Join the discussion on Whois data quality

By on 19 May 2016

Category: Policy

Tags: , ,

Blog home

The APNIC Whois Database is an important resource for identifying those responsible for Internet number resources. The Points of Contact (PoCs) are used to find people who can help troubleshoot routing problems, or for getting action when bad people do bad things on the Internet.

Delegations made to APNIC and NIR (National Internet Registry) Members are publicly available via the Whois. These LIRs (Local Internet Registries), in turn, record their customer assignments and sub-allocations in the APNIC Whois Database.

According to APNIC policy, the LIRs, which are often ISPs (Internet Service Providers), may choose whether or not the detail of these assignments are available to the public, but they must be recorded. If somebody queries the database for resources that are privately registered, the whois will return information about the ISP. Since the customer’s data is routed by the ISP and they have a business relationship with their customer, it is easy enough for them to contact the customer if that’s necessary. On the other hand, some ISPs would rather their customers deal with these requests and so they make their assignments public.

The bad news is these records can very quickly become outdated. Even dedicated service providers can find it difficult to maintain accuracy if they hold very large address blocks and an equally large customer base. Customer contacts might leave the organization and their email address is decommissioned, or the service provider may lose a customer and reassign the resources to another organization, for example.

There is enough organic change in a large customer base that a really large provider has to work hard to guarantee their assignment data is all up-to-date, all of the time. Since this effort offers little in operational returns, these tasks are often not very high on the “To Do” list.

As a result, APNIC receives around 1,000 Invalid Contact Reports a year but is only able to properly resolve a portion of these because the records are maintained by APNIC Members rather than Secretariat staff. Although APNIC maintains a database of contacts for administrative and billing purposes, when it comes to customer assignments it becomes more difficult. These organizations are our Member’s customers and APNIC doesn’t have a direct relationship with them, so it relies on the Members to put in the effort to chase their customers up for accurate information.

However, sometimes even APNIC Members are unresponsive, or slow to update their customer PoCs.

Unless there is a clear case of fraud, there is not very much APNIC can do under current policy. Although the Member Agreement requires Members to provide accurate information, there has not been a lot of guidance from the community to indicate how strict, or lenient, the Secretariat should be about cancelling the Membership and revoking the resources of those who don’t do the right thing.

Instead, the focus of Secretariat efforts to improve database accuracy is to build easier tools for network operators to update their data and to engage with them to build awareness about the importance of the data. Should we do more? If so, what?

The community discussion, which started at the APNIC 41 Policy SIG meeting, is an opportunity for Members and others who use the database to share ideas and opinions about what they think might be done to improve the quality of this data for the benefit of all Internet users.

If you have an interest in this discussion, please post your thoughts below, or join the conversation by subscribing to the Policy SIG mailing list.

Rate this article

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

Top