[Dshield] Strange DNS Lookup

Jon Kibler Jon.Kibler at aset.com
Fri Jun 6 01:47:38 GMT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom Le wrote:
<SNIP>
> What version of Whois Server are you querying?  You can force it to give you
> the domain only with "=yahoo.com" such as:
> 
>      echo "=yahoo.com" | nc whois.internic.net 43 (whois server v2.0)
>      echo "=yahoo.com" | nc rs.internet.net 43 (whois server v1.3

Tom,

The "=" does not always work. For example, run from a Sun box:

$ whois =yahoo.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Server Name: YAHOO.COM.ZZZZZZ.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
   IP Address: 203.36.226.2
   Registrar: TUCOWS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://domainhelp.opensrs.net

   Server Name: YAHOO.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
   IP Address: 69.41.185.196
   Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
   Whois Server: whois.itsyourdomain.com
   Referral URL: http://www.itsyourdomain.com

   <VERY BIG SNIP>


You have to use 'domain yahoo.com' for it to work everywhere.

For example:
$ whois 'domain yahoo.com'

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: YAHOO.COM
   Registrar: MARKMONITOR INC.
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: NS1.YAHOO.COM
   Name Server: NS2.YAHOO.COM
   Name Server: NS3.YAHOO.COM
   Name Server: NS4.YAHOO.COM
   Name Server: NS5.YAHOO.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 22-jul-2005
   Creation Date: 18-jan-1995
   Expiration Date: 19-jan-2012

>>> Last update of whois database: Thu, 05 Jun 2008 21:42:06 EDT <<<


On the sparc whois, at a couple of others I use, including at least one
Linux version, adding the '=' causes a listing of multiple matches to be
expanded into a detailed list of matching name's registrar information,
like seen above.

See the whois FAQ for details. (I seem to recall that the '=' has been
deprecated.)

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkhIlzoACgkQUVxQRc85QlPDJQCaA7+kTq7K01uMCmDCZx1fI6hk
vkEAoJ2NyWv3mcBNL6+nwdGSNzdJ29RR
=mXao
-----END PGP SIGNATURE-----




=========================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

More information about the list mailing list