Confusing Whois

bitswitch

I always found it difficult understanding how to find the right path to get accurate whois information.

151.101.1.1, for example, is listed as US address on http://whois.domaintools.com/151.101.1.140 but 151/8 should be actually assigned to RIPE. RIPE's whois server does state that it belongs to NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK but nowhere refers back to ARIN.

How would one go about finding the right whois server route - via port 43 - to get the correct information in this case but also in general?

zafouhar

I'm not sure what you mean but 151.101.0.0/16 is an ARIN subnet.

https://whois.arin.net/rest/net/NET-151-101-0-0-1

bitswitch

@zafouhar said:
I'm not sure what you mean but 151.101.0.0/16 is an ARIN subnet.

https://www.iana.org/whois?q=151.101.0.0

WSS

I just use the geektools whois proxy, since it knows where to direct you for all queries- whois.geektools.com

bitswitch

@WSS said:
I just use the geektools whois proxy, since it knows where to direct you for all queries- whois.geektools.com

That is the question, how to know that .

151/8 should generally go to RIPE.

WSS

https://www.gnu.org/software/jwhois/manual/jwhois.txt

See Note #5.

bitswitch

@WSS said:
https://www.gnu.org/software/jwhois/manual/jwhois.txt

See Note #5.

Thank you, from what I seem to understand from this configuration block is that it appears as if jwhois always starts at whois.arin.net and then traverses on depending on the response. That cant be the "proper" approach though, can it?

WSS

They all seem to work in the same way- but many hide the internal proxying and do a query themselves and just dump to stdout, because with new TLDs popping up nearly yearly, it's the most pragmatic way to manage it without having to build a new binary all of the time. They used to be hardcoded, but that eventually fell apart.

bitswitch

In my case I would not be concerned about domain lookups (and the implications with the "recent" TLD insanity) but only IPv4 addresses.

In this particular example my problem is that 151/8 is officially listed under RIPE but was semi-officially reassigned to ARIN (partially at least), but querying RIPE does not yield any ARIN reference. Thats why I wonder what the right approach would be. Could it be that whois.arin.net is actually what all the "others" (including DomainTools) query?

WSS

You'd still query RIPE. ARIN sends you right back to RIPE, anyhow.

$whois 151.0.0.0
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '151.0.0.0 - 151.0.31.255'

% Abuse contact for '151.0.0.0 - 151.0.31.255' is '[email protected]'

inetnum:        151.0.0.0 - 151.0.31.255
netname:        ONLINETECH-ISG-VPDN
descr:          Online Technologies LTD
country:        UA
geoloc:         48.045955739960114 37.96531677246094
admin-c:        EDN-RIPE
tech-c:         EDN-RIPE
status:         ASSIGNED PA
mnt-by:         EDN-MNT
mnt-lower:      EDN-MNT
mnt-routes:     EDN-MNT
created:        2012-01-05T13:39:09Z
last-modified:  2015-10-05T13:14:54Z
source:         RIPE

role:           East Donbass Networks NOC
address:        Lenina str. 47/100
address:        Makeevka 86157
address:        Ukraine
abuse-mailbox:  [email protected]
admin-c:        ABG-RIPE
admin-c:        LKK-RIPE
tech-c:         LKK-RIPE
mnt-by:         EDN-MNT
nic-hdl:        EDN-RIPE
created:        2008-03-13T15:25:24Z
last-modified:  2016-02-01T13:05:19Z
source:         RIPE # Filtered

% Information related to '151.0.0.0/20AS45025'

route:          151.0.0.0/20
descr:          Online Technologies LTD
origin:         AS45025
mnt-by:         EDN-MNT
created:        2012-01-05T14:04:14Z
last-modified:  2012-01-05T14:04:14Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.90 (ANGUS)
$whois -h whois.arin.net 151.0.0.0 

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=151.0.0.0?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#

NetRange:       151.0.0.0 - 151.255.255.255
CIDR:           151.0.0.0/8
NetName:        RIPE-ERX-151
NetHandle:      NET-151-0-0-0-0
Parent:          ()
NetType:        Early Registrations, Maintained by RIPE NCC
OriginAS:       
Organization:   RIPE Network Coordination Centre (RIPE)
RegDate:        1993-04-30
Updated:        2009-05-18
Comment:        These addresses have been further assigned to users in
Comment:        the RIPE NCC region.  Contact information can be found in
Comment:        the RIPE database at http://www.ripe.net/whois
Ref:            https://whois.arin.net/rest/net/NET-151-0-0-0-0

ResourceLink:  https://apps.db.ripe.net/search/query.html
ResourceLink:  whois.ripe.net

OrgName:        RIPE Network Coordination Centre
OrgId:          RIPE
Address:        P.O. Box 10096
City:           Amsterdam
StateProv:      
PostalCode:     1001EB
Country:        NL
RegDate:        
Updated:        2013-07-29
Ref:            https://whois.arin.net/rest/org/RIPE

ReferralServer:  whois://whois.ripe.net
ResourceLink:  https://apps.db.ripe.net/search/query.html

OrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName:   Abuse Contact
OrgAbusePhone:  +31205354444 
OrgAbuseEmail:  [email protected]
OrgAbuseRef:    https://whois.arin.net/rest/poc/ABUSE3850-ARIN

OrgTechHandle: RNO29-ARIN
OrgTechName:   RIPE NCC Operations
OrgTechPhone:  +31 20 535 4444 
OrgTechEmail:  [email protected]
OrgTechRef:    https://whois.arin.net/rest/poc/RNO29-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#



Found a referral to whois.ripe.net.

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '151.0.0.0 - 151.0.31.255'

% Abuse contact for '151.0.0.0 - 151.0.31.255' is '[email protected]'

inetnum:        151.0.0.0 - 151.0.31.255
netname:        ONLINETECH-ISG-VPDN
descr:          Online Technologies LTD
country:        UA
geoloc:         48.045955739960114 37.96531677246094
admin-c:        EDN-RIPE
tech-c:         EDN-RIPE
status:         ASSIGNED PA
mnt-by:         EDN-MNT
mnt-lower:      EDN-MNT
mnt-routes:     EDN-MNT
created:        2012-01-05T13:39:09Z
last-modified:  2015-10-05T13:14:54Z
source:         RIPE

role:           East Donbass Networks NOC
address:        Lenina str. 47/100
address:        Makeevka 86157
address:        Ukraine
abuse-mailbox:  [email protected]
admin-c:        ABG-RIPE
admin-c:        LKK-RIPE
tech-c:         LKK-RIPE
mnt-by:         EDN-MNT
nic-hdl:        EDN-RIPE
created:        2008-03-13T15:25:24Z
last-modified:  2016-02-01T13:05:19Z
source:         RIPE # Filtered

% Information related to '151.0.0.0/20AS45025'

route:          151.0.0.0/20
descr:          Online Technologies LTD
origin:         AS45025
mnt-by:         EDN-MNT
created:        2012-01-05T14:04:14Z
last-modified:  2012-01-05T14:04:14Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.90 (HEREFORD)