Hello Nick, hello Leo,
thanks for your fast and informative replies. I take the liberty to reply to both of you at the same time.
The RIPE Database, queried by Whois or RDAP, serves a different purpose from the stats file. The former enables communication between operators and supports the routing registry. The latter is to provide high level statistical data to researchers.
I see, it did not became clear to us that those file mainly exists for statistical purposes - we were glad to find something that has a unique syntax across all RIRs, instead of reintroducing the wheel for each one.
Oh well... :-)
Incidentally, IP address allocation queries in the RIPE Database now return the country where the holder of the block is legally resident, not where the IP address is actually used.
Yes. This seems to be a common source of misunderstandings when trying to assign a country code to an IP network, as most people/applications/databases do not specify if they are trying to show the jurisdiction of that IP network, or the country where its machines are physically located. In my humble opinion, the latter is hard - if any - to determine.
The situation with 51.15.0.0/17 and 51.15.0.0/16 is only the tip of a gigantic iceberg of quirks and anomalies, not just because you have inconsistent statements about the country, but also because this is legacy (i.e. pre-RIPE) address space and there can be multiple inetnum entries in the ripedb which may be fully inconsistent with each other and where all, some or none of the inetnum records may be an accurate reflection of reality.
Although we have already sensed something in that direction, it is a bit frustrating to receive that message from someone in the RIPE DB working group...
What would you do if you need to build a database to determine the country assigned to an IP address - let's take the one assigned to it by it's owner, regardless of jurisdiction or physical location -? Would you collect the most specific inetnums first, and proceed with the less specific ones?
(Basically, this is what we trying to do as we need to replace the GeoIP database provided by MaxMind due to license changes - some other open-source projects are in need of an alternative as well -, and instead of just using the next commercial provider, we are trying to build an open-source solution.
In case of further interest, please refer to: https://blog.ipfire.org/post/on-retiring-the-maxmind-geoip-database)
I.e. if you're planning to use either the RIPE DB or any other whois db for the ipfire geoip blocking mechanism, you may want to consider putting up very large and obtrusive warnings about how thoroughly inaccurate geoblocking may end up being in practice.
I believe we are more or less aware of that inaccuracies. Personally, I consider firewall rules based on Autonomous Systems Numbers to be _way_ more precise and practical - countries like US or NL are hard to block in productive environments.
We are keen to raise awareness of those issues in our user community as well, but unfortunately are unable to drop the ability of selecting countries as source or destination of a firewall rule completely. For a quick look, it also might be interesting to show some geographical information so very unusual connections are easier to identify.
Anyway: Thanks for your replies so far and thanks in advance for the upcoming ones. :-)
Thanks, and best regards, Peter Müller