[svlug] whois database seems to be incorrect
tim at tetro.net
Sun Oct 27 14:32:28 PST 2002
On Sun, Oct 27, 2002 at 01:03:10AM -0700, Rafael Skodlar wrote:
> > > whois (version I use) ends with
> > > "The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
> > > Registrars."
> > >
> > > That means that the DB should only return ??*.com and not *.??*.com for
> > > example.
> > no, you are assuming that.. what it means is that it will not have .gov,
> > .us, .tv, .cn, etc..
> > Once again these records are not _domains_ they are _nameservers within
> > domains_.
> You think so.
And it is so..
You can limit an Internic WHOIS search to just nameservers. Try this
$ echo "nameserver MICROSOFT.COM.BLOWME.ORG" | nc whois.internic.net 43
Which gives you (among other stuff):
Server Name: MICROSOFT.COM.BLOWME.ORG
IP Address: 126.96.36.199
Registrar: BULKREGISTER.COM, INC.
Whois Server: whois.bulkregister.com
Referral URL: http://www.bulkregister.com
You can search for nameservers starting with "microsoft" like this:
$ echo "nameserver partial microsoft" | nc whois.internic.net 43
You can also have it display all the full record for each match like this:
$ echo "full MICROSOFT.COM" | nc whois.internic.net 43
For more information about other Internic WHOIS options, try these
commands (they each display different information):
$ echo "?" | nc whois.internic.net 43
$ echo "HELP" | nc whois.internic.net 43
The problem (if it indeed is a problem) is that the Internic WHOIS
program seems to be doing a partial search whenever there is a period in
the query, and a record type has not been specified. The help
information says that it will only do a partial search if either
'PArtial' keyword is used, or the query ends with a period.
> "But there is a problem, the standard WHOIS domain search used on
> thousands of web sites is no longer accurate. Why? Because each domain
> registrar now keeps their own WHOIS database which doesn't include
> domains registered by competing registrars."
Actually its pretty easy to do what betterwhois.com does.. in fact, the
whois program that Debian Woody comes with does it automatically.
You just query whois.internic.net (remembering to use the 'DOmain'
keyword if you don't want to see any matching nameservers):
$ echo "do microsoft.com" | nc whois.internic.net 43
Then you look for the line that says what WHOIS server contains more
detailed information. For microsoft.com, being:
Whois Server: whois.networksolutions.com
And query that server.. which doesn't run the same kind of WHOIS server
as Internic, so you have to use a simpler query:
$ echo "microsoft.com" | nc whois.networksolutions.com 43
This also works with domains ending in EDU, but betterwhois.com doesn't
let you look them up. I suggest you get a better whois program, like
the one that comes with Debian:
A ``whois microsoft.com'' command using this whois program still
displays those name servers that you dislike so much, but also follows
the "crsnic referral" and gets the full record from the appropriate
> Some registrars obviously don't care what's in their database.
It isn't their responsibility to make sure that your name servers
function properly.. so, yeah, I guess you could say that they don't
Not all of those name servers are bogus. For one,
MICROSOFT.COM.HAS.ITS.OWN.CRACKLAB.COM is an actual working name server.
More information about the svlug