problem with 6bone whois db and mnt-lower
Bob Fink
fink@es.net
Sat, 20 Oct 2001 08:16:16 -0700
Petr,
I think this may start from the fact that the 3FFE::/16 inet6num object is
not protected by mnt-lower to allow folks to setup and maintain their own
pTLA entries (/24, /28) under it. If I didn't do that (I discussed this
with David Kessens when we originally started out the 3FFE space) I would
forever be maintaining all of these entries.
However, I don't know if this then affects the ability to protect space
below that with mnt-lower.
Their has been no intentional abuse of the database to date and we want to
encourage 6bone participants to use it by keeping it non-complicated and
not requiring admin staff to support it.
Have forwarded this to David Kessens to answer further, and maybe give some
more of the philosophy on this.
Bob
===
At 03:37 PM 10/20/2001 +0200, Petr Baudis wrote:
>Hi,
>
>in http://www.6bone.net/RIPE-registry.html it is said that:
>"mnt-lower ... pointer to maintainer object which describes who is allowed to
>*create* objects for SLAs part of the 'inet6num:' object" and
>"You can protect against people creating (only creating) objects direct (one
>level) below in the hierarchy of an object type (only for 'inet6num:/domain:'
>objects) by using your maintainer in a 'mnt-lower:' attribute. The
>authorization method of this maintainer object will then be used upon creation
>of any object direct below the object that contains the 'mnt-lower:'
>attribute."
>
>We wanted to use this feature, however, it seems it is not working
>unfortunately. We created 3ffe:80ee::/32 inet6num with mnt-lower: NEXTRA-MNT
>attribute. Then, we created 3ffe:80ee::/64 inet6num with different mnt-by
>attribute (PB-6BONE) without any problems, which should NOT be allowed, as we
>understand the specification. We also tried 3ffe:80ee::/33, for the case we
>understood the 'one level' in a wrong way, with no problems at all too.
>
>This means that anyone can create inet6num object anywhere, we think, which
>doesn't look very well. We want to restrict creation of inet6num objects in
>this range, as we want to handle them ourselves on our own whois server, for
>many technical reasons.
>
>Can please anyone enlighten us or fix the problem in whois6d, if there exists
>any?
>
>Thanks in advance,
>
>--
>
> Petr "Pasky" Baudis
>. .
>Real Users hate Real Programmers.
>Error in /home/tokra/.muttrc, line 145: previous-undead: no such function
>in map
>. .
>Public PGP key, geekcode and stuff: http://pasky.ji.cz/~pasky/