Fwd: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open

John Curran jcurran at arin.net
Mon Mar 27 19:52:08 UTC 2017

NANOGers -

    We have initiated a community consultation on a possible restructuring of existing
    information in the ARIN registry – this is to address the long-standing concern that
    some have expressed with the association of a “No Contact Known” point-of-contact
    (POC) in some registry records that may have potentially valid Admin and Tech
    contact information.

    If you have hold a strong view on this matter, please see the attached consultation
    announcement and participate in the discussion on the open arin-consult at arin.net<mailto:arin-consult at arin.net>
    mailing list <http://lists.arin.net/mailman/listinfo/arin-consult>


John Curran
President and CEO


Begin forwarded message:

From: ARIN <info at arin.net<mailto:info at arin.net>>
Subject: [ARIN-consult] Community Consultation on CKN23-ARIN Now Open
Date: 22 March 2017 at 1:24:12 PM EDT
To: <arin-consult at arin.net<mailto:arin-consult at arin.net>>

There are thousands of instances of the ARIN Point of Contact (POC)
handle “No, Contact Known” or CKN23-ARIN registered in the ARIN
database, most of them associated with legacy resource records. ARIN
would like the community to review the history of this situation and the
proposed solution and provide us with their feedback.

The creation and addition of this POC handle was due to a combination of

    * In 2002, a database conversion project was done at ARIN that
created a new database structure and added a new record type
(Organization ID) as well as new POC types (Admin, Tech, Abuse and NOC).
When an Org ID didn’t have a clear POC that had been recently updated or
vetted by ARIN staff, the original resource POC remained on the resource
record only and no POCs were added to the Org record at all.
    * In a later 2011 database conversion, reverse DNS delegation
switched from per-net to per-zone. This created significant hijacking
potential by allowing resource POCs to change their reverse delegation
without first being verified by staff as legitimate.
    * Also in 2011, ARIN added a new business rule that required an Admin
and a Tech POC on all Org records as a way of enhancing data quality.
    * Policy 2010-14 was implemented in 2011 and required Abuse POCs on
all Org records.

In order to maintain ARIN’s business rules, comply with policy 2010-14,
and prevent hijackings, several actions were initiated by staff:

    * CKN23-ARIN was created to become the Admin and Tech POC on Orgs
that lacked them
    * Resource POCs of legacy networks that had never been updated or
validated by ARIN were moved to the Organization record as the Abuse POC
    * ARIN’s verification and vetting requirements were thus reinstated
as the Abuse POC had to be vetted before making any changes to the
record, and therefore could not hijack the resource by adding or
changing the nameservers

Over time, the above actions have created several issues:

    * It is easy for hijackers to identify and target records with CKN23
(no contact known) as the handle
    * POCs that were moved from resource tech to Org abuse are not happy
about no longer having control of their resource record

There are several different courses of action that ARIN could take to
resolve the current situation.

Option 1

Retain the current status and do nothing

Option 2

Restore the resource POCs back to their original state on the
resource record keeping in mind that this would open up the hijacking
risk by giving the original resource POC control of the network without
a verification process
     * Retain the Abuse POC on the Org record
     * Retain CKN23-ARIN as Org POC

Option 3 - **Recommended option**

Restore the resource POC back to their original state on the
resource record.   This will allow contacts historically associated with
a resource record to more readily administer that record going forward.
     * Retain the Abuse POC on the Org
     * Replace CKN23-ARIN with a handle that better explains the record’s
status (e.g. “Legacy Record – See Resource POC”)
     * Lock all resources associated with these legacy records who have
had their resource POC restored. This would ensure that any changes made
by the resource POC would first have to be reviewed by ARIN.

We would like to thank the ARIN Services Working Group (WG) for their
helpful review of the proposed change – while the ARIN Services WG did
not take a formal position in support of or in opposition of the
proposed change, their review led to improvements in presentation of the

We are seeking community feedback on this proposed change (Option #3) to
the ARIN Registry database.

This consultation will remain open for 60 days - Please provide comments
to arin-consult at arin.net<mailto:arin-consult at arin.net>.

Discussion on arin-consult at arin.net<mailto:arin-consult at arin.net> will close on 22 May 2017.

If you have any questions, please contact us at info at arin.net<mailto:info at arin.net>.


John Curran
President and CEO
American Registry for Internet Numbers (ARIN)

You are receiving this message because you are subscribed to the ARIN Consult Mailing
List (ARIN-consult at arin.net<mailto:ARIN-consult at arin.net>).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services
Help Desk at info at arin.net<mailto:info at arin.net> if you experience any issues.

More information about the NANOG mailing list