129 lines
6.2 KiB
Markdown
129 lines
6.2 KiB
Markdown
[TOC]
|
|
|
|
### Generic
|
|
#### What is the purpose of the WHOIS database / interface?
|
|
The DarkNet WHOIS database is used to manage number and name resources used within the DarkNet.
|
|
This includes AS numbers, IPv4/IPv6 networks and DNS domains. With an account you can manage
|
|
your own resources: You can name them, add a description, or perform other actions like change
|
|
the origin ASses for an AS number.
|
|
|
|
You can also use the interface to look up resources and get more information on them.
|
|
|
|
|
|
#### How does the workflow look like with this interface?
|
|
*Step 1:* Register an account
|
|
|
|
The first thing you need is an account in the WHOIS interface. If you do not already have one, you can register
|
|
one.
|
|
|
|
*Step 2:* Create a maintainer and a contact
|
|
|
|
Resources inside the Darknet are protected by maintainer (MNT) objects. If you have access to a maintainer object
|
|
you have access to all objects the maintainer protects.
|
|
Contact information for a resource is stored in a contact object.
|
|
You need both to manage resources inside the WHOIS database. If you don't have a maintainer and a contact yet
|
|
they can be created on the Whois DB overview.
|
|
|
|
*Step 3:* Request resources
|
|
|
|
Now you have everything to request resources. Write a resource request to get an AS number and an IPv4 network. If
|
|
this is your first time use of the WHOIS interface some of your resources have probably already created for you.
|
|
You can request transfer of these resources to your maintainer via a resource request.
|
|
|
|
*Step 4 (optional):* Create a domain
|
|
|
|
If you want to have a domain you can register one via the webinterface. Note that for a domain to work you will need
|
|
to setup a DNS server yourself to which it will be delegated.
|
|
|
|
If you had a domain before this WHOIS interface you can request it to be transfered to your account either via a
|
|
resource request or irc. If you want to register your domain yourself you can also request deletion.
|
|
|
|
|
|
|
|
### Whois DB
|
|
|
|
#### What is a Maintainer, what is an Admin C?
|
|
A Maintainer is an object used for access management. Most objects in the WHOIS database can have one or more maintainers
|
|
that guard access to your objects. If you have a maintainer that is referenced inside an objects mnt\_by or mnt\_lower
|
|
section you are able to edit or delete the object.
|
|
|
|
Objects can have multiple maintainers. Maintainers can be shared amongst multiple users (each user needs to be referenced
|
|
in the auth field, this field is only visible to owners of a maintainer).
|
|
A user can have multiple maintainers.
|
|
|
|
A contact is an object used for contacting an owner of a resource. *Admin C* stands for administrative contact.
|
|
|
|
#### Which objects can be created next to ASNumber and InetNum?
|
|
|
|
* Contact: Used for contacting the owner of this resource
|
|
* Maintainer: Used for access management to other objects
|
|
* ASBlock: A range of AS numbers that can be delegated
|
|
* ASNumber: Represents one as number inside the darknet. Each ASNumber objects belongs to an ASBlock
|
|
* InetNum: An IPv4/IPv6 subnet that can be routed darknet-wide.
|
|
|
|
#### What objects can I search for using the WHOIS interface search?
|
|
* Handles: At least the first three characters of the handles have to match for an object to be found
|
|
* IP addresses: An IP address finds all objects this addres is part of, but only matched to the closest
|
|
/24 for IPv4 and /56 for IPv6. This means that searching for 10.100.1.1 will find you 10.100.1.0/24 but not 10.0.0.0/8.
|
|
* AS Numbers, e.g. 65000 or as65000. Will also find the smallest containing AS block.
|
|
* Domains
|
|
|
|
#### Is there a console interface?
|
|
Yes, there is a whoisd running on port 43 on the same server as the webinterface. It can be used with the ```whois``` tool or ```netcat```/```telnet```.
|
|
|
|
```$ whois -h $host MAIN16-ASB```
|
|
|
|
The whoisd is rfc3912 compatible.
|
|
|
|
#### What is the difference between mnt by and mnt lower?
|
|
The mnt_by can edit the whole objects, mnt_lower can only edit parts of the object. For an InetNum object
|
|
the prefix is not editable by the lower mnt, for ASBlocks this applies to the AS range, for ASNumbers to
|
|
the number.
|
|
|
|
This is especially useful if you want to delegate resources you control to other users but only want them
|
|
to change the name and admin_c of the object, not the actual resource it holds.
|
|
|
|
### Domains
|
|
#### Which DNS relevant objects exist?
|
|
* Domain: A single domain, needs to be unique, looks like *whois.dn.*
|
|
* Nameserver: A nameserver. Every domain needs one to work.
|
|
* ReverseZone: A delegation for the reverse zone of one of your IP networks.
|
|
|
|
#### What do I get my domain to work?
|
|
The DarkNet WHOIS interface does not store any records for you, it only delegates the ```NS```,
|
|
therefore you need to run your own nameserver. If your nameservers run under the same domain you
|
|
are trying to register you will need [glue records](#what-are-glue-records).
|
|
|
|
#### Do I need to apply for domains?
|
|
No, you don't need to apply for domains. Everyone can create their own domains without approval.
|
|
The current policy is first come first serve but might change, depending upon the project.
|
|
|
|
If you own a domain that existed prior to this WHOIS database it might have been already created but
|
|
you won't have any access to it. Create a resource request to ```DARK1-MNT``` to request transfer to your account.
|
|
|
|
#### Does that mean I could mass-spam domains?
|
|
Yes.
|
|
|
|
#### Does that mean I should mass-spam domains?
|
|
No.
|
|
|
|
#### What are glue records?
|
|
When your nameserver is below its own domain (e.g. ```ns1.noot.dn.``` is under ```noot.dn```) a resolver cannot
|
|
resolv the ```A```/```AAAA``` records of ```ns1.noot.dn.``` without knowing the ```A```/```AAAA``` record of ```ns1.noot.dn.```.
|
|
This recursive dependency is solved by using glue records. With glue records you can tell the TLD
|
|
nameserver (dn. in this case) where to find your nameserver.
|
|
|
|
#### Why can I only enter glue records for domains under my control?
|
|
With a glue record you set a record inside the dn. zone (the afore-mentioned glue record) and this is
|
|
restricted to the domain owner.
|
|
|
|
#### How is reverse zone access managed?
|
|
Each ReverseZone object belongs to an InetNum object from which the access rights are inherited. Meaning
|
|
whoever controls the InetNum object (mnt-by or mnt-lower) can edit the ReverseZone object.
|
|
|
|
### MISC
|
|
#### I found a bug.
|
|
Nice! Join IRC and report it (or find some other way to contact seba).
|
|
|
|
|