The mntner object (pronounced maintainer) is used to secure objects against unauthorised updates or deletion in the AFRINIC WHOIS database and IRR.
The mntner object further specifies authentication information required to authorise creation of certain objects in the database.
A mntner object is a WHOIS database object that will contain the credentials needed to authorise creation, deletion or modification of any objects that it protects.
The update is usually done by a person, who will determine the password that shall be used.
Objects are protected by a mntner, and they shall contain a reference to the mntner usually in the form of mnt-xxx (examples are mnt-by, mnt-lower, mnt-routes, mnt-domains etc)
Follow the steps below:
A) Generate the BCRYPT hash of your password. Use the tool at https://www.afrinic.net/whois/utilities#crypt
Note: The clear text password will be required whenever you update objects that are protected by the maintainer.
B) Please retain this password, if the maintainer belongs to your organisation, please ensure that it forms part of your organisation's password policy.
C) Load the mntner object template into the whois web client
D) Fill and submit the object template with specific data. (If in doubt what to fill for a specific attribute value, hover your cursor over the templates' attributes on the right for more details)
1. The "mntner" attribute is a unique identifier of the mntner object. Recommended format is three words separated by hyphens(e.g AFRINIC-JS42-MNT)
2. The "descr" attribute: A short description of the mntner object and the name of the organisation associated with it.
3. The "admin-c:" attribute: The NIC-handle of an on-site contact 'person' object.
4. The "upd-to:" attribute: The email address to be notified when attempts to update objects protected by the mntner is rejected due to a lack of authentication.
5. The "auth:" attribute: Scheme used to authenticate update requests. Option to use is BCRYPT
6. The value of "mnt-by" attribute can be the same as value of "mntner" attribute.
7. Fill in "password" field with your clear text password.
9. The "source" field is already filled for you.
10. Click on "Create" when all the required attribute values have been filled.
E) The mntner object template will be shown
F) After successful creation of the Mntner object, you shall get the screen below;
G) You may query the Whois database to verify the Maintainer object. E.g the query "AFRINIC-JS39-MNT" with the "-rB" flags will output the current version of the object in the database.
Usually AFRINIC creates a maintainer for all members and communicate on the cleartext password when they enroll for membership and the IP resources are issued to the organisation.
Note that a maintainer is not the nic-hdl you use as username to access the MyAFRINIC portal https://my.afrinic.net/
You can easily identify your maintainer, referenced as mnt-lower, mnt-domain or mnt-routes on of the objects(org, inetnum, inet6num or aut-num) held by the organisation you represent.
You can easily identify your maintainer object if you know your inetnum(IPv4 prefix), inet6num(IPv6) or aut-num(ASN)
You can query the objects of your organisation to find the maintainer(s) referenced.:
1. For example if a person knows his inetnum as 220.127.116.11/24
3. Select Query
4. Ensure Flags “r” and “B” are checked under “Flags”
5. Click Search
6. The details of the objects are then displayed and you can easily note the maintainer, which in this case is “AFRINIC-IT-MNT”
7. Note that you should never use AFRINIC-HM-MNT to create any objects on the AFRINIC WHOIS database. AFRINIC-HM-MNT is only used by AFRINIC RIR and only some staff hold the authentication rights.
The password of this maintainer is not available to AFRINIC members.
This maintainer is used by AFRINIC staff only, members cannot authenticate via this maintainer.
The maintainer is used to protect your other objects in AFRINIC database.
It ensures that only authorised changes can be done to your objects. The AFRINIC Database provides mechanisms to control who can make changes in the database and what changes they can make. The distinction of "who" vs. "what" separates authentication from authorisation.
The maintainer object serves as a container to hold authentication filters.
In order to reset the password for your maintainer, please follow below steps:
1. Go to https://afrinic.net/whois/utilities
2. Input the new password you wish to use for the maintainer.
3. Click on "Generate hash".
Note that in order to authenticate against the maintainer after a successful password reset, you will need to use the clear-text password which you submitted in Step 2 above.
The update is usually done by a person, who shall have the credentials (password protecting the maintainer or the PGP key that shall be used to authenticate).
Objects are protected by a mntner, and they shall contain a reference to the mntner usually in the form of mnt-xxx (examples are mnt-by, mnt-lower, mnt-routes, mnt-domains etc).
You can use PGP, which involves using a pair of keys.
More information about using PGP with the AFRINIC whois database can be found here.
In 2017, AFRINIC deprecated MD5 encryption in favour of BCRYPT which is more secure.
You will no longer be able to create maintainer objects with MD5 hash.