On Wed, 19 Apr 1995 20:09:22 -0400 Vadim Antonov wrote:
There should be two different IRR machines for AS owners only (the one which allows updates) and the one which responds on queries from the general public, so we can get reasonable responsiveness, w/o "please try again"s.
A lonely, old SUN ELC did the RIPE RR for a long time. We only replaced it recently with a 5 because of the load indexing causes, not because of the load the database queries caused. That ELC did a lot more (it was {ns, ftp, info, www, wais, gopher}.ripe.net) and was not even close to resource starvation. Aren't you mixing things up with some problems at the Internic some time ago? As to the speed of the database, there might be some other weird problem because when I connect to the FTP port of tiny.sprintlink.net, it usually takes more than 30 seconds to get the initial FTP banner. The TCP setup is immediate, data flows much later. Testing port 7 finds that for that port too, TCP setup is immediate but (first) data echo is delayed. I don't see this with most other sites, something to investigate?
(And it is slow. I would like to be able to establish a connection and do a thousand of queries. Some my nasty scripts call whois several thousand times.)
That is certainly possible, though not documented at this time: - COnnect to the whois port - Send the first search string with -k (keep) - Receive objects, separated by empty lines: inetnum: 234.567.789.0 .... route: 234.567.789.0/40 .... The end of the query is shown by two empty lines, after which the whois server doesn't close but waits for further queries. Send in the next line and the protocol repeats - After 30 secs of inactivity, you get kicked out; no stragglers allowed prtraceroute uses this internally to obtain reasonable performance. (it does a *lot* of whois queries too) Does this address that concern? I do agree that this does not include updates, though. Think of the security requirements and how to implement them. For mail at least, we are able to keep an audit trail (which we do).
It also lacks query functions (what are all networks i'm supposed to hear from peer X?, which networks Lollypop Inc. owns?)
That is provided via WAIS.
PGP is fine; what about security for on-line interfaces; and who guarantees security of RS machines?
I am open for suggestions on how to implement this.. Geert Jan