BGP-Origins uses the DNS protocol as both a look-up and update mechanism. Users can easily query for the mappings of a prefix
by issuing a familiar DNS query such as:
dig 16/0.0.179.131.actions.bgp-origin.org txt
This command returns records in the DNS answer section that are parsible as follows:
16/0.0.179.131:52:<Key ID>:<Key Owner Name>:<Trust Code>
Data that is observed from PHAS is formatted with empty <Key ID>, <Key Owner Name>, and <Trust Code>.
All data that has been signed for is accompanied by the corresponding signature (in the additional section):
||Validation - A user has vouched for this mapping.
||Invalidation - A user has expressed their view that this mapping is not valid.
||Revocation - A user has revoked a previous validation/invalidation statement.
"<inception timestamp> <expiration timestamp> <signature>"
Expiration times of 0 indicate an indefinite lifetime (no expiration).
To aid in the updates, we provide a simple reference script to allow any user with a
GPG/PGP key (that resides in an on-line keyserver) to contribute to the global mapping.
Usage of this script (bgpo-client.pl) is very straightforward. One can query for data or attest to a mapping (with -q or
-a respectively). Sample:
bgpo-client.pl -q 22.214.171.124/16
- or -
bgpo-client.pl -a <prefix>