has a little over 4,000 IP addresses for his hosting company. That's not bad, but it's a long fall from the heady days when he had enough virtual real estate to serve the City of Angeles. regards joe Joe Baptista - only at www.baptista.god AddALink - The Internet Directory that you own! - http://AddALink.NOMAD From Stacy_Taylor at icgcomm.com Thu Jun 12 18:21:49 2003 From: Stacy_Taylor at icgcomm.com (Taylor, Stacy) Date: Thu, 12 Jun 2003 16:21:49 -0600 Subject: [ppml] Poulsen: Cracking down on cyberspace land grabs Message-ID: <5BDB545714D0764F8452CC5A25DDEEFA04DAE141@denexg21.icgcomm.com> For those of you who missed it..... They must have taken the link down for some reason. Someone was auctioning a "grandfathered Class B" on Ebay! The current bid was $6800. and reserve was not met as of 10 am PST.... -----Original Message----- From: Jeff Urmann [mailto:Jeff.Urmann at HFA-MN.ORG] Sent: Thursday, June 12, 2003 3:00 PM To: 'Taylor, Stacy' Subject: RE: [ppml] Poulsen: Cracking down on cyberspace land grabs I`m replying off-list as I`m not sure if I got the whole link. I`m not sure what happened. Could you elaborate? Upon clicking the link below, I receive the following message: Invalid Item The item you requested ( 3029809556 ) is invalid, still pending, or no longer in our database. Please check the number and try again. If this message persists, the item has either not started and is not yet available for viewing, or has expired and is no longer available. -----Original Message----- From: Taylor, Stacy [ mailto:Stacy_Taylor at icgcomm.com ] Sent: Thursday, June 12, 2003 10:08 AM To: 'Joe Baptista'; ARIN Public Policy List ppml Cc: Johnmacsgroup Subject: RE: [ppml] Poulsen: Cracking down on cyberspace land grabs We all saw this, right? http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem &item=3029809556&category=11175 " PRIVACY NOTICE: This email and any attachments associated with it may contain private and confidential information that is legally privileged and for the use of the intended recipient(s) only. Unauthorized viewing, dissemination, use and/or disclosure of the information contained in this email is strictly prohibited. If you have received this email and you are not the intended recipient(s), please notify the sender by return email that you received this in error and destroy all copies of the email and attachments, both electronic and printed. Hennepin Faculty Associates -------------- next part -------------- An HTML attachment was scrubbed... URL: From william at elan.net Thu Jun 12 15:55:19 2003 From: william at elan.net (william at elan.net) Date: Thu, 12 Jun 2003 12:55:19 -0700 (PDT) Subject: [ppml] Poulsen: Cracking down on cyberspace land grabs In-Reply-To: <5BDB545714D0764F8452CC5A25DDEEFA04DAE141@denexg21.icgcomm.com> Message-ID: I reported this to ebay yesterday evening as illegal activity (the exact crime would be pecunary fraud through misrepresentation of ownership) as soon as found out about the listing. I have serious reasons to believe the ip block he (Max Sutter) was actioning was hijacked ip block 160.122.0.0/16 which should really belong to tredcor.co.za / trentyre.co.za I'll provide more information about him and other hijackkers in about a week on this list. For those who missed, spamhaus has made a copy of that ebay listing, see http://www.spamhaus.org/rokso/spammers.lasso?-database=spammers.db&-layout=detail&-response=roksodetail.lasso&recno=2594&-clientusername=guest&-clientpassword=guest&-search On Thu, 12 Jun 2003, Taylor, Stacy wrote: > For those of you who missed it..... > They must have taken the link down for some reason. Someone was auctioning > a "grandfathered Class B" on Ebay! The current bid was $6800. and reserve > was not met as of 10 am PST.... > > > -----Original Message----- > From: Jeff Urmann [mailto:Jeff.Urmann at HFA-MN.ORG] > Sent: Thursday, June 12, 2003 3:00 PM > To: 'Taylor, Stacy' > Subject: RE: [ppml] Poulsen: Cracking down on cyberspace land grabs > > > > I`m replying off-list as I`m not sure if I got the whole link. I`m not sure > what happened. Could you elaborate? > > Upon clicking the link below, I receive the following message: > > Invalid Item > The item you requested ( 3029809556 ) is invalid, still pending, or no > longer in our database. Please check the number and try again. If this > message persists, the item has either not started and is not yet available > for viewing, or has expired and is no longer available. > > -----Original Message----- > From: Taylor, Stacy [ mailto:Stacy_Taylor at icgcomm.com > ] > Sent: Thursday, June 12, 2003 10:08 AM > To: 'Joe Baptista'; ARIN Public Policy List ppml > Cc: Johnmacsgroup > Subject: RE: [ppml] Poulsen: Cracking down on cyberspace land grabs > > > We all saw this, right? > > http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem > 5> &item=3029809556&category=11175 > " > PRIVACY NOTICE: This email and any attachments associated with it may > contain private and confidential information that is legally privileged and > for the use of the intended recipient(s) only. Unauthorized viewing, > dissemination, use and/or disclosure of the information contained in this > email is strictly prohibited. If you have received this email and you are > not the intended recipient(s), please notify the sender by return email that > you received this in error and destroy all copies of the email and > attachments, both electronic and printed. > > Hennepin Faculty Associates > --- William Leibzon Elan Communications Inc. william at elan.net From richardj at arin.net Thu Jun 12 18:46:01 2003 From: richardj at arin.net (Richard Jimmerson) Date: Thu, 12 Jun 2003 18:46:01 -0400 Subject: [ppml] ARIN in-addr.arpa zones Message-ID: <001301c33134$65cc8af0$468888c0@arin.net> All of ARIN's in-addr.arpa zones are now being published to the ARIN FTP site at ftp.arin.net/pub/zones. The README file at this location describes the contents of the directory. There is currently no AUP associated with the obtaining of this data. It is possible this will change if prescribed by a future policy. Best Regards, Richard Jimmerson Director of Operations American Registry for Internet Numbers (ARIN) From owen at delong.com Thu Jun 12 19:44:10 2003 From: owen at delong.com (Owen DeLong) Date: Thu, 12 Jun 2003 16:44:10 -0700 Subject: [ppml] ARIN in-addr.arpa zones In-Reply-To: <001301c33134$65cc8af0$468888c0@arin.net> References: <001301c33134$65cc8af0$468888c0@arin.net> Message-ID: <2147483647.1055436250@imac-en0.delong.sj.ca.us> Richard, Thanks for once again demonstrating that ARIN is committed to doing the right thing through common sense and good stewardship. I think this is a perfectly reasonable response to the concerns raised by John and others over the last few days. It's also exactly what I expected would likely happen. John, if you still feel the need for an AUP on it, I suggest you submit a policy proposal. Otherwise, I figure this is an adequate solution. Owen --On Thursday, June 12, 2003 6:46 PM -0400 Richard Jimmerson wrote: > All of ARIN's in-addr.arpa zones are now being published > to the ARIN FTP site at ftp.arin.net/pub/zones. The > README file at this location describes the contents of > the directory. > > There is currently no AUP associated with the obtaining > of this data. It is possible this will change if > prescribed by a future policy. > > Best Regards, > > Richard Jimmerson > Director of Operations > American Registry for Internet Numbers (ARIN) > From john at chagres.net Sun Jun 15 00:50:31 2003 From: john at chagres.net (John M. Brown) Date: Sat, 14 Jun 2003 22:50:31 -0600 Subject: [ppml] how about IPv6 in-addrs ?? ;) Message-ID: <000001c332f9$a7607d70$7d7ba8c0@laptoy> subject says it all. RIPE and APNIC provide them john brown From john at chagres.net Wed Jun 18 12:02:04 2003 From: john at chagres.net (John M. Brown) Date: Wed, 18 Jun 2003 10:02:04 -0600 Subject: [ppml] how about IPv6 in-addrs ?? ;) In-Reply-To: <000001c332f9$a7607d70$7d7ba8c0@laptoy> Message-ID: <000901c335b2$f6606870$f9ecdfd8@laptoy> So not seeing a reply to my previous email and taking a look at what I posted it seems there could be some confusion on what I'm asking for. I'd like to see ARIN also publish the v6 equiv of in-addr.arpa for the v6 prefix's it has deligated. for example: c.0.1.0.0.2.ip6.arpa which is from the files that APNIC publishes today. Hope that helps clear up the mud > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of John M. Brown > Sent: Saturday, June 14, 2003 10:51 PM > To: ppml at arin.net > Subject: [ppml] how about IPv6 in-addrs ?? ;) > > > subject says it all. > > RIPE and APNIC provide them > > john brown > From john at chagres.net Wed Jun 18 12:02:56 2003 From: john at chagres.net (John M. Brown) Date: Wed, 18 Jun 2003 10:02:56 -0600 Subject: [ppml] thank you richard/arin staff Message-ID: <000a01c335b3$1568e580$f9ecdfd8@laptoy> for getting the v4 zones pushed up to the FTP site. This data has already cleaned up several dozen ISP DNS servers. john brown From matthew.ford at bt.com Thu Jun 19 12:53:05 2003 From: matthew.ford at bt.com (matthew.ford at bt.com) Date: Thu, 19 Jun 2003 17:53:05 +0100 Subject: [ppml] IPv4 Allocation stats Message-ID: Can anyone explain to me why the ARIN IPv4 Issued statistics, e.g. http://www.arin.net/statistics/index.html#ipv4issued2003, do not seem to match up with the stats available from ftp://ftp.arin.net/pub/stats/arin/arin.20030601? For example, if you add all the allocations and assignments listed in arin.20030601 for April 2003 you get 819,456. Dividing by 256 to get /24 equivalents gives 3,201. But http://www.arin.net/statistics/index.html#ipv4issued2003 states 7,056 /24 equivalents were issued in April 2003. I'm sure there's a simple explanation. So what is it? Maybe I can't do arithmetic... -- Mat From leslien at arin.net Thu Jun 19 15:10:03 2003 From: leslien at arin.net (Leslie Nobile) Date: Thu, 19 Jun 2003 15:10:03 -0400 Subject: [ppml] IPv4 Allocation stats In-Reply-To: Message-ID: <000801c33696$636abe00$698888c0@arin.net> Hi Mat- There is actually a logical explanation for this discrepancy, and yes, you have done the math correctly. ARIN issued 3857 /24s in April 2003 that were actually extensions of previously issued IP blocks. The web stats account for every /24 allocated during the month, including the extensions. The ftp site automatically tracks the IPv4 allocations by the original allocation date only and therefore, does not record the extensions in the month that they were allocated. The extended IP blocks will however, appear under the date of the original allocation. If we can answer any other questions, please feel free to contact us by sending email to hostmaster at arin.net or by sending email directly to me at leslie at arin.net. Regards, Leslie Nobile Director, Registration Services American Registry for Internet Numbers (ARIN) -----Original Message----- From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On Behalf Of matthew.ford at bt.com Sent: Thursday, June 19, 2003 12:53 PM To: ppml at arin.net Subject: [ppml] IPv4 Allocation stats Can anyone explain to me why the ARIN IPv4 Issued statistics, e.g. http://www.arin.net/statistics/index.html#ipv4issued2003, do not seem to match up with the stats available from ftp://ftp.arin.net/pub/stats/arin/arin.20030601? For example, if you add all the allocations and assignments listed in arin.20030601 for April 2003 you get 819,456. Dividing by 256 to get /24 equivalents gives 3,201. But http://www.arin.net/statistics/index.html#ipv4issued2003 states 7,056 /24 equivalents were issued in April 2003. I'm sure there's a simple explanation. So what is it? Maybe I can't do arithmetic... -- Mat