RIPE Database docs
Sidebar Navigation

Introduction to the RIPE Database

RIPE Database Documentation Overview

Intended Audience

Conventions Used in the RIPE Database Documentation

What is the RIPE Database

Purpose and Content of the RIPE Database

History of the RIPE Database

Personal Data Database Management and Reponsabilities

RIPE Database Structure

Database Object

Primary and Secondary Objects

List of Primary Objects

List of Secondary Objects

The Attributes in Database Objects

Attribute Names

Attributes in an Object

Attribute Values

Attribute Properties

How to Organise Your Data

REST API Data model

RPSL Object Types

Descriptions of Primary Objects

Descriptions of Secondary Objects

Available Databases

RIPE Database

TEST Database

Release Candidate Database

Experimental Databases

Update Methods

RESTful API

Webupdates

Syncupdates

Email Updates

Updating Objects in the RIPE Database

Format of the Update Message

Accessing the Object Templates

Object Processing

Update Operations

Historical Data

Special Considerations for Object Creation

Garbage Collection

Dry run

Set Objects

Notifications

Acknowledgment Message

Notification Messages

Authorisation

Authorisation Model

Using the Authorisation Methods

Security of Data Using Authorisation

Protection of PERSON and ROLE Objects

Protection of AUT NUM Object Space

Protection of Address Space

Protection of Route Object Space

Protection of Reverse Delegation Objects

Protection of Objects with Hierarchical Names

Protecting Membership of a Set

Referencing an ORGANIZATION Object

Referencing an IRT Object

IRT Object

Force Delete Functionality

Request ENUM delegation

Request DNSSEC delegation

How to Query the RIPE Database

The Structure of a Query

Web Query Form

RESTful API Queries

Command Line Queries

Query Responses

Registration Data Access Protocol

Access to Personal Data

Types of Queries

Queries Using Primary and Lookup Keys

Queries for IP Networks

Queries for Autonomous Systems

More and Less Specific Lookups For Reverse Domains

Inverse Queries

Abuse Contacts

Grouping the RIPE Database Output

Filtering the Query Reponse

IRR Toolset Support

Persistent Connections and Keeping State

Getting All the Members of Set objects

Access Control for Queries

RIPE NCC Global Resource Service

Other Query Flags

Referenced Objects in Query Response

Historical Queries

Related Software and Tools

Geolocation in the RIPE Database

RIPE Database Mirror

Setup RIPE Database Mirror

Near Real Time Mirroring v3

Near Real Time Mirroring v4

Access to NRTM

Tables of Query Types Supported by the RIPE Database

How to Recover Access to a Maintainer Object

Installation and Development

Getting started on macOS

Getting started on Ubuntu Linux

Building whois

Configure MariaDB

Coding standard

Installation instructions

Database Support

Support Overview

Clean up of Unreferenced Data

Database Security

Configuring Reverse DNS

Database Business Rules

Highlighted Values in the RIPE Database

Create First Role Mntner

Removal of personal data

Release Notes

FAQ

Appendices

Appendix A Syntax of Object Attributes

Appendix B Copyright Statement

Appendix C RIPE Database Query Server Response Codes and Messages

Appendix-D--Route-Object-Creation-Flowchart

Appendix-E--Domain-Object-Creation-Flowchart

Appendix F Special Considerations for Object Types

Appendix G Object Types with Personal Data

Appendix H PGP Authentication Method

Appendix I Client Certificate Authentication

Appendix J Ripe Test Database

Appendix K API Keys

Glossary

Legal Information

RIPE Database Acceptable Use Policy

HTML Terms And Conditions

All Documentation Combined

On this page

Request ENUM Delegation ​

ENUM is a protocol that is the result of work of the Internet Engineering Task Force's (IETF's) Telephone Number Mapping Working Group. The charter of this working group was to define a Domain Name System (DNS)-based architecture and protocols for mapping a telephone number to a Uniform Resource Identifier (URI) which can be used to contact a resource associated with that number.

The RIPE NCC provides DNS operations for e164.arpa zone(ENUM) is accordance with the Instructions from the Internet Architecture Board.

Requesting Secure Delegation in the ENUM Domain ​

Example of an ENUM domain object, including a "ds-rdata:" attribute

domain:     1.3.e164.arpa
descr:      Stichting ENUM Nederland
org:        ORG-SEN3-RIPE
admin-c:    MD6066-RIPE
tech-c:     ENT6-RIPE
zone-c:     ENT6-RIPE
nserver:    ns1.enum.nl
nserver:    ns7.domain-registry.nl
ds-rdata:   10567    5   1   8f138cd3e55db6590f51fe47e390a2d1743b5bd4
mnt-by:     ENUM-NL-MNT
source:     RIPE # Filtered

The four steps to updating an ENUM delegation to have a secure DS record in e164.arpa ​

  1. Setup you server to serve a secure zone

    Ensure that the zone you are serving is signed and it contains a Key Signing Key (KSK) marked with the SEP flag.

  2. Create your domain object

    The "ds-rdata:" attribute of your domain object should be created by performing a hash over the SEP KSK key. An easy way to create a domain object which includes the ds-rdata: hash is to visit the RIPE NCC Delegation Checker, input your zone name and follow the instructions provided. The end result will be a domain object you can use in the next step.

  3. Submitting the domain object Once you have set up your server(s) to serve the ENUM zones you are ready to request delegation by submitting a domain object:

    1. By using webupdates

      • First authorise yourself in the authorisation section. Then go to the add section
      • Select domain, by clicking on 'Create a New Object' and then click on 'Add Object'
      • Fill in all the available fields
      • Use the 'Add New Field' feature to add at least two "nserver:" attributes. Here, you supply the names of the name servers that are serving the zones as set up in Step 3 and that you have specified in the NS resource records of those zones
      • For the "mnt-by:" attribute use the mntner you prepared in Step 1
    2. By email You need to create a domain object containing information about the zone you need reverse delegation for. For further information go here

    3. Verifying the setup Once you have submitted the domain object you will receive a notification.

      You should then be able to query for your object in the RIPE Database: whois -h whois.ripe.net 1.3.e164.arpa After the object appears in the RIPE Database it may take between 15 and 60 minutes before the delegation information is available in the DNS.

      The ultimate test is to query a recursive name server that is not authoritative for your zone for a record from your zone.

      Please contact us if, six hours after the appearance of your domain object in the database, your delegation does not appear. Include the details such as name server addresses and the domain object in your request. Also include the full response, including headers, as received from the database.

      Any resolver which has the DNSSEC public key for e164.arpa configured should now return DNS answers which have the authenticated data bit set.

Additional Notes ​

From time to time, you may have to roll the keys in your zone. When you do this, make sure that you also update the ds-rdata information. This places a new DS record in the parent zone.

For further details on rolling keys and other important information on DNSSEC operational practices we recommend reading RFC 4641.

Last updated:

Pager
Previous pageForce Delete Functionality
Next pageRequest DNSSEC delegation