[Dshield] Strange DNS Lookup
Jon Kibler
Jon.Kibler at aset.com
Fri Jun 6 01:11:23 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mar Matthias Darin wrote:
<SNIP>
> Is this normal?
Absolutely, perfectly normal!
You obviously did a lookup on the IP address 66.94.237.10 and got back
the following:
host 66.94.237.10
10.237.94.66.in-addr.arpa domain name pointer n32c.bullet.scd.yahoo.com.
You did said: "Oh, this is YAHOO.COM, so let me lookup the whois on
YAHOO.COM."
What you got back was the first 25 hits on registered names containing
YAHOO.COM -- which is exactly how
whois -h whois.internic.net yahoo.com
is supposed to work. (Trust me, there are more that 25 names registered
that have 'YAHOO.COM' as part of the registered name!)
If you read the whois FAQ, you will find what I just described. You will
also find that to get JUST the YAHOO.COM domain (which is what I assume
you really want), the proper command is:
whois -h whois.internic.net "domain yahoo.com"
I hope this helps!
Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkhIjrsACgkQUVxQRc85QlPcKwCfQyCw0qRjIbJ3A5Uni5Wbhf8S
wMQAnAxBdw7MYbn9zESxATx1Rqpkh4vN
=xrj4
-----END PGP SIGNATURE-----
=========================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
More information about the list
mailing list