The RIPE Database has these four main uses
- Keep contact information
- Register IP addresses and AS Numbers
- Publish routing policies
- Provide reverse delegation
There are four ways of updating the database
- Webupdates: It is a web form.
- Syncupdates: The interface consists of a single large text box. You can paste the objects you want to create in this box.
- Email: The objects are updated by sending object templates to the
[email protected]address. - Restful API: This interface is useful for people who want to script or program the creation and update of their objects. The RESTful API only processes one object at a time.
RIPE Database Objects
person: To register contact data for a person
person: [mandatory] [single] [lookup key]
address: [mandatory] [multiple] [ ]
phone: [mandatory] [multiple] [ ]
fax-no: [optional] [multiple] [ ]
e-mail: [optional] [multiple] [lookup key]
org: [optional] [multiple] [inverse key]
nic-hdl: [mandatory] [single] [primary/lookup key]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
created: [generated] [single] [ ]
last-modified: [generated] [single] [ ]
source: [mandatory] [single] [ ]
role: To register a group of persons and abuse contact email addres. (abuse-cis always a role)
role: [mandatory] [single] [lookup key]
address: [mandatory] [multiple] [ ]
phone: [optional] [multiple] [ ]
fax-no: [optional] [multiple] [ ]
e-mail: [mandatory] [multiple] [lookup key]
org: [optional] [multiple] [inverse key]
admin-c: [optional] [multiple] [inverse key]
tech-c: [optional] [multiple] [inverse key]
nic-hdl: [mandatory] [single] [primary/lookup key]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
abuse-mailbox: [optional] [single] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
created: [generated] [single] [ ]
last-modified: [generated] [single] [ ]
source: [mandatory] [single] [ ]
organisation: To register contact data for an organisation
organisation: [mandatory] [single] [primary/lookup key]
org-name: [mandatory] [single] [lookup key]
org-type: [mandatory] [single] [ ]
descr: [optional] [multiple] [ ]
remarks: [optional] [multiple] [ ]
address: [mandatory] [multiple] [ ]
country: [optional] [single] [ ]
phone: [optional] [multiple] [ ]
fax-no: [optional] [multiple] [ ]
e-mail: [mandatory] [multiple] [lookup key]
geoloc: [optional] [single] [ ]
language: [optional] [multiple] [ ]
org: [optional] [multiple] [inverse key]
admin-c: [optional] [multiple] [inverse key]
tech-c: [optional] [multiple] [inverse key]
abuse-c: [optional] [single] [inverse key]
ref-nfy: [optional] [multiple] [inverse key]
mnt-ref: [mandatory] [multiple] [inverse key]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
created: [generated] [single] [ ]
last-modified: [generated] [single] [ ]
source: [mandatory] [single] [ ]
inetnum: To register IPv4 and IPv networks and delegations
inetnum: [mandatory] [single] [primary/lookup key]
netname: [mandatory] [single] [lookup key]
descr: [optional] [multiple] [ ]
country: [mandatory] [multiple] [ ]
geoloc: [optional] [single] [ ]
language: [optional] [multiple] [ ]
org: [optional] [single] [inverse key]
sponsoring-org: [optional] [single] [ ]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
abuse-c: [optional] [single] [inverse key]
status: [mandatory] [single] [ ]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
mnt-lower: [optional] [multiple] [inverse key]
mnt-domains: [optional] [multiple] [inverse key]
mnt-routes: [optional] [multiple] [inverse key]
mnt-irt: [optional] [multiple] [inverse key]
created: [generated] [single] [ ]
last-modified: [generated] [single] [ ]
source: [mandatory] [single] [ ]
aut-num: To register autonomous system numbers and describe routing policies
aut-num: [mandatory] [single] [primary/lookup key]
as-name: [mandatory] [single] [ ]
descr: [optional] [multiple] [ ]
member-of: [optional] [multiple] [inverse key]
import-via: [optional] [multiple] [ ]
import: [optional] [multiple] [ ]
mp-import: [optional] [multiple] [ ]
export-via: [optional] [multiple] [ ]
export: [optional] [multiple] [ ]
mp-export: [optional] [multiple] [ ]
default: [optional] [multiple] [ ]
mp-default: [optional] [multiple] [ ]
remarks: [optional] [multiple] [ ]
org: [optional] [single] [inverse key]
sponsoring-org: [optional] [single] [ ]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
abuse-c: [optional] [single] [inverse key]
status: [generated] [single] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
created: [generated] [single] [ ]
last-modified: [generated] [single] [ ]
source: [mandatory] [single] [ ]
as-set: To group peers oras-setobjects
as-set: [mandatory] [single] [primary/lookup key]
descr: [optional] [multiple] [ ]
members: [optional] [multiple] [ ]
mbrs-by-ref: [optional] [multiple] [inverse key]
remarks: [optional] [multiple] [ ]
org: [optional] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
admin-c: [mandatory] [multiple] [inverse key]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
mnt-lower: [optional] [multiple] [inverse key]
created: [generated] [single] [ ]
last-modified: [generated] [single] [ ]
source: [mandatory] [single] [ ]
route(6): To register an IPv4 or IPv6 route
route: [mandatory] [single] [primary/lookup key]
descr: [optional] [multiple] [ ]
origin: [mandatory] [single] [primary/inverse key]
pingable: [optional] [multiple] [ ]
ping-hdl: [optional] [multiple] [inverse key]
holes: [optional] [multiple] [ ]
org: [optional] [multiple] [inverse key]
member-of: [optional] [multiple] [inverse key]
inject: [optional] [multiple] [ ]
aggr-mtd: [optional] [single] [ ]
aggr-bndry: [optional] [single] [ ]
export-comps: [optional] [single] [ ]
components: [optional] [single] [ ]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-lower: [optional] [multiple] [inverse key]
mnt-routes: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
created: [generated] [single] [ ]
last-modified: [generated] [single] [ ]
source: [mandatory] [single] [ ]
domain: To se tup reverse delegations
domain: [mandatory] [single] [primary/lookup key]
descr: [optional] [multiple] [ ]
org: [optional] [multiple] [inverse key]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
zone-c: [mandatory] [multiple] [inverse key]
nserver: [mandatory] [multiple] [inverse key]
ds-rdata: [optional] [multiple] [inverse key]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
created: [generated] [single] [ ]
last-modified: [generated] [single] [ ]
source: [mandatory] [single] [ ]
mntner: To protect all the objects in Ripe database
mntner: [mandatory] [single] [primary/lookup key]
descr: [optional] [multiple] [ ]
org: [optional] [multiple] [inverse key]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [optional] [multiple] [inverse key]
upd-to: [mandatory] [multiple] [inverse key]
mnt-nfy: [optional] [multiple] [inverse key]
auth: [mandatory] [multiple] [inverse key]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
created: [generated] [single] [ ]
last-modified: [generated] [single] [ ]
source: [mandatory] [single] [ ]
Database object have attributes on the left and values on the right. Each attribute always ends with a colon (:).
Every object in the RIPE Database must have a mnt-by: attribute, pointing to the maintainer that protects it.
To create, update, or delete an object, you need to use one of the auth: attributes of a mntner object.
mntner has three authentication mechanisms:
- SSO can be used only with webupdates
auth: SSO [email protected] - MD5-PW can be used with all interfaces
auth: MD5-PW $1$abcd4321$HyM/GVhPqXkkIMVerxxQ3z - PGP (Pretty Good Privacy) keys only for Syncupdates and email
auth: PGPKEY-1380K9U1
To delete an object, you need to remove all the references to that objects.
Sometimes object have a maintainer that you do not control. Force Delete allows you to remove any object under the address space in your PA allocations and PI assignments. inet(6)num, route(6) and domain objects can be force deleted!
If you protect an object with multiple maintainers, you only need to provide the authentication of one maintainer to update it.
You should create your personal maintainer/person pair and only you should be able to update your person object. Company objects should have a shared company maintainer.
Notifications:
- Single object:
notify:receive successful update notifications of single object
- Maintainer object:
mnt-nfy:receive successful update notifications of maintained objectsupd-to:receive unsuccessful update notifications of maintained objects
-
admin-cAdministrative questions. Role or person. Can be found anywhere exceptperson -
tech-cNetwork troubleshooting. Role or person. Can be found anywhere exceptperson -
abuse-cReport abuse incidents. Only a role. Can be found inorganisation,inet(6)num,aut-num -
zone-cDNS reverse delegation problems. Role or person. Can be found only indomainobjects
- RIPE allocates IPv4 /24 and IPv6 /32
- PA space - provider aggregable space. Addresses that belong to a LIR.
- PI address - Provider Independent address. All PI assignments are registered in the RIPE Database by the RIPE NCC at the time they are assigned. PI assignments are usually small; they cannot be aggregated into larger blocks. You can not sub-assign from PI space. The disadvantage of this is that networks operators throughout the Internet may choose not to route them. Issued to sponsoring LIRs.
- Only RIPE can register
ALLOCATED PIandALLOCATED-BY-RIRassignments.
mnt-by:if there is onlymnt-byattribute, the maintainer can update, create more specific and delete sub-allocation objects. (Only RIPE can delete an allocation)mnt-lower:create more specificinet(6)num,route(6)anddomainobjects.mnt-byattribute loses the authority to create new objectsmnt-routes:create route(6) objectsmnt-domains:create domain(6) objects
-
-t persontemplate of person object -
-T routefind only objects with typeroute -
-i person XY01-RIPEinverse queries (personwill look at all contact attributesadmin-c,tech-c,zone-candabuse-c) -
-rflag tells the database to exclude related personal objects in the query results.-rflag is on by default. -
-Breveal filtered information (notifyemail attribute is hidden by default) -
-xexact match of query text -
-ddomain objects (domain objects only exist in the sizes of /24, /16, and /8 but you can only create /24 and /16) -
-Mfind all more specific objects -
-mfind one level more specific objects -
-Lfind all less specific objects -
-lfind one level less specific objects
The query limit is set at 1,000 objects containing personal data per 24 hours.
import: from AS2 accept ANYexport: to AS2 announce AS1 AS3
- If
route(6)already exists (exact or less specific), authorise with it's maintainer. - If NO
route(6)exists, the maintainer of theinet(6)numobject that is an exact match, or covers a less specific prefix, is checked in the following order:mnt-routesmnt-lowermnt-by
- You do not need to authenticate against the originating AS Number when creating a
route(6)object. Any originating AS number can be used, and the originating AS number does not have to exist in the RIPE Database. If the originating AS number exists in the RIPE Database, and if theaut-numobject contains one or morenotifyattributes, these will be used to notify the originating AS number holder when theroute(6)object is created.
as-set object groups various peers (or other as-set objects) and refer to them a single object (in import and export lines)
There are 2 ways of adding aut-num objects to as-set:
- Direct
- Add directly to a
memberattribute
- Add directly to a
- Indirect
- Add a maintainer of
aut-numnumbers that will join the as-set by settingmbrs-by-ref: LIR-MNT - Set
aut-numas amember-of: AS-SET1
- Add a maintainer of
in-addr.arpadomain for IPv4. Only /24 or /16 prefixes.ip6.arpadomain for IPv6. Any prefix in multiples of 4 bits. The smallest prefix is a /128.
The PTR record maps the in-addr.arpa or ip6.arpa domain name for the IP address to the host's actual domain name. For example:
139.6.0.193.in-addr.arpa IN PTR www.ripe.net
- Convert prefixes to domain zones (in IPv6 the prefix must be fully expanded)
- Configure nameservers
- Check DNS zones with a tool for validity
- Create domain objects in RIPE database
For /16 (IPv4) and /32 (IPv6) you can use
ns.ripe.netas the secondary name server.
https://academy.ripe.net/ext/object-extractor/rdb-course-objects.php