[ARIN-consult] Community Consultation on CKN23-ARIN Now Open
ARIN
info at arin.net
Wed Mar 22 13:24:12 EDT 2017
There are thousands of instances of the ARIN Point of Contact (POC)
handle “No, Contact Known” or CKN23-ARIN registered in the ARIN
database, most of them associated with legacy resource records. ARIN
would like the community to review the history of this situation and the
proposed solution and provide us with their feedback.
The creation and addition of this POC handle was due to a combination of
factors.
* In 2002, a database conversion project was done at ARIN that
created a new database structure and added a new record type
(Organization ID) as well as new POC types (Admin, Tech, Abuse and NOC).
When an Org ID didn’t have a clear POC that had been recently updated or
vetted by ARIN staff, the original resource POC remained on the resource
record only and no POCs were added to the Org record at all.
* In a later 2011 database conversion, reverse DNS delegation
switched from per-net to per-zone. This created significant hijacking
potential by allowing resource POCs to change their reverse delegation
without first being verified by staff as legitimate.
* Also in 2011, ARIN added a new business rule that required an Admin
and a Tech POC on all Org records as a way of enhancing data quality.
* Policy 2010-14 was implemented in 2011 and required Abuse POCs on
all Org records.
In order to maintain ARIN’s business rules, comply with policy 2010-14,
and prevent hijackings, several actions were initiated by staff:
* CKN23-ARIN was created to become the Admin and Tech POC on Orgs
that lacked them
* Resource POCs of legacy networks that had never been updated or
validated by ARIN were moved to the Organization record as the Abuse POC
* ARIN’s verification and vetting requirements were thus reinstated
as the Abuse POC had to be vetted before making any changes to the
record, and therefore could not hijack the resource by adding or
changing the nameservers
Over time, the above actions have created several issues:
* It is easy for hijackers to identify and target records with CKN23
(no contact known) as the handle
* POCs that were moved from resource tech to Org abuse are not happy
about no longer having control of their resource record
There are several different courses of action that ARIN could take to
resolve the current situation.
Option 1
Retain the current status and do nothing
Option 2
Restore the resource POCs back to their original state on the
resource record keeping in mind that this would open up the hijacking
risk by giving the original resource POC control of the network without
a verification process
* Retain the Abuse POC on the Org record
* Retain CKN23-ARIN as Org POC
Option 3 - **Recommended option**
Restore the resource POC back to their original state on the
resource record. This will allow contacts historically associated with
a resource record to more readily administer that record going forward.
* Retain the Abuse POC on the Org
* Replace CKN23-ARIN with a handle that better explains the record’s
status (e.g. “Legacy Record – See Resource POC”)
* Lock all resources associated with these legacy records who have
had their resource POC restored. This would ensure that any changes made
by the resource POC would first have to be reviewed by ARIN.
We would like to thank the ARIN Services Working Group (WG) for their
helpful review of the proposed change – while the ARIN Services WG did
not take a formal position in support of or in opposition of the
proposed change, their review led to improvements in presentation of the
options
We are seeking community feedback on this proposed change (Option #3) to
the ARIN Registry database.
This consultation will remain open for 60 days - Please provide comments
to arin-consult at arin.net.
Discussion on arin-consult at arin.net will close on 22 May 2017.
If you have any questions, please contact us at info at arin.net.
Regards,
John Curran
President and CEO
American Registry for Internet Numbers (ARIN)
More information about the ARIN-consult
mailing list