WHOIS DB FAQs

AFRINIC doesn't provide geolocation services and has no control over how this information is obtained from other databases. But please send us a snapshot of the site showing the wrong information and we will try our best to help you.

on 2018 Mar 10
Was this helpful?

If you are having challenges updating an object in the database, you may want to re-examine the way your email is formed. Recent research we conducted indicates that people encounter challenges while interacting with our auto-dbm robot because of how their e-mail is formed. Please always ensure that the content of your email is in plaintext (no formatting at all before submitting to This email address is being protected from spambots. You need JavaScript enabled to view it.).

on 2018 Mar 10
Was this helpful?

AFRINIC and RIPE NCC are two different WHOIS databases. Objects in AFRINIC database will have the suffix "-AFRINIC" while in RIPE will have the suffix "-RIPE". So, the objects can't be used interchangably and you must create your own objects at each one separately.

on 2018 Mar 10
Was this helpful?

The RIPE NCC database does not synchronise with the AFRINIC database. In this regard, there is a need to register the person, maintainer & aut-num objects on the RIPE NCC database before our members can register their route objects.

on 2018 Mar 10
Was this helpful?

Create and verify a person object

A person object contains information about technical or administrative contact responsible for the object where it is referenced. Each object has a unique Nic-handle attribute ("nic-hdl:"). Nic-handle is a unique identifier of a PERSON object. Whenever a PERSON object is referenced in another database object, it is referenced by its Nic-handle and not by the person’s name. Once the object is created, the value of the "person:" attribute cannot be changed.


Note: An auto-generated mntner object will be added in person objects which do not have a "mnt-by" attribute. The password of the auto-generated mntner will be sent to the email address(es) specified in the person object at the time of creation.

Follow the steps below:

  • On the AfriNIC Whois Web Interface, click on "Create Object" tab.
  • You will have to load the person object template into the web whois client. To do this, tick the checkbox next to "person" and click on "Load"

6

  • The person object template will load as below.

7

  • Fill in the information that is mandatory, an example is shown below:

8

  1. "person" -Specifies the full name of an administrative, technical or zone contact person for other objects in the database. (e.g. person: John Smith)
  2. "address" -Full postal address of a contact
  3. "phone" -Specifies a telephone number of the contact.
  4. "e-mail" - The e-mail address of a person, role or organisation.
  5. "nic-hdl" - This will be auto-filled with AUTO-1, which will be replaced with a system generated NIC-HDL upon creation.
  6. "changed" - You will need to specify the e-mail address of the person who submitted the update
  7. "source" - This will be auto-filled with AFRINIC and should not be changed.
  8. You may add other attributes by using ‘drag-n-drop’ method into the template text area.
  9. Click on “Create” when you have filled in all the mandatory attributes
  • After successful creation of the Person object, you shall get the message below which would include the "nic-hdl". In this example the nic-hdl is JS42-AFRINIC.

5

  • The password of the auto-generated mntner will be sent to the e-mail address(es) specified in the "e-mail" attribute(s). You will need to provide this password when updating/deleting the person object.10
  • You may query the Whois to verify the Person object. E.g "-rB john smith" or "-rB JS42-AFRINIC".
on 2018 Mar 10
Was this helpful?

Create and verify a person object

A person object contains information about technical or administrative contact responsible for the object where it is referenced. Each object has a unique Nic-handle attribute ("nic-hdl:"). Nic-handle is a unique identifier of a PERSON object. Whenever a PERSON object is referenced in another database object, it is referenced by its Nic-handle and not by the person’s name. Once the object is created, the value of the "person:" attribute cannot be changed.


Note: An auto-generated mntner object will be added in person objects which do not have a "mnt-by" attribute. The password of the auto-generated mntner will be sent to the email address(es) specified in the person object at the time of creation.

 

Follow the steps below:

  • On the AfriNIC Whois Web Interface, click on "Create Object" tab.
  • You will have to load the person object template into the web whois client. To do this, tick the checkbox next to "person" and click on "Load"

create person object 6

  • The person object template will load as below.

create person object 7

  • Fill in the information that is mandatory, an example is shown below:

create person object 8

  1. "person" -Specifies the full name of an administrative, technical or zone contact person for other objects in the database. (e.g. person: John Smith)
  2. "address" -Full postal address of a contact
  3. "phone" -Specifies a telephone number of the contact.
  4. "e-mail" - The e-mail address of a person, role or organisation.
  5. "nic-hdl" - This will be auto-filled with AUTO-1, which will be replaced with a system generated NIC-HDL upon creation.
  6. "changed" - You will need to specify the e-mail address of the person who submitted the update
  7. "source" - This will be auto-filled with AFRINIC and should not be changed.
  8. You may add other attributes by using ‘drag-n-drop’ method into the template text area.
  9. Click on “Create” when you have filled in all the mandatory attributes

 

  • After successful creation of the Person object, you shall get the message below which would include the "nic-hdl". In this example the nic-hdl is JS42-AFRINIC.

create person object 5

  • The password of the auto-generated mntner will be sent to the e-mail address(es) specified in the "e-mail" attribute(s). You will need to provide this password when updating/deleting the person object.

    create person object 10

  • You may query the Whois to verify the Person object. E.g "-rB john smith" or "-rB JS42-AFRINIC".

 

on 2018 Mar 10
Was this helpful?

Choose a new password and encrypt it as BCRYPT using this link. Then send the encrypted password to This email address is being protected from spambots. You need JavaScript enabled to view it. requesting for mntner password update.

on 2018 Mar 10
Was this helpful?

AFRINIC whois database is a public database which is open for anyone to use. If your person object (nic-hdl) is not protected then anybody can alter it. We advise you to create personal maintainer or use your organisation maintainer to protect your object.

Note: As from the 31st of August 2017, an individual auto-generated maintainer object was linked to all the unprotected person and role objects. The passwords were sent by e-mail to the email address(es) in the person/role object.

on 2018 Mar 10
Was this helpful?

There are two methods to query the whois database:

  1. The AFRINIC Whois web interface which can be accessed here.
  2. Command Line Interface: using whois client which can be downloaded from here.
on 2018 Mar 10
Was this helpful?

 

The AFRINIC Whois Database is an official record that contains information regarding organisations that hold IP addresses and AS Numbers in the African region. The database is public and users can query it to determine who is responsible for an IP address range or an AS Number.

on 2018 Mar 10
Was this helpful?

Membership Fees for End Sites are collected for three (3) years on the anniversary of the membership period. However, End Sites members may elect to be billed for a period of not less than 12 months at a time. AFRINIC is reviewing the possibility of End Sites membership fees to an annual basis.

 

For End Sites ASN only, the Membership fee shall be collected for three (3) years in the first instance and subsequently every six (6) years.

on 2018 Mar 10
Was this helpful?

Creating a key-cert object

A key-cert object holds the public part of your key in the Whois Database. To use the key you just generated in the AFRINIC Database, you should create it in the form of a key-cert object.

Note that first you will have to generate a gpg key pair on your computer. Use any GPG tool of your choice, in this example we are using GPGTools on Mac OS X. The step to generate the Key depends on the tool being used and might differ from the example.

Follow the steps below to create a key-cert object:

  1. On your terminal: $ gpg --gen-key and follow the instructions.
    faq create keycert object 1
  2. faq create keycert object 1 2
  3. faq create keycert object 1 3A
  4. PGP key with ID 7C943FC1 has been created.
  5. Export your key to a text file: $gpg -a --export “key-ID” > gpg_key
    WHOIS7
  6. Prepend the certif attribute to every line of your key as illustrated below;
    WHOIS8
  7. Load the key-cert object template into the whois web client;
    WHOIS9
  8. The key-cert object template will be shown. Fill the object template with specific data and replace the “certif:” attribute with the entire contents of the modified public key above. Your template should look something like this: (you have to protect the object using an exising mntner that typically uses MD5 and supply the password of that mntner)
    WHOIS10
  9. After successful creation of the key-cert object, you shall get the screen below;
    WHOIS11

 

on 2018 Mar 25
Was this helpful?

 How to Update/Delete Unprotected Object on Afrinic Whois.

Update/Delete an Unprotected Object

An unprotected object is one which can be modified or deleted without any authentication method. It is recommended to protect individual objects with a mntner object. The mntner is referenced by the "mnt-by:" attribute in the object (creation of mntner object is not explained on this page).

Note: After it has been created, the “person:” attribute cannot be updated. Same applies for the “role:” attribute. To update these attributes, you will have to delete the object and re-create it with the new value.

 

Follow the steps below to update an Unprotected object:

 

  1. Search for and load the object you want to update. On the Afrinic Whois client, click on "Query" tab. Type in the object you are looking for, click on the Checkbox next to "I'm not a robot", select the appropriate images and click on "Verify". After the human check is completed, click on "Search".
    WHOIS37
  2. Hover your cursor over the "Serch Result" and click on "Update".
    WHOIS38

 

3. In the example below we will update the address and add a second phone number.

WHOIS39

4. After the changes has been made, click on "Submit". You should see "Object Successfully Update!" below;

WHOIS40

 

5. You may query the Whois to verify the Person object. E.g the query "-rB john smith" now gives the output below;

 

WHOIS41

 

Follow the steps below to delete an Unprotected object:

 

Note that if the object is referenced in another object, you must first de-reference it from the object by modifying the object that contains it to remove the primary key of the object you want to delete. For example, you cannot delete a person object if it is still referenced in a role object, you must first modify the role object, remove the primary key of the person object, then you can delete the person object.

 

  1. Search for and load for modification the object you want to delete.
  2. Hover your cursor over the "Serch Result" and click on "Delete".
  3. You will get the screen below, enter your comment in the "Reason for Deletion" field at the bottom and click on "Delete".
    WHOIS42
  4. If ever the object is referenced in another object, you will get the error message "Oh! You got an error!".
    WHOIS43
  5. You must first de-reference it from the object by modifying the object. You need to do an inverse query with the 'primary key'(E.g JS37-AFRINIC) to find the other object.
  6. After you have de-referenced the object from the other object, perform step 3 again after which you will the "Object successfully deleted" message.
    WHOIS44

 

on 2018 Mar 25
Was this helpful?

A mntner object is a whois database object that will contain the credentials needed to authorise creation, deletion or modification of any objects that it protects. The update is usually done by a person, who therefore shall have the credentials (password, PGP key or X.509 certificate). Objects are protected by a mntner, and they shall contain a reference to the mntner usually in the form of mnt-xxx (examples are mnt-by, mnt-lower, mnt-routes, mnt-domains etc)

 

Follow the steps below:

  • Generate the BCRYPT hash of your password. Use the tool at https://www.afrinic.net/en/services/ip-tools/whoiscrypt
  • Note: The clear text password will be required whenever you update objects that are protected by the maintainer. Please retain this password, if the maintainer belongs to your organisation, please ensure that it forms part of your organisation's password policy.
  • Load the mntner object template into the whois web client
  • The mntner object template will be shown.
  • Fill and submit the object template with specific data. (If in doubt what to fill for a specific attribute value, hover your cursor over the templates' attributes on the right for more details)

 

  1. The "mntnr" attribute is a unique identifier of the mntner object. Recommended format is three words separated by hyphens(e.g AFRINIC-JS42-MNT)
  2. The "descr" attribute: A short description of the mntner object and the name of the organization associated with it.
  3. The "admin-c:" attribute: The NIC-handle of an on-site contact 'person' object.
  4. The "upd-to:" attribute: The email address to be notified when attempts to update objects protected by the mntner is rejected due to a lack of authentication.
  5. The "auth:" attribute: Scheme used to authenticate update requests. Available options are BCRYPT and PGP key(Accepted format BCRYPT-PW <your_bcrypt_hash> or PGPKEY-<your_pgp_key_id>)
  6. The "mnt-by" attribute use the same as "mntner" field.
  7. Fill in "password" field with your clear text password.
  8. complete the "changed:" attribute with the email and date of the person making the changes (e.g. changed: This email address is being protected from spambots. You need JavaScript enabled to view it.20130731). If the date is not specified, it will be system generated.
  9. The "source" field is already filled for you.
  10. Click on "Create" when all the required attribute values have been filled.
  • After successful creation of the Mntner object, you shall get the screen below;
  • You may query the Whois database to verify the Maintainer object. E.g the query "AFRINIC-JS39-MNT" with the "-rB" flags will output the current version of the object in the database.

 

on 2018 Mar 25
Was this helpful?

The AFRINIC whois database is a public database and we recommend that all the objects therein are protected (usually by a maintainer object) to prevent unauthorised modifications.

 

It is recommended that all objects are protected. This is done using a mntner(maintainer) object. Practically, this means that in a certain object – such as a person – you refer to this mntner with the "mnt-by:" attribute. Follow the steps in the "Create a Mntner Object" page if you have not yet created a mntner object.

Note: In the new Whois Database version 2.3, person and role objects which at the time of creation do not have a "mnt-by" attribute, will have an auto-generated mntner which will protect the object. The password of that maintainer will be sent to the email address(es) specified in the "e-mail:" attribute(s) upon creation of the object.

 

Follow the steps below to protect your objects from unauthorised modifications:

  1. Search for and load the object you want to protect. On the AfriNIC Whois client, click on "Query" tab. Type in the object you want to protect, click on the Checkbox next to "I'm not a robot", select the appropriate images and click on "Verify". After the human check is completed, click on "Search".
    16
  2. Hover your cursor over the "Serch Result" and click on "Update".
    17
  3. In the example below, we will protect the Person object with the mntner AFRINIC-JS39-MNT. Drag the "mnt-by" from the template on the right into the text area and add the mntner. You will need to enter the clear text password of the maintainer at the bottom before submitting.
    18
  4. You should see "Object Successfully Update!"
    19
  5. You may query the Whois to verify the Person object. E.g the query "-rB john smith" now gives the output below;
    20 
on 2018 Mar 25
Was this helpful?

CREATE ROUTE OBJECT – AFRINIC WHOIS Database

To begin with go to: https://afrinic.net/whois

  1. Click on “Create Object”
  2. Select “route” to specify the type of object you want to create.
  3. Click on “Load” to load the route object template.

WHOIS23

 

The route object template will load. Fill in the information that is mandatory, an example is show below:

WHOIS24

Refer to the next page for more details on the route object attributes.

 

Description of Attributes Specific to the Route Object

(1) “route:” – This specifies the IPv4 or IPv6 address prefix of the route. Together with the "origin:" attribute, these constitute a combined primary key of the route object.  The address can only be specified as a prefix(in CIDR notation).

(2) “descr:” - A short description related to the object.

(3) “origin:” - AS Number of the Autonomous System that originates the route into the interAS routing system.  The corresponding aut-num object for this Autonomous System must already exist in the AFRINIC Database.

(4) “mnt-by:” – Specifies the maintainer of your organization to protect the route object. In most cases the “mnt-by” will be same as the “mnt-lower” in the inetnum/inet6num and the “mnt-routes” in the aut-num object. You may identify the mnt-lower/mnt-routes by querying the AFRINIC Whois(https://whois.afrinic.net/) with your inetnum/inet6num or ASN.

(5) “changed:” - The email address of the person creating/updating the route object.

(6) “source:”– This is already filled for you.

(7) Password – You will need to specify the password in clear-text of the maintainer specified as the “mnt-by”.

(8) You may add other attributes by ‘drag-n-drop’  into the text area;

(i) “holes:” - These attributes form a list of the component address prefixes that are not reachable through the aggregate route (that part of the address space is possibly unallocated).

(ii) “org:” – the ORG-HDL of the organisation responsible for this resource.

(iii) “member-of:” – This attribute identifies a set object that this route object wants to be a member of.

(iv) “aggr-mtd:” – This attribute specifies how the aggregate is generated.

(9) Click on “Create” when you have filled in all the mandatory attributes and provided the maintainer password.

 

Note: You may hover your cursor on the attributes in the right-pane to get more details and information on the syntax to be used.

WHOIS25

 

Special Cases

There are certain cases in which you will not be able to create routes objects:

Case 1: AS numbers not existing in the AFRINIC’s database and belonging to a third party

In this case, please contact AFRINIC via e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it..

 

Case 2: AS numbers existing in the AFRINIC’s database and belonging to a third party.

In this case, it will be better to ask the organisation who has been assigned the ASN to create the route object for you as their aut-num object will be having a mnt-lower or mnt-routes which must authorise creation of routing information.

 

on 2018 Mar 25
Was this helpful?
// //