Chris -
There have not been other incidents – we publish incident reports for
all customer-impacting events (even if just a single customer.)
Thanks,
/John
John Curran
President and CEO
American Registry for Internet Numbers
> On Dec 15, 2025, at 6:50 PM, Chris Woodfield via NANOG
> <[email protected]> wrote:
>
> If this is the first and only incident of a resource being inadvertently
> reassigned to a different organization, then I’d estimate that ARIN has an
> error rate that is much, *much* lower than, say, the error rate of DNS
> registrars handling domain transfers. The key qualifier is the “if” - this
> could be the only time this has happened, or just the first incident that has
> public awareness (at least in as long as I’ve been paying attention). While
> it’s entirely reasonable that ARIN would not report other incidents
> contemporaneously due to customer privacy concerns, I don’t think it’s
> inappropriate to ask if there have been other incidents like this, and if so,
> how many and how recently.
>
> If nothing else, I expect that this will be a topic of the next Policy
> Experience Report, either from the stage or from the mics. Probably both.
>
> -Chris
>
>> On Dec 15, 2025, at 15:08, Tom Beecher via NANOG <[email protected]>
>> wrote:
>>
>> ARIN hasn’t exhibited a pattern of this error. They haven’t exhibited a
>> pattern of similar errors.
>>
>> Every single one of us has, at some point made a decision to defer dealing
>> with something because of resourcing, timing, frequency of potential
>> mistake, etc. Anyone who says otherwise is full of shit.
>>
>> There’s no reason to get all verklempt over this.
>>
>> On Mon, Dec 15, 2025 at 16:06 David Conrad via NANOG <[email protected]>
>> wrote:
>>
>>> Hank,
>>>
>>> On Dec 14, 2025, at 9:48 PM, Hank Nussbacher via NANOG <
>>> [email protected]> wrote:
>>>> A masterclass in owning a mistake and handling it properly.
>>>
>>> “Owning”? Sure. "Handling it properly"? Time will tell.
>>>
>>> The issue here is that RIRs were created to have precisely one job, namely
>>> to ensure the allocation of unique resources. Everything else is secondary.
>>> And ARIN failed at that one job.
>>>
>>> It is, of course, true that mistakes (to put it politely) happen. People
>>> are fallible, bugs exist, systems crash, etc. What matters in the context
>>> of “core mission" is how much the organization's policies, processes, and
>>> priorities played in those mistakes. It appears updating systems to address
>>> “known weaknesses" was not prioritized, that internal processes were
>>> apparently not followed, and that policies were not in place to ensure ARIN
>>> could not fail in its core mission. Outside of the impact to the direct
>>> customers and a potential degradation in trust in ARIN’s service, there is
>>> a larger context: at a time when the RIR system as a whole is facing
>>> increased scrutiny due to governance concerns, changes in its operational
>>> role due to (and failures in) RPKI, threats from various actors, etc., this
>>> isn’t a good look.
>>>
>>> ARIN has made a number of promises and presumably over time, there will be
>>> information about how it is living up to those promises. Hopefully, that
>>> information will show ARIN is "handling it properly”.
>>>
>>> Regards,
>>> -drc
>>>
>>>
>>>
>>> _______________________________________________
>>> NANOG mailing list
>>>
>>> https://lists.nanog.org/archives/list/[email protected]/message/BP4LWM6SGTFEYHZRSVMFZR4QVWFAWAHD/
>> _______________________________________________
>> NANOG mailing list
>> https://lists.nanog.org/archives/list/[email protected]/message/T6BYEYDW2F6CVYBENOEFM26DPVLV4B5F/
>
> _______________________________________________
> NANOG mailing list
> https://lists.nanog.org/archives/list/[email protected]/message/XV5MLLVV6ZRD7MDAHF5CSTMSGLKRJDHD/
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/[email protected]/message/C2BSXD4YPWJSEPY2BE4NQVEZGHRENFDV/
