Is there some kind of real-time WHOIS for .COM (and friends) which
allows you to determine at least the corresponding registrar? This is
helpful if you have to pull a delegation in order to mitigate a
particular threat.
Going by the name servers listed in DNS isn't particularly helpful if
it points to end-user dial-up space. 8-(
* Joe Abley:
Is there some kind of real-time WHOIS for .COM (and friends) which
allows you to determine at least the corresponding registrar?whois.crsnic.net?
Since a couple of others have also suggested similar approaches,
here's the actual problem (implied by the "real-time" part of the
subject line 8-):
Last update of whois database: Wed, 10 Aug 2005 02:12:49 EDT <<<
In other words, this database lags considerably behind DNS. Someone
has suggested to query all known registrars for the domain and hope
that one of them has already updated its WHOIS server. This reduces
the delay a little bit for some registrars, but is of course no
general solution.
You can ask Verisign (NOT networksolutions) directly, but as far as I know they do updates of whois once/day and it is not real time and no other options are available. Note that registrar information should be current
in internic whois because registrar data can not be changed in real-time
and transfers are done once or twice a day (as far as I know, this may
have changed now too).
Best you can get is to do query using whois.completewhois.com since by
default our server will do both whois query to internic and dns query to
find current deligated dns servers. If they are different you will see this info after nameserver saying "[from dns" where as whois nameserver will be indicated with "[from whois". This can be helpful with some
domains that change nameservers often (domains used in phsh emails in particular seem to be used this way).
I think the implied querstion may have been how to find registrar for
newly registered domains (<24 hours). In that case you're out of luck - there seems to be no way to do that - and yes, I've asked this
particular question from somebody @verisign before and he said they will
consider how this info can be made available (but nothing has been done
so far and there was no promise to do it - so keep asking them maybe if
they hear enough requests they will move on it). On somewhat similar
problem, I've also asked them to provide public access to deltas of nameserver changes (i.e. what changes to nameservers had been done for
domain within say last 24 hours)and nothing so far either (this is also very helpful when investigating phishes).
...
Best you can get is to do query using whois.completewhois.com since by
default our server will do both whois query to internic and dns query to
find current deligated dns servers. ...
Fedora core test page?
Ah - you may have meant to say <URL: completewhois.com steht zum Verkauf - Sedo GmbH.
william(at)elan.net wrote:
[...]
Best you can get is to do query using whois.completewhois.com since
by default our server will do both whois query to internic and dns
query to find current deligated dns servers. ...
Fedora core test page?
Ah - you may have meant to say <URL: completewhois.com steht zum Verkauf - Sedo GmbH.
No. I'm almost certain that he really did mean whois.completewhois.com
and that whistling sound overhead is you missing the point.
Write out 100 times: "the Internet and the web are not the same
thing".
Near-real-time Whois for com/net is not available today but is coming:
it will be in place by April 1, 2006, per the new .net registry
agreement
(http://www.icann.org/tlds/agreements/net/net-registry-agreement-01jul05.pdf,
FWIW).
Our registry customer service group reads mail sent to
<info@verisign-grs.com> 24 hours per day, so if it's a real emergency
you can always contact them or activate the bat signal with a posting
on NANOG, which is also read here throughout the day.
Matt
Good heavens, I'm becoming one of Them! You're quite right, I've said
exactly that myself, too many times. My only defense is that 'whois'
does not work from where I'm sitting, and the Web interface was needed.
[But a simple 'ssh' would have fixed that.]
Joe Abley wrote:
Is there some kind of real-time WHOIS for .COM (and friends) which
allows you to determine at least the corresponding registrar?whois.crsnic.net?
the issue is that VGRS does not even allow a registrar to find out this information real-time. Other registries publish this information in the whois and also make it available to registrars through EPP real-time.
RRP and the VeriSign EPP implementation DO NOT allow a registrar to inspect other registrars object (though other registres do)
don't expect the powers that be to assist anyone in security issues.
the average length of a phishing e-mail spam last some 45 minues, com,net whois is updated ever 24 hours.
-rick
* Rick Wesson:
the issue is that VGRS does not even allow a registrar to find out this
information real-time. Other registries publish this information in the
whois and also make it available to registrars through EPP real-time.
It seems that one of the largest Verisign competitors plans to hide
the registrar information completely and permanently. (They operate
according the thick registry model, if I got the terminology right, so
this is quite possible.) If you don't like this move, speak up.
Unfortunately, only those who know which ccTLD I'm talking about have
a vote. 8-(
the average length of a phishing e-mail spam last some 45 minues,
ITYM "median". Average is definitely higher.
It seems that one of the largest Verisign competitors plans to hide
the registrar information completely and permanently. (They operate
according the thick registry model, if I got the terminology right, so
this is quite possible.) If you don't like this move, speak up.
I don't like this...
Unfortunately, only those who know which ccTLD I'm talking about have
a vote. 8-(
but ccTLD operate under different rules then gTLDs and I'm not sure
that my not liking this can cause any changes. ccTLD operator is
pretty much free to do as they like (as long as government agency
for that country does not get angtry at them).
the average length of a phishing e-mail spam last some 45 minues,
ITYM "median". Average is definitely highier.
Closer to 8 hours I think, but I dont have enough data to be certain.