APNIC Home

Report on Whois Data Quality Improvement discussion at APNIC 41

Executive Summary
The APNIC Whois Database is an official, publicly accessible, record that contains information regarding organizations that hold IP addresses and AS Numbers in the Asia Pacific region. During APNIC 41 in Auckland, New Zealand, the Policy SIG meeting dedicated an entire session to the topic; “Improving APNIC Whois Data Quality”.

The Session included presentations from APNIC staff and a community discussion among those present.This page includes this brief Executive Summary, a more detailed Report, and finally, Contributions from the floor as bullet points for each speaker.

This page includes this brief Executive Summary, a more detailed Report, and finally, Contributions from the floor as bullet points for each speaker.

Secretariat presentations included an introduction from APNIC Security Specialist, Adli Wahid, who spoke about the importance of data accuracy and the need to be responsive to contact attempts from other network operators, security organizations such as CERTs and CSIRTs, as well as Law Enforcement Agencies in accordance to local laws.

While accuracy of routing data is important, the issue that causes the most frustration among network operators is often the accuracy of contact points. APNIC Policy requires resource holders to register Administrative, Technical, and Abuse contacts for each IP address block and Autonomous System Number they hold. Policy also requires the registration of Incident Response Team (IRT) contacts in the whois.

Often however, these four Points of Contact (PoCs) are either inaccurate or unresponsive making contact with the network operator difficult or impossible. Vivek Nigram, APNIC Member Services Manager, reported on the Secretariat’s procedures for handling of the (approximately) 1000 plus Invalid Contact Reports lodged each year, but stressed that even with APNICs access to other, confidential contact points, it is frequently impossible to resolve these reports satisfactorily as APNIC policy and procedures have a high tolerance for incorrect data and the only enforcement mechanism available to the Secretariat is to invoke the Member Agreement provisions for resource revocation.

In the final presentation, APNIC Services Director, George Kuo, spoke about some of the initiatives the APNIC Secretariat has implemented to improve data quality. These range from the development of tools to make registration records easier to update to personalized services with individual Members to assist them with their records.

He also made the point that the majority of invalid contact issues relate to customer assignments made by members, rather than the with the authoritative registration records entered by APNIC as part of the original delegation of the resources.

Following these presentations, Elly Tawhai, APNIC Senior Internet Resource Analyst (Hostmaster) explained the feature improvements to be introduced when the APNIC Whois Database software is upgraded in late 2016. In addition to software engineering and maintenance dividends expected from the upgrade, the new software will introduce a range of features, some of which will deliver benefits for those wishing to update or query the
whois data.

An interactive discussion among those present raised some suggestions for future action and highlighted the challenges faced by the community and the Secretariat.

The session Chair, Sumon Ahmed Sabir APNIC Policy SIG Co-Chair emphasized the importance of whois accuracy and foreshadowed an ongoing discussion on this topic.

Report
At the request of the APNIC Policy SIG Chair, the Secretariat presented an informational session; “Improving APNIC Whois Data Quality” at the recent Policy SIG meeting in Auckland, New Zealand.The following is a brief summary of the discussion that took place.

The following is a brief summary of the discussion that took place.

In the first presentation of the session, APNIC Security Specialist, Adli Wahid explained the importance of accurate and responsive whois contacts to the various security communities.

Then Vivek Nigram, APNIC Member Services Manager, reported on the Secretariat’s procedures for handling of the (approximately) 1000 plus Invalid Contact Reports lodged with APNIC per year.

Vivek stressed that although APNIC has access to different Member contacts than those listed in the whois, it was often difficult or impossible to resolve some of these even if the issues are escalated to upstream providers.

Vivek also reported that although APNIC policy and the APNIC Member agreement contained provisions capably of causing a breach for failure to provide accurate contact points, this is rarely exercised, as there is no clear guidance about how strict the Secretariat should be in these cases, or what the Secretariat should do if the contact was simply unresponsive.

In discussion following Vivek’s revolved around ARIN’s policy of emailing all whois contacts annually and denying access to services for any that are subsequently marked as invalid. ASO AC member, Aftab Siddiqui proposed Members with contacts, marked as invalid, would be denied access to MyAPNIC.

In the next presentation, APNIC Services Director, George Kuo, reported on Secretariat projects and programs designed to improve the quality of whois data. He also outlined plans to begin conducting face-to-face consultations with Members designed to improve the accuracy of their data. However, George noted that APNIC receives quite a lot of invalid contact reports and inquiries about customer assignment records, and routing records, which are not maintained by APNIC. He made the distinction between authoritative APNIC registry data and the whois data provided by Members and their customers.

Mark Foster, IT Operations Manager at NIWA pointed out that for many resource holders maintaining the accuracy of customer assignments was not an operational priority and required a significant workload that they wouldn’t do unless compelled to do so.

APNIC Deputy Director General, Sanjaya proposed a ‘rather radical idea’ that is currently being considered by the Secretariat. This is to move the customer assignments and routing registry information into a different database. This would result in one whois source with authoritative registry data that reflects the APNIC assignment and allocation of parent blocks.

The proposal received mixed support with speakers commenting for and against the proposal.

APNIC EC Member, Gaurab Upadhaya, emphasized that the discussion on whois data quality needs to clarify there are two types of data under discussion: authoritative registry data and data provided by network operators. He also proposed that rather than totally separating the data stores, these two data types could be distinctly ‘tagged’ so the source was apparent.

Aaron Hughes, ARIN Board of Trustees, suggested that a better solution might be found if a group were convened to investigate the issue, as it is a global problem that affects all RIRs. He proposed an outcome document or RFC for a system where whois data can accumulate attestations, similar to a reputation system.

Paul Rendek of the RIPE NCC said the proposal to separate the registry data from the customer assignments sounded a bit like ‘kicking the bucket down the road’ because it gave the appearance of cleaning up the whois, but in fact was just moving the problem data to a different location.

In response, George Kuo explained that creating separate stores for each data would not reduce the Secretariat’s commitment to helping the community improve the data quality.

Paul Rendek noted that while each RIR has a different perspective, all regions share the same challenge and so perhaps the proposal to split the whois could be looked at from a global perspective.

Izumi Okutani of JPNIC spoke agreeing that the discussion would need to be the subject of a wider consultation that those present for the current SIG meeting.

Policy SIG Chair, Masato Yamanishi closed the discussion noting that there was clearly support for continuing the discussion and acknowledging the suggestion that other communities might need to be consulted before any decision could be made.

The Chair requested the Secretariat prepare this summary of the discussion.

Contributions from the floor
  • Adli Wahid presented on the importance of accurate whois contact information
  • Vivek Nigram reported on APNICs procedures for resolving Invalid Contact Reports logged from APNICs website form.
  • Aftab Siddiqui proposed a system similar to ARIN’s POC Validation policy where confirmation emails are sent to all whois contacts annually. Unresponsive contacts are marked invalid and blocked from accessing ARIN customer services.
  • George Kuo presented on the various Secretariat initiatives to improve whois accuracy.
  • Mark Foster noted that unless people are compelled to keep their data up-to-date, they will tend to focus on the operational aspects of running their business/network.
  • Sanjaya said the Secretariat would like to propose the registry data provided by APNIC and the customer assignment data provided by network operators be held in separate databases.
  • Rajesh Chharia and Mark Foster noted their support for the idea.
  • In response to a request for clarification, Sanjaya explained this would be a collaboration between APNIC and NIRs to take responsibility for the accuracy of the data in the authoritative’ registry database,.
  • Ingrid Wijte provided information on the Assisted Registry Check program conducted as an operational activity.
  • Gaurab Upadhaya noted that it is important to make a clear distinction between the registry data and the IRR data and that the discussion and the database should be clearly separated.
  • In response to clarifying questions Gaurab Upadhaya supported the proposal to make a distinction between the two datasets, but proposed that they should be ‘tagged’ differently rather than separated.
  • George Kuo noted that this would not reduce the Secretariats efforts to encourage operators to maintain the accuracy of their assignment data.
  • Izumi Okutani asked if the proposal was to require LIRs to maintain their own whois registry of customer assignments. She then confirmed her agreement that responsibility for the accuracy of the two data types was different.
  • Rajesh Chharia agreed the responsibility for accuracy of delegation registrations was shared between APNIC and NIRs.
  • Aaron Hughes proposed that a potentially better approach to tackling the issue would be to create a group that would create an outcome document or RFC for a system for accumulating attestations for data similar to a reputation system.
  • Paul Rendek expressed concern that the proposal achieved little more than ‘kicking the bucket down the road’ in that the authoritative dataset would be accurate, but the problem data would still remain inaccurate.
  • George Kuo explained that the proposal would not reduce the pro-active campaigns and programs the Secretariat already has in this area.
  • Paul Rendek acknowledged that each RIR has faces the same issues but have a slightly different perspective on it. He supported the idea that this could be looked at from a global perspective via the IETF or some other collective.
  • Izumi Okutani expressed support for Aaron’s and Paul’s comments but reminded all that the discussion would need to be the subject of a wider consultation.
  • Masato Yamanishi summarized the outcome was that many people felt the topic was worthy of further discussion and that consideration might need to be extended to adjacent communities such as the security community and the other RIRs.