Routing Registry Tutorial

1. Create Maintainer object

About the Maintainer Object

The maintainer object is your primary Point of Contact to describe your network's architecture. Your maintainer object is used to authorize any object creations, modifications, or deletions as well as being operational point of contact for operational issues with your network. In other words, if your network does not have a maintainer object, it cannot be maintained on the registry.

With the dn42 whois there are two methods of authorization available: PGP and CRYPT-PW. The use of the PGP authentication is encouraged as it does not depend on a secure channel to the whois service, though your new maintainer object will have only the CRYPT-PW method registered and you will have to enable PGP later.

Register a Maintainer

Maintainer objects specify the persons who are allowed to execute updates to the registry, and how they are authenticated. When an information about your network such as AS or route information object is submitted, a Maintainer object is referenced in the submitted object using the mnt-by attribute. If a Maintainer object is not referenced, the submission will be rejected. So, in order to register information about your network to the registry, you must register a Maintainer object first.

To register your maintainer object, first you need to determine the names and e-mail addresses of persons from your organization who are allowed to update and/or submit network information objects such as Route and AS objects. Use the maintainer object template below to fill in the fields with appropriate information. The value of mnt-by attribute should be the same value of the mntner attribute. Later, you will find out that all objects must be signed with mnt-by attribute, which registers the object being submitted under your maintainer. Feel free to take a look at the example below.

Then copy the maintainer object template you just completed into an e-mail message and send it off to All maintainer object registrations must be reviewed by a human and are then added to the registy. It may take up to several days as dn42 is a volunteer based project and everyone is busy, but we will try our best to complete it early as possible.

Note: You should only send Maintainer object templates to Other network information objects including AS, Route, AS-SET, etc must be sent to Maintainer objects are subject to human intervention before being committed to the registry. Other network information objects are instantly committed to the registry upon successful update sent to If your Maintainer object is already created, but you wish to make changes, you may send modification of Maintainer object to for instantaneous modification.
Listing: MAINTAINER Example
mntner:     MNT-WEISHAUPT                 # Maintainer ID, any not yet taken name is ok, though it should begin with MNT-
descr:      weishaupt connection          # suprise: a description
admin-c:    WEISHAUPT-DN42                # Handle of your admin-c, the object can be created later
upd-to:             # Email address to notify on failed updates
notify:             # Email address to notify on any updates
auth:       CRYPT-PW 4Likx.7ZwAi2         # Encrypted password, generated using crypt.c
mnt-by:     MNT-WEISHAUPT                 # same as mntner:
changed: 20100516    # email address and date (YYYYMMDD) of last change
source:     dn42                          # name of the registry, is always dn42 here

You find crypt.c here. It uses the crypt(3) method to calculate a password for usage with CRYPT-PW. To compile it, you need to issue someting like gcc -o crypt crypt.c -lcrypt on GNU/Linux and something similar but without "-lcrypt" on most other unices. Simply run it with ./crypt then, the rest should be straight forward.

2. Extend Maintainer object

Adding a person to your handle

Now that you have your Maintainer object installed into the registry, you may want to extend it by contact information abount your roles. To do so, you need to add a person object. For this, formulate a request similar to the example below and send it to

For using the CRYPT-PW authorization, you will need to put your password into the registered object's password: attribute. See the example below to see how it is done.

Listing: PERSON Example
person:     Adam Weishaupt
address:    Theresienstr. 23
address:    Ingoldstadt 85049
phone:      +49 841 305 1090
nic-hdl:    WEISHAUPT-DN42
mnt-by:     MNT-WEISHAUPT
changed: 20100516
source:     dn42
password:   foo

Adding a PGP-Key

As you have seen, you need to send you password in plaintext over a channel which is more or less not under your control, which is obviously a security risk. Let's make it our next task to fix this.

As a more secure way we will use the PGP authentication method. A prerequisite for this is adding your PGP-Key to the whois database system. To do so we add a key-cert object to store the public key. As you will probably notice, multiline syntax is used.

Listing: KEY-CERT Example
key-cert: PGPKEY-4CE97164
method:   PGP
 Version: GnuPG v2.0.13 (GNU/Fnord)
changed: 20100516
source:   dn42
password: foo

Actually using your PGP-Key for authentication

Now that the key is stored in the system, the maintainer object has to be linked to it. This is achieved by updating the maintainer object and adding a new authentication method.

For updating an object, we simply get its recent version from the database (whois -h MNT-WEISHAUPT in this case), make our changes to it, update the changed: attribute and send it to The old version is replaced with the new one. Of course we need to add the correct password: attribute when using CRYPT-PW.

Listing: MAINTAINER object example with PGP auth added
mntner:     MNT-WEISHAUPT
descr:      weishaupt connection
admin-c:    WEISHAUPT-DN42
auth:       CRYPT-PW 4Likx.7ZwAi2
auth:       PGPKEY-4CE97164
mnt-by:     MNT-WEISHAUPT
changed: 20100516
source:     dn42
password:   foo
Note: Though it is possible to remove the CRYPT-PW method while adding the PGPKEY, this is definetly not recommended as you would lock yourself out if something does not work out as intended. You should test the PGPKEY method first and then remove your CRYPT-PW in a new request.

3. Register AS

Registering the aut-num object

Now that you have Maintainer object installed into the registry, you need to register an object that details your AS's routing policy, such as how you are connected to the rest of the world.

This might be a good time to test your PGPKEY authentication. Sign the next request with your key. Make sure to use inline formatting and not PGP/MIME.

Listing: AUT-NUM Example
Hash: SHA384

aut-num:    AS64623
as-name:    minerva
descr:      minerva's as
admin-c:    WEISHAUPT-DN42
tech-c:     WEISHAUPT-DN42
mnt-by:     MNT-WEISHAUPT
changed: 20100516
source:     dn42
Version: GnuPG v2.0.13 (GNU/Fnord)


Last modified: 2010-05-17

This document guide you through the process of creating the necessary objects for registering your person, AS and network with the dn42 whois system.

Christian Franke

Table of Contents:

1. Create Maintainer object

2. Extend Maintainer object

3. Register AS