[DBWG] Making mnt-by mandatory on person objects

fransossen at yahoo.com fransossen at yahoo.com
Mon Dec 5 15:35:01 UTC 2016

Hi list,

I noticed that person objects can be created and then referenced away in the AFRINIC Database without any maintainer listed on them as mnt-by, which means they also can get updated without any maintainer.

This is at the moment an issue on potential data quality and nuisance but will become an even greater issue once the transfer policy kicks in, as "hijacking" a person will be rather easy, simply change the email address and place a maintainer under your control on the person object, it doesn't give you the maintainer listed on the resources...but you're almost there.

An immediate action that could can be taken is that the AFRINIC does not allow to issue resources to organisation that have unprotected person objects, basically, if a person's nic-hdl is listed in myAFRINIC, it must have a mnt-by.

Any nic-hdl referenced on resources issued by AFRINIC *must* have a mnt-by, if the nic-hdl referenced is a role object, all persons within that role object must have an mnt-by:

This can be pointed out in the very first interaction with the LIR, thus not delaying anything in most cases.
Further actions would need to be taken to clear up all the objects without maintainer that already exist and will not have contact with the hostmasters for the coming period of time, but that's the part that requires planning. 

I haven't looked up the numbers, so I do not know the size of the issue, I just noticed that some LIRs old and new had that issue in their records.

David Hilario

More information about the DBWG mailing list