[ppml] ARIN Certificates
william at elan.net
Thu Apr 21 05:23:49 EDT 2005
On Thu, 21 Apr 2005, Jeroen Massar wrote:
> The problem here is that IANA is apparently not supposed to be running a
> whois server, they have one but not for IP prefixes.
IANA has been running whois server for many years (10+ ?). First for .us
domains (even supported rwhois back then) and .int then at some point
started for .arpa and they also added whois for all root domains
(i.e. for tld name itself).
IANA never ran whois for ip blocks but they do maintain list of which
RIR and which whois server is to be used depending on what /8 it is:
and I also keep my own version of this (slightly different format with
more info and better whois references) at:
> If they would simply have a redirect server on there, pointing to the
> correct RIR, the complete "which RIR to query for this prefix" problem
> would be gone. Authorization could then still be handled by the RIR's
> separately, which is a nuisance for some very big global ISP's but oh
> well, I guess we'll have to live with that.
Redirection is not supported by whois protocol directly. However
CRIPS/IRIS does have it and I expect when it comes out IANA will either
maintain root for IP blocks (redirecting clients to proper RIR whois) or
possibly they may decide to have NRO maintain the root.
> The second problem is that there are currently 3 different whois servers
> softwares in use by the 5 RIR's:
> * APNIC + RIPE + AFRINIC use the RIPE whois server software
> * ARIN uses their own weird edition, which *still* does not support CIDR
> (which is a big nuisance with IPv6)
> * LACNIC uses a, it seems to be, modified ARIN server, thus no CIDR
> support either.
As far as I know LACNIC runs modified version of RIPE server - older version
with additional custom support added for org data. They could possibly even
move to regular current ripe server (as new ripe server now supports orgs),
but I don't know if that is planned or not.
But as I'm not from LACNIC so if there is anybody here who is, they should
correct me if above is not right.
> The latter two have their own formats, which don't match up with the
> APNIC/RIPE/AFRINIC scheme, thus having one to always handle those two as
> special cases.
Note that in addition to RIRs there are also ip whois servers run by
several country registrars, such as JPNIC, TWNIC, KRNIC, etc. None of
those run ripe software and they do not support cidr searches either,
so I would not say that they or ARIN are special cases, rather cidr
search is special feature of ripe whois server.
CRISP has common AREG format that will be supported across all RIRs
and LIRs and that does have option to do search for special ip block
(its NOT cidr, but you would specify exact range to search for, which
means it is more powerfull feature then cidr).
william at elan.net
More information about the ARIN-PPML