Home | Background | Downloads | HOWTO | IRL

BGP-Origins uses the DNS protocol as both a look-up and update mechanism. Users can easily query for the mappings of a prefix by issuing a familiar DNS query such as:

        dig 16/ txt
This command returns records in the DNS answer section that are parsible as follows:
        16/<Key ID>:<Key Owner Name>:<Trust Code>

Data that is observed from PHAS is formatted with empty <Key ID>, <Key Owner Name>, and <Trust Code>.

Trust Code Meaning
1 Validation - A user has vouched for this mapping.
2 Invalidation - A user has expressed their view that this mapping is not valid.
3 Revocation - A user has revoked a previous validation/invalidation statement.

All data that has been signed for is accompanied by the corresponding signature (in the additional section):

        "<inception timestamp> <expiration timestamp> <signature>"
Expiration times of 0 indicate an indefinite lifetime (no expiration).

To aid in the updates, we provide a simple reference script to allow any user with a GPG/PGP key (that resides in an on-line keyserver) to contribute to the global mapping.

Usage of this script (bgpo-client.pl) is very straightforward. One can query for data or attest to a mapping (with -q or -a respectively). Sample:

        bgpo-client.pl -q
- or -
        bgpo-client.pl -a <prefix>