[DBWG] stale route6 and domain objects for removed inet6num

Frank Habicht geier at geier.ne.tz
Thu Aug 20 15:04:30 UTC 2020


Thanks James.

hoping that the general check, capture of orphans and clean up can be
done by mid next week.

Regards,
Frank

On 20/08/2020 17:19, James wrote:

> Dear Frank,

>

> Thanks for the inquiry.

>

> The mechanism being referred to is implemented within the WHOIS  and the

> bug has been reported with our software team. As soon as I have an ETA

> you shall be kept in the loop.

>

> Before removing the objects you highlighted, we are running a general

> check to establish the extent of the issue and ensure we capture any

> other orphan objects that may exist so that the clean up is done at

> once. Furthermore, the proactive monitory tool in this regard was

> something already requested internally and is under development with an

> ETA of Monday.

>

> My previous update was in the interest of keeping you updated as the

> team works in the background to resolve the issue.

>

> Regards,

>

> James

>

> On 19/08/2020 22:14, Frank Habicht wrote:

>> Dear James,

>>

>> Thanks for your email.

>>

>> I want to respond as an AfriNIC member, *not* as DBWG co-chair.

>> Also, I'm known to be sometimes a bit too blunt, and i'm currently not

>> sure if i can avoid this here. Apologies in advance.

>>

>> We (non-staff outsiders) probably don't need to know all the internals,

>> but in this case i think it would comfort me if we had some indication

>> that internal details are being looked at (critically) and this and more

>> bug(s) get fixed. with intention of pro-activeness.

>> We don't know whether the 'mechanisms that checks for child objects' is

>> a script for a human to follow and a passage should be more highlighted,

>> or whether that's a script for a machine where a '6?' is missing in a

>> regular expression right after 'route' .

>>

>> And we shouldn't be involved in this. I just want to express that it

>> would be very comforting if we could get to see - by results, of course

>> - that this is taken seriously and being looked at.

>>

>> Maybe there should or could be some incentives to find issues. and to

>> fix them. Anything i can think of can probably be "gamed", and i

>> shouldn't get into details.

>> [I included Arthur for that. he had asked me ages ago for feedback, took

>> me long to give some;-)]

>>

>> So I wanted also to mention:

>> If I found an embarrassing bug or mistake in my database, I would really

>> try hard to fix it, if not before sending the response email, then at

>> least immediately after.

>>

>> If not done 2.5 hours after the email is sent, a troublesome outsider

>> (named Frank) could already think the issue gets neglected or forgotten.

>>

>> the route6 object is still there:

>> $ whois -h whois.afrinic.net -- -T route6 2c0f:f370::/32 | egrep -A 4

>> '^rout'

>> route6: 2c0f:f370::/32

>> descr: Auvionics-v6

>> origin: AS328097

>> mnt-by: AA96-MNT

>> source: AFRINIC # Filtered

>>

>> Since the bug existed when the inet6num was deleted, the route6 wasn't

>> deleted during inet6num deletion, I would believe that manual

>> intervention is required.

>>

>> And it seems to me that it still wasn't done.

>>

>> I simply don't want to do the same check for the domain object for the

>> same prefix - I leave that to staff. [maybe I can ask Arthur to drop me

>> a note when both are removed]

>>

>>

>> Now about an idea for a way forward:

>> [and I hope that's obvious, but i request forgiveness that I don't want

>> to assume too much]

>> Someone could volunteer to find additional objects that were orphaned

>> through the same process as the objects in this case i discovered.

>>

>> - go through all existing domain objects ending in 'ip6.arpa' and see if

>> the covering (or equal) inet6num objects exist -

>> and are *not* equal to ("2c00::/12" or "2001:4200::/23")

>> - go through all existing route6 objects, and do the same test.

>>

>> I strongly believe that we shouldn't look for a volunteer from the

>> community for this - AfriNIC staff is just much better equipped (and

>> paid) to do that.

>>

>>

>> Finally I want to mention a word about impact.

>>

>> [we can't thank Job enough for some of the great tools he's

>> contributing, nevertheless: Thank you, Job Snijders!!!]

>>

>> http://irrexplorer.nlnog.net/search/328097

>> currently shows 3 AS-SETs in RIPE and one AS-SET in AfriNIC that include

>> AS328097, which means that real operators are putting 2c0f:f370::/32

>> into real filters, eating up resources ...

>> <sarcasm>...and leading to earlier upgrade requirements, spending money

>> that we all would rather spend on AfriNIC fees...... </sarcasm>

>>

>> Now I'm co-guilty; and I will fix 2 of these AS-SETs within 15 minutes

>> after sending this email, and make an email to someone to fix the 3rd

>> within 30 minutes....

>>

>> So maybe http://irrexplorer.nlnog.net/search/328097 will already look

>> better by the time you guys check.

>>

>> Thanks,

>> Frank

>>

>>

>> On 19/08/2020 17:52, James wrote:

>>> Dear Frank,

>>>

>>> Thank you for bringing this forward.

>>>

>>> When resources are being de-registered by staff, we have mechanisms that

>>> checks for child objects and prevents the deletion where any still exist.

>>>

>>> However, based on the issue you have raised, we have noted that there is

>>> a bug in the implementation and this bug led to the issues observed.

>>>

>>> We will be  taking this up with our software team to fix the issue and

>>> also look for better monitoring.

>>>

>>> Regards,

>>>

>>> James

>>>

>>>

>>> On 18/08/2020 08:53, Frank Habicht wrote:

>>>> On 17/08/2020 22:02, Nishal Goburdhan wrote:

>>>>> On 17 Aug 2020, at 16:31, Frank Habicht wrote:

>>>>>

>>>>>

>>>>>> Sure: *these* were created by the member, not by AfriNIC.

>>>>>> But should these not have been removed whilst removing the inet6num ?

>>>>> assume for a minute that the member did not pay their fees.  afrinic

>>>>> themselves, would have happily removed the domain objects as part of

>>>>> “suspending the resources”  (heh!)  even though they were “created by

>>>>> the member”.

>>>> didn't know. good to know. so deleting the domain objects is part of

>>>> that process.

>>>>

>>>>> so, i’m not sure why you felt it necessary to say:  “ *these* were

>>>>> created by the member”.  as if that confers some sort of special power

>>>>> onto them?

>>>> wanted to get confirmation that they're not that special.

>>>>

>>>>

>>>>>> I believe the process of deleting an inet6num is rarely happening, but

>>>>>> a) it sure did and b) it should include taking care of these "dependant"

>>>>>> objects....... right?

>>>>> yes.

>>>> thanks.

>>>>

>>>>

>>>>> i seem to remember that there a policy that helps with this .. like

>>>>> “lame delegation” something-or-the-other that’s meant to deal with

>>>>> long-term occurrences of this.  so, even if the db-admin, for reasons

>>>>> unknown, deigned to remove the domain objects, said objects _should_

>>>>> have been reported, and acted on.  iirc, the details were left to

>>>>> afrinic to implement, but i stand to correction.

>>>> there's no lameness (yet). domain in question is served by my ($dayjob)

>>>> servers. And I was looking to clean that up and that got me to this case.

>>>>

>>>>

>>>> I wish we could get a confirmation (from AfriNIC staff) that deleting

>>>> the domain and route objects is (or will from now on be) part of the

>>>> process of de-registering any inetnum / inet6num object.

>>>>

>>>>

>>>> Frank

>>>>

>>>>

>>>> _______________________________________________

>>>> DBWG mailing list

>>>> DBWG at afrinic.net

>>>> https://lists.afrinic.net/mailman/listinfo/dbwg

>> _______________________________________________

>> DBWG mailing list

>> DBWG at afrinic.net

>> https://lists.afrinic.net/mailman/listinfo/dbwg

>




More information about the DBWG mailing list