Maintainer (Mntner)

The mntner object (pronounced maintainer) is used to secure objects against unauthorised updates or deletion in the AFRINIC WHOIS database and IRR.

The mntner object further specifies authentication information required to authorise creation of certain objects in the database.

A mntner object is a WHOIS database object that will contain the credentials needed to authorise creation, deletion or modification of any objects that it protects.

Mntner FAQs

The update is usually done by a person, who will determine the password that shall be used.

Objects are protected by a mntner, and they shall contain a reference to the mntner usually in the form of mnt-xxx (examples are mnt-by, mnt-lower, mnt-routes, mnt-domains etc) 

 

Follow the steps below:

A) Generate the BCRYPT hash of your password. Use the tool at https://www.afrinic.net/whois/utilities#crypt

 mnt 2x

Note: The clear text password will be required whenever you update objects that are protected by the maintainer.

 

B) Please retain this password, if the maintainer belongs to your organisation, please ensure that it forms part of your organisation's password policy.

C) Load the mntner object template into the whois web client

mnt 3

D) Fill and submit the object template with specific data. (If in doubt what to fill for a specific attribute value, hover your cursor over the templates' attributes on the right for more details)

1. The "mntner" attribute is a unique identifier of the mntner object. Recommended format is three words separated by hyphens(e.g AFRINIC-JS42-MNT)
2. The "descr" attribute: A short description of the mntner object and the name of the organisation associated with it.
3. The "admin-c:" attribute: The NIC-handle of an on-site contact 'person' object.
4. The "upd-to:" attribute: The email address to be notified when attempts to update objects protected by the mntner is rejected due to a lack of authentication.
5. The "auth:" attribute: Scheme used to authenticate update requests. Option to use is BCRYPT
6. The value of "mnt-by" attribute can be the same as value of "mntner" attribute.
7. Fill in "password" field with your clear text password.
8. complete the "changed:" attribute with the email and date of the person making the changes (e.g. changed: This email address is being protected from spambots. You need JavaScript enabled to view it. 20130731). If the date is not specified, it will be system generated.
9. The "source" field is already filled for you.
10. Click on "Create" when all the required attribute values have been filled.

 

E) The mntner object template will be shown

mnt 4

F) After successful creation of the Mntner object, you shall get the screen below;

mnt 5

 G) You may query the Whois database to verify the Maintainer object. E.g the query "AFRINIC-JS39-MNT" with the "-rB" flags will output the current version of the object in the database. 

 

At this point, you have successfully created a mntner object. However, it is not protecting any other objects in the database except itself. If you wish to use the newly created object, please send an email at This email address is being protected from spambots. You need JavaScript enabled to view it. and mention your Org-hdl and the IP resource objects in which you want the mntner to be added.

 

 

on 2019 Aug 12
Was this helpful?

Usually AFRINIC creates a maintainer for all members and communicate on the cleartext password when they enroll for membership and the IP resources are issued to the organisation.

Note that a maintainer is not the nic-hdl you use as username to access the MyAFRINIC portal https://my.afrinic.net/

You can easily identify your maintainer, referenced as mnt-lower, mnt-domain or mnt-routes on of the objects(org, inetnum, inet6num or aut-num) held by the organisation you represent.

You can easily identify your maintainer object if you know your inetnum(IPv4 prefix), inet6num(IPv6) or aut-num(ASN)

 

You can query the objects of your organisation to find the maintainer(s) referenced.:

1. For example if a person knows his inetnum as 196.1.0.0/24

2. Go to https://www.afrinic.net/services/WHOIS-query

3. Select Query

4. Ensure Flags “r” and “B” are checked under “Flags”

mnt 0

5. Click Search

6. The details of the objects are then displayed and you can easily note the maintainer, which in this case is “AFRINIC-IT-MNT”

mnt 1

7. Note that you should never use AFRINIC-HM-MNT to create any objects on the  AFRINIC WHOIS database. AFRINIC-HM-MNT is only used by AFRINIC RIR and only some staff hold the authentication rights.

 

 

 

 

 

 

 

on 2019 Aug 12
Was this helpful?

The password of this maintainer is not available to AFRINIC members.

This maintainer is used by AFRINIC staff only, members cannot authenticate via this maintainer.

If you do not find any other maintainers in your resource objects, you may wish to create a maintainer and contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. to have the resource objects updated.

on 2019 Aug 12
Was this helpful?

No.

The maintainer object is an object used to protect your objects on the AFRINIC WHOIS and should not be mistaken with your nic-hdl which is used as username to access the MyAFRINIC portal.

on 2019 Aug 12
Was this helpful?

The maintainer is used to protect your other objects in AFRINIC database.

It ensures that only authorised changes can be done to your objects. The AFRINIC Database provides mechanisms to control who can make changes in the database and what changes they can make. The distinction of "who" vs. "what" separates authentication from authorisation.

The maintainer object serves as a container to hold authentication filters.

on 2019 Aug 12
Was this helpful?

In order to reset the password for your maintainer, please follow below steps:
1. Go to https://afrinic.net/en/services/ip-tools/whoiscrypt
2. Input the new password you wish to use for the maintainer you mentioned.
3. Click on "Generate hash".
4. Please send us the encrypted hash generated on This email address is being protected from spambots. You need JavaScript enabled to view it. and we shall then use this to reset your object.

Note that in order to authenticate against your maintainer after a successful reset of the password, you will need to use the clear text password which you submitted in Step 2 above.

on 2019 Aug 12
Was this helpful?

Please read the documentation available here and follow the instructions.

Should you require any assistance, you may send your request to This email address is being protected from spambots. You need JavaScript enabled to view it.

on 2019 Aug 12
Was this helpful?

No. You must replace the "FILTERED" string in the auth attribute with the actual encrypted hash otherwise the update will fail.

on 2019 Aug 12
Was this helpful?

You can use PGP, which involves using a pair of keys.

More information about using PGP with the AFRINIC whois database can be found here.

on 2019 Aug 12
Was this helpful?

Yes. All you need is to submit those assignments along with a clear text password to the whois database.

You can even use MyAFRINIC for that.

on 2019 Aug 12
Was this helpful?

Having generated your PGP key-pairs, export your public key into the whois database using a key-cert object.

Then sign all your database updates using your private key.

More information available here

on 2019 Aug 12
Was this helpful?

Yes. Either of the authenticated mechanisms will work if specified in a given mntner object.

on 2019 Aug 12
Was this helpful?

Please mail This email address is being protected from spambots. You need JavaScript enabled to view it. for any assistance with the AFRINIC whois database or call +230 403 5100.

You can also use Skype to call us for free on regular Skype user "skype2afrinic".

on 2019 Aug 12
Was this helpful?

The update is usually done by a person, who shall have the credentials (password protecting the maintainer or the PGP key that shall be used to authenticate).

Objects are protected by a mntner, and they shall contain a reference to the mntner usually in the form of mnt-xxx (examples are mnt-by, mnt-lower, mnt-routes, mnt-domains etc).

on 2019 Aug 12
Was this helpful?

Because someone can crack it using any computer or even smartphone.

Hiding it provides a deterrent from crackers trying all sorts of things on your hash.

on 2019 Aug 12
Was this helpful?

You can use PGP, which involves using a pair of keys.

More information about using PGP with the AFRINIC whois database can be found here.

In 2017, AFRINIC deprecated MD5 encryption in favour of BCRYPT which is more secure.

You will no longer be able to create maintainer objects with MD5 hash.

on 2019 Aug 12
Was this helpful?

Yes. All you need is to submit those assignments along with a clear text password of your maintainer object to the whois database.

You can also use MyAFRINIC for that.

on 2019 Aug 12
Was this helpful?
Date and time in Mauritius -