[svlug] whois database seems to be incorrect

Tim tim at tetro.net
Sun Oct 27 14:32:28 PST 2002

On Sun, Oct 27, 2002 at 01:03:10AM -0700, Rafael Skodlar wrote:
> > > whois (version I use) ends with 
> > > "The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
> > > Registrars."
> > > 
> > > That means that the DB should only return ??*.com and not *.??*.com for
> > > example.
> > 
> > no, you are assuming that.. what it means is that it will not have .gov,
> > .us, .tv, .cn, etc..
> > 
> > Once again these records are not _domains_ they are _nameservers within
> > domains_.
> You think so.

And it is so..
You can limit an Internic WHOIS search to just nameservers.  Try this
$ echo "nameserver MICROSOFT.COM.BLOWME.ORG" | nc whois.internic.net 43

Which gives you (among other stuff):

   IP Address:
   Whois Server: whois.bulkregister.com
   Referral URL: http://www.bulkregister.com

You can search for nameservers starting with "microsoft" like this:
$ echo "nameserver partial microsoft" | nc whois.internic.net 43

You can also have it display all the full record for each match like this:
$ echo "full MICROSOFT.COM" | nc whois.internic.net 43

For more information about other Internic WHOIS options, try these
commands (they each display different information):
$ echo "?" | nc whois.internic.net 43
$ echo "HELP" | nc whois.internic.net 43

The problem (if it indeed is a problem) is that the Internic WHOIS
program seems to be doing a partial search whenever there is a period in
the query, and a record type has not been specified.  The help
information says that it will only do a partial search if either
'PArtial' keyword is used, or the query ends with a period.

> http://www.betterwhois.com
> "But there is a problem, the standard WHOIS domain search used on
> thousands of web sites is no longer accurate. Why? Because each domain
> registrar now keeps their own WHOIS database which doesn't include
> domains registered by competing registrars."

Actually its pretty easy to do what betterwhois.com does.. in fact, the
whois program that Debian Woody comes with does it automatically.

You just query whois.internic.net (remembering to use the 'DOmain'
keyword if you don't want to see any matching nameservers):
$ echo "do microsoft.com" | nc whois.internic.net 43

Then you look for the line that says what WHOIS server contains more
detailed information.  For microsoft.com, being:
   Whois Server: whois.networksolutions.com

And query that server.. which doesn't run the same kind of WHOIS server
as Internic, so you have to use a simpler query:
$ echo "microsoft.com" | nc whois.networksolutions.com 43

This also works with domains ending in EDU, but betterwhois.com doesn't
let you look them up.  I suggest you get a better whois program, like
the one that comes with Debian:


A ``whois microsoft.com'' command using this whois program still
displays those name servers that you dislike so much, but also follows
the "crsnic referral" and gets the full record from the appropriate
WHOIS server.

> Some registrars obviously don't care what's in their database.

It isn't their responsibility to make sure that your name servers
function properly.. so, yeah, I guess you could say that they don't

Not all of those name servers are bogus.  For one, 
MICROSOFT.COM.HAS.ITS.OWN.CRACKLAB.COM is an actual working name server.

   - Tim

More information about the svlug mailing list