In message <[email protected]>, Sander Steffann <[email protected]> wrote:
>> 1) How was it possible for various IPv4 block WHOIS records to be >> stored in the RIPE WHOIS DB, even though it is quite apparently the >> case that, according to IANA WHOIS records, the IP blocks in question >> do not even belong to the RIPE region? Is there really no pre-checking >> performed on such records before they are stored in the RIPE data base, >> e.g. to see if the blocks in question belong either to RIPE or to some >> other RiR? > >First one clarification: we're talking about route objects here, not >inetnum or aut-num objects. Route objects document which ASN is supposed >to announce which address space. There are valid use cases for an ASN >from one region to announce address space from another region. In other >words: the inetnum object from one region's database is linked to the >aut-num object in another region's database. Making referential >integrity and authorisation work in such cases is very hard. The current >implementation is quite permissive to make it possible to document >real-life situations. Unfortunately it also makes it possible to >reference some resources in other regions that don't belong to you. Thank you. The above response is both clear and enlightening... for me anyway. And it makes perfect sense. I will certainly be paying a lot more attention to those WHOIS field names in the future! >> 2) How was it possible for a particular Bulgarian commercial organization >> to be granted its own AS number, when all available evidence seems to >> indicate that it actually had, and has, -zero- IP addresses which are >> actually and properly registered to it? Is there really no pre-checking >> performed on AS number allocations, e.g. to see if the organization >> requesting the AS has at least some IP addresses? > >Having IP addresses is not a requirement for getting an ASN. There are >many legitimate cases where an ASN may be used to announce address space >belonging to someone else. For example an ISP announcing address space >belonging to its customer. Or a transit provider. OK, that's a good point. But I'm not sure that it fully negates the possible value of my question. Everybody is _supposed_ to have working e-mail address contacts in their IP allocation records within the WHOIS data bases of the various RiRs, yes? So suppose that there had been a protocol in place that required an affirmative e-mail response from at least one legitimate IP address block registrant (in some/any region) before the allocation of an AS number would proceed. Such a protocol would have forestalled the situation that we now see with AS201640, would it not? Regards, rfg
