[Dshield] Stumped by 238.7.6.6

Bruce Campbell bruce_campbell at ripe.net
Wed Jun 19 12:38:32 GMT 2002


On Mon, 17 Jun 2002, Johannes Ullrich wrote:

> Quick whois tip: Always start with ARIN (whois.arin.net).

Note that ARIN are re-implementing their WHOIS server, and the current
undocumented output format will eventually change to something almost, but
not quite, like RPSL.  ( label colon whitespace data ).  This will mean
that your parsers will need to be changed.  More information on
http://www.arin.net/ .

> RIPE or APNIC only respond to queries for the parts of IP space
> that they are responsible for. ARIN will tell you to query
> RIPE or APNIC, but RIPE will not tell you to query ARIN if it
> does not know the answer.

Actually, thats somewhat incorrect.

_Currently_, all RIRs do reply with something somewhat useful[1] when
asked for any IP address, when asked nicely ;).  By default, only limited
databases (usually only the data that the server is primarily
authoritative for, and other incidental data) are searched on
whois.ripe.net .

For the RIPE NCC and APNIC, the flag to get the whois server to search all
available databases is '-a' [2], eg:

	$ whois -h whois.ripe.net -a 206.206.206.206

	inetnum:      206.206.0.0 - 206.207.255.255
	netname:      NETBLK-WESTNET-W5
	descr:        network assigned by the ARIN
	country:      ARIN
	admin-c:      ARIN1-RIPE
	tech-c:       ARIN1-RIPE
	remarks:      this network is assigned by the ARIN
	remarks:      please query whois.arin.net for more information
	mnt-by:       ARIN-MNT
	changed:      ripe-dbm at ripe.net 20020619
	source:       ARIN

_Eventually_, all of the RIRs will respond with Something Useful by
default when queried for any IP address (this has been on the cards since
the creation of ARIN in December 1997).

Regards,

-- 
                             Bruce Campbell                            RIPE
                   Systems/Network Engineer                             NCC
                 www.ripe.net - PGP562C8B1B                      Operations

[1] Some of the data returned by whois.{apnic,ripe}.net is really, due to
    the design of the database server, administrative data designed to
    stop people being overly 'creative' with IP assignments, eg 'IANA-BLK'
    in the RIPE database.
[2] If your whois client has done something else with '-a', you'll need to
    escape it, eg: 'whois -h whois.somewhere -- "-a 238.7.6.6"'




More information about the list mailing list