6.2 KiB
[TOC]
Generic
What is the purpose of the WHOIS database / interface?
The DarkNet WHOIS database is used to manage number and name resources used within the DarkNet. This includes AS numbers, IPv4/IPv6 networks and DNS domains. With an account you can manage your own resources: You can name them, add a description, or perform other actions like change the origin ASses for an AS number.
You can also use the interface to look up resources and get more information on them.
How does the workflow look like with this interface?
Step 1: Register an account
The first thing you need is an account in the WHOIS interface. If you do not already have one, you can register one.
Step 2: Create a maintainer and a contact
Resources inside the Darknet are protected by maintainer (MNT) objects. If you have access to a maintainer object you have access to all objects the maintainer protects. Contact information for a resource is stored in a contact object. You need both to manage resources inside the WHOIS database. If you don't have a maintainer and a contact yet they can be created on the Whois DB overview.
Step 3: Request resources
Now you have everything to request resources. Write a resource request to get an AS number and an IPv4 network. If this is your first time use of the WHOIS interface some of your resources have probably already created for you. You can request transfer of these resources to your maintainer via a resource request.
Step 4 (optional): Create a domain
If you want to have a domain you can register one via the webinterface. Note that for a domain to work you will need to setup a DNS server yourself to which it will be delegated.
If you had a domain before this WHOIS interface you can request it to be transfered to your account either via a resource request or irc. If you want to register your domain yourself you can also request deletion.
Whois DB
What is a Maintainer, what is an Admin C?
A Maintainer is an object used for access management. Most objects in the WHOIS database can have one or more maintainers that guard access to your objects. If you have a maintainer that is referenced inside an objects mnt_by or mnt_lower section you are able to edit or delete the object.
Objects can have multiple maintainers. Maintainers can be shared amongst multiple users (each user needs to be referenced in the auth field, this field is only visible to owners of a maintainer). A user can have multiple maintainers.
A contact is an object used for contacting an owner of a resource. Admin C stands for administrative contact.
Which objects can be created next to ASNumber and InetNum?
- Contact: Used for contacting the owner of this resource
- Maintainer: Used for access management to other objects
- ASBlock: A range of AS numbers that can be delegated
- ASNumber: Represents one as number inside the darknet. Each ASNumber objects belongs to an ASBlock
- InetNum: An IPv4/IPv6 subnet that can be routed darknet-wide.
What objects can I search for using the WHOIS interface search?
- Handles: At least the first three characters of the handles have to match for an object to be found
- IP addresses: An IP address finds all objects this addres is part of, but only matched to the closest /24 for IPv4 and /56 for IPv6. This means that searching for 10.100.1.1 will find you 10.100.1.0/24 but not 10.0.0.0/8.
- AS Numbers, e.g. 65000 or as65000. Will also find the smallest containing AS block.
- Domains
Is there a console interface?
Yes, there is a whoisd running on port 43 on the same server as the webinterface. It can be used with the whois
tool or netcat
/telnet
.
$ whois -h $host MAIN16-ASB
The whoisd is rfc3912 compatible.
What is the difference between mnt by and mnt lower?
The mnt_by can edit the whole objects, mnt_lower can only edit parts of the object. For an InetNum object the prefix is not editable by the lower mnt, for ASBlocks this applies to the AS range, for ASNumbers to the number.
This is especially useful if you want to delegate resources you control to other users but only want them to change the name and admin_c of the object, not the actual resource it holds.
Domains
Which DNS relevant objects exist?
- Domain: A single domain, needs to be unique, looks like whois.dn.
- Nameserver: A nameserver. Every domain needs one to work.
- ReverseZone: A delegation for the reverse zone of one of your IP networks.
What do I get my domain to work?
The DarkNet WHOIS interface does not store any records for you, it only delegates the NS
,
therefore you need to run your own nameserver. If your nameservers run under the same domain you
are trying to register you will need glue records.
Do I need to apply for domains?
No, you don't need to apply for domains. Everyone can create their own domains without approval. The current policy is first come first serve but might change, depending upon the project.
If you own a domain that existed prior to this WHOIS database it might have been already created but
you won't have any access to it. Create a resource request to DARK1-MNT
to request transfer to your account.
Does that mean I could mass-spam domains?
Yes.
Does that mean I should mass-spam domains?
No.
What are glue records?
When your nameserver is below its own domain (e.g. ns1.noot.dn.
is under noot.dn
) a resolver cannot
resolv the A
/AAAA
records of ns1.noot.dn.
without knowing the A
/AAAA
record of ns1.noot.dn.
.
This recursive dependency is solved by using glue records. With glue records you can tell the TLD
nameserver (dn. in this case) where to find your nameserver.
Why can I only enter glue records for domains under my control?
With a glue record you set a record inside the dn. zone (the afore-mentioned glue record) and this is restricted to the domain owner.
How is reverse zone access managed?
Each ReverseZone object belongs to an InetNum object from which the access rights are inherited. Meaning whoever controls the InetNum object (mnt-by or mnt-lower) can edit the ReverseZone object.
MISC
I found a bug.
Nice! Join IRC and report it (or find some other way to contact seba).