| |
Abstract
This document describes how to get contact information on the
Internet regarding hostnames, domainnames and IP addresses.
Introduction
There are a lot of sources of information regarding hosts, domains
and IP subnets on the Internet. Besides the operational information
(hostname, domainname and IP addresses) there is administrative
information like owner of the domain and who to contact in case of
problems.
Used abbrevations
- TLD Top Level Domain, which are .com, .org, .net, .edu,
.mil, .gov and .int.
- ccTLD a Country Code Top Level Domain, like .au, .nl and .us.
Note: The host- and domainnames in this document are made
up. They are mixes of host- and domainnames of real hosts.
Host/domain names
The host- and domainname of a host often gives you a clue on
who owns the host. For example, gw-us1.compaq.com tells
you that the host belongs to Compaq, and it probably is a gateway
in the USA. Another example is cache3.telstra.net.au. It's
a host of Telstra in Australia and it is a cache (probably a
webcache, since I've found this in my Apache log).
If the domainname of a host is not in a TLD, the ccTLD will give
information on where the machine is located. For example
cache3.telstra.net.au is located in .au, which is Australia.
DNS information
Every zone in DNS has a SOA field (Start of Authority), which gives
some configuration about a zone: The primary name-server, a serial
number, refresh time etc. It also contains the contact data for
that zone.
...of a hostname
If you have a hostname, just ask for the soa field.
[~] edwin@k7>dig www.example.com soa
; <<>> DiG 8.3 <<>> www.example.com soa
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; www.example.com, type = SOA, class = IN
;; ANSWER SECTION:
www.example.com. 6d23h58m50s IN CNAME VENERA.ISI.EDU.
;; AUTHORITY SECTION:
ISI.EDU. 3H IN SOA ISI.EDU. action.ISI.EDU. (
2001081400 ; serial
2H ; refresh
30M ; retry
1W ; expiry
1D ) ; minimum
;; Total query time: 624 msec
;; FROM: k7.mavetju.org to SERVER: default -- 127.0.0.1
;; WHEN: Thu Aug 16 10:31:19 2001
;; MSG SIZE sent: 33 rcvd: 119
|
If you look at the SOA field, it gives ISI.edu. and
action.ISI.EDU.. The first is the primary nameserver for
this zone, the second is the contact-data for this domain. Although
there is no @-sign in the contact-data, just replace the first dot
with an @-sign. So the contact-data for this domain is
[email protected]..
...of an IP address
If you have only an IP address, not a hostname, you can still get
the necessary information from DNS. To check out who owns
ip1.ip2.ip3.ip4, checkout ip4.ip3.ip2.ip1.in-addr.arpa.
So for the IP address 1.2.3.4, we have to checkout
4.3.2.1.in-addr.arpa:
[~] edwin@k7>dig 4.3.2.1.in-addr.arpa
; <<>> DiG 8.3 <<>> 4.3.2.1.in-addr.arpa
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; 4.3.2.1.in-addr.arpa, type = A, class = IN
;; AUTHORITY SECTION:
3.2.1.in-addr.arpa. 1D IN SOA dnspri.sys.gtei.net. dns-admin.bbnplanet.com. (
2001050867 ; serial
1H ; refresh
15M ; retry
1w3d ; expiry
1D ) ; minimum
;; Total query time: 5558 msec
;; FROM: k7.mavetju.org to SERVER: default -- 127.0.0.1
;; WHEN: Thu Aug 16 10:43:27 2001
;; MSG SIZE sent: 38 rcvd: 116
|
The contact-data for this zone is [email protected].
So if you have questions regarding 1.2.3.4, go to him.
Probing services
Certain services running on a host can give away information of
who is responsible for the machine.
... via SMTP
The SMTP protocol gives the hostname in the 220-Greeting Reply code
[~] edwin@k7>telnet www.example.com smtp
Trying 128.9.176.32...
Connected to VENERA.ISI.EDU.
Escape character is '^]'.
220 venera.isi.edu ESMTP Sendmail 8.9.3/8.9.3; Wed, 15 Aug 2001 18:05:28 -0700 (PDT)
|
So www.example.com knows itself as venera.isi.edu.
Use DNS and WHOIS to get contact data for this new hostname.
...via FTP
The FTP protocol might also give the hostname in the 220-Greeting Reply code
[~] edwin@k7>ftp ftp.funet.fi
Connected to ftp.funet.fi.
220-
220-Welcome to the FUNET archive, Please login as `anonymous' with
220-your E-mail address as the password to access the archive.
220-See the README file for more information about this archive.
220-
220- All anonymous transfers are logged with your host name and whatever you
220- entered for the password. If you don't like this policy, disconnect now!
220-
220-THIS is a new four processor SUN 450/4GB/600+GB system under installation
220-Please mail to [email protected] in case of problems
220-
220-
220-ftp.funet.fi FTP server (Version 4.1481 [email protected]) ready.
220-There are 139 (max 250) archive users in your class at the moment.
220-Assuming 'login anonymous', other userids do vary.)
220-Local time is Thu Aug 16 04:12:25 2001 EET DST
220-
220 You can do "get README" even without logging in!
Name (ftp.funet.fi:edwin):
|
Now we know a contact person for this host is [email protected].
WHOIS information
WHOIS is a distributed database with information regarding domainnames,
IP subnets and the people involved in it. To access it, use the
whois command.
It is possible that a whois-server doesn't know about the domain
but gives a different whois-server. Some whois-programs are smart
enough to recognize it, otherwise you have to specify the new
whois-server with the -h command, for example whois -h
whois.example.com example.com.
...of a Top Level Domain
The domain information for the .com, .edu, .net and .org domains
is at whois.internic.net. This is also the default server
for the whois-command.
[~] edwin@k7>whois example.com
Whois Server Version 1.3
Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: EXAMPLE.COM
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: NS.ISI.EDU
Name Server: VENERA.ISI.EDU
Updated Date: 13-jun-2001
>>> Last update of whois database: Mon, 13 Aug 2001 02:05:19 EDT <<<
Registrant:
Internet Assigned Numbers Authority (EXAMPLE-DOM)
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292
US
Domain Name: EXAMPLE.COM
Administrative Contact, Technical Contact, Billing Contact:
Internet Assigned Numbers Authority (IANA) [email protected]
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292
US
310-823-9358
Fax- 310-823-8649
Record last updated on 29-Nov-2000.
Record expires on 15-Aug-2010.
Record created on 14-Aug-1995.
Database last updated on 15-Aug-2001 03:12:00 EDT.
Domain servers in listed order:
VENERA.ISI.EDU 128.9.176.32
NS.ISI.EDU 128.9.128.127
|
The original whois-request was send to whois.internic.net,
but it was forwarded to whois.networksolutions.com.
You are given the email address of the contact person here,
[email protected]. Sometimes there are different email addresses
for the administrative, technical and billing contacts.
...of a IP subnet
There are three global whois-servers with information of IP subnets:
ARIN (American Registry for Internet Numbers), RIPE (R'eseaux IP
Europ'eens) and APNIC (Asia/Pacific Network Information Center).
The ARIN database is smart enough to know where the rest of the
data might be located, but it doesn't give all the possible
information.
For example, finding information about a subnet in the USA
[~] edwin@k7>whois -h whois.arin.net 4.3.2.1
BBN Planet (NET-SATNET)
150 Cambridge Park Dr.
Cambridge, MA 02138
US
Netname: SATNET
Netblock: 4.0.0.0 - 4.255.255.255
Maintainer: BBNP
Coordinator:
Soulia, Cindy (CS15-ARIN) [email protected]
800-632-7638
Domain System inverse mapping provided by:
NIC.NEAR.NET 192.52.71.4
VIENNA1-DNS-AUTH1.BBNPLANET.COM 4.1.16.4
NIC3.BARRNET.NET 131.119.245.6
ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Record last updated on 17-Feb-1999.
Database last updated on 14-Aug-2001 23:06:24 EDT.
|
If you ask whois.arin.net for the 131.155.0.0 subnet, it
will give a similair answer, but you will see that the country is
NL instead of US. Since NL is part of Europe, you should ask
whois.ripe.net for it:
[~] edwin@k7>whois -h whois.ripe.net 131.155.132.36
% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 131.155.0.0 - 131.155.255.255
netname: TUENET1
descr: Technische Universiteit Eindhoven
descr: Eindhoven
country: NL
admin-c: JS7702-RIPE
tech-c: TL1146-RIPE
rev-srv: tuegate.tue.nl
mnt-by: RIPE-NCC-NONE-MNT
changed: [email protected] 19910501
changed: [email protected] 19930806
changed: [email protected] 19941214
changed: [email protected] 19990706
changed: [email protected] 20000225
source: RIPE
route: 131.155.0.0/16
descr: TUENET1
origin: AS1103
mnt-by: AS1103-MNT
changed: [email protected] 19941121
source: RIPE
person: Joop Schillemans
address: Technische Universiteit Eindhoven
address: P.O. Box 513
address: NL-5600 MB Eindhoven
address: The Netherlands
phone: +31 40 472147
e-mail: [email protected]
nic-hdl: JS7702-RIPE
remarks: This object is no longer maintained by [email protected]
remarks: and is or may soon become obsolete.
changed: [email protected] 19930112
changed: [email protected] 19950809
changed: [email protected] 19990615
source: RIPE
person: Tonny van Lankveld
address: Technische Universiteit Eindhoven
address: P.O. Box 513
address: NL-5600 MB Eindhoven
address: The Netherlands
phone: +31 40 472139
e-mail: [email protected]
nic-hdl: TL1146-RIPE
remarks: This object is no longer maintained by [email protected]
remarks: and is or may soon become obsolete.
changed: [email protected] 19941215
changed: [email protected] 19950809
source: RIPE
|
Contact persons for this subnet are [email protected] and
[email protected].
Finding the right whois-server
Finding the right whois-server for a (cc)TLD is often tricky.
Luckely there is an overview of the whois-servers in DNS. Just
query at (cc)TLD.whois-servers.net, for example:
[~] edwin@k7>whois -h nl.whois-servers.net nlfug.nl
Rights restricted by copyright. See
http://www.domain-registry.nl/bestaat.lp
|
So instead of remembering that whois.domain-registry.nl is
for the .nl whois-database, use nl.whois-servers.net. Same
works for the TLDs, i.e. mil.whois-servers.net. Your
whois-client might already support this, you can try it by asking
it without the -h part. If it does get an answer as described above,
it does.
Keep in mind that this trick only works if there is one whois-server
per ccTLD. In a country where there are more than one this will
(for example Australia) you might have to specify the subdomain
also: net.au.whois-servers.net vs au.whois-servers.net.
Caveats
Despite the good intentions of the contact-data in DNS and in the
WHOIS-database, it is all administrative and sometimes the real-life
situation changes without that this information is changed. For
example people leave a company and the company forgets to update
the whois-contact-database. Or the hostname in the contact-data
for the DNS zone does not exist, or the host doesn't accept email
for that domain.
|
|
|