[Dshield] whois queries

Jeff Godin jeff at tcnet.org
Wed Sep 10 16:15:46 GMT 2003


On Wed, 10 Sep 2003, Jeff Godin wrote:

>
> I do seem to be seeing some troubles with whois.crsnic.net. A query for
> the whois record for example.com and example.net just hangs while
> consulting whois.crsnic.net.

[replying to my own message, yes -jeff]

whois.crsnic.net seems to be slow, but working. Just let it sit long
enough, it should return results before timing out.

In regards to the confusion many seem to be having, and someone mentioning
a "hack"...

It is a hack, but not the kind you think. :)

If I own example.org (I don't) and I want to make fun of some large domain
name such as GOOGLE.COM, AOL.COM, or MICROSOFT.COM, I can just create a
host record (a nameserver record, also stored in whois in most cases).

If I create a record for a nameserver and call it
GOOGLE.COM.RETURNS.BETTER.RESULTS.THAN.EXAMPLE.ORG
(I don't want to make fun of google... bad form. I find it too useful. ;)

...

If I create the above very long nameserver record, many whois clients and
servers will display it when a query is performed for "GOOGLE.COM".

So... a hack, but not the kind that some seem to have been implying.

One or two folk started doing it, and then many more joined in. Started...
oh, perhaps two years ago, if memory serves. We could always check all of
the host records in question for creation dates. If we were bored.

Look into your whois client and server options for matching your query
exactly, and you'll be able to see full details on the exact record you
desire.

-jeff

-- 
Jeff Godin
Network Specialist
Traverse Area District Library / Traverse Community Network
jeff at tcnet.org




More information about the list mailing list