whois syntax

i was arguing with my friend about whois servers. he thought that all
whois servers were relatively similar in design and function, and i
convinced that wasn't the case.

network solutions can look up domain names and host records, along
with having a 'help' function and 'tags' you can add to your 'query'
to focus your answer.

most of the other domain registrars just do domain name queries. i
assume they can do host queries as well, but i've not checked. i've
not yet found one that has the same 'tagging' ability that network
solutions has.

arin.net can map network addresses (and netblock names) to the names
of the registering party, where radb.net can do that and also handles
as numbers.

the output of all of them differs (which makes parsing the output a
lot of fun :).

the thing that gets me, though, is that the radb.net whois server
seems to have some 'extended command language' whereby one can pass
query after query over one tcp connection and not get dropped. is
this 'language' documented anywhere, or do i just have to find and
read source code that uses it?

-----BEGIN PGP SIGNED MESSAGE-----

Andrew,

There is some pretty good documentation that comes with the rwhois source.
There are two releases of note, (v1.0 and v.1.1 ?not sure if these are exact),
version 1.5 is more extensible but drops some of the builtins and config from
1.0. I eventually settled on 1.5 with some pieces of 1.0 merged in. 1.0 has
much better output control (prettier). The 'extended command language' is
documented with the source.

Matt

i was arguing with my friend about whois servers. he thought that all
whois servers were relatively similar in design and function, and i
convinced that wasn't the case.

[...]

the thing that gets me, though, is that the radb.net whois server
seems to have some 'extended command language' whereby one can pass
query after query over one tcp connection and not get dropped. is
this 'language' documented anywhere, or do i just have to find and
read source code that uses it?

__________________________ http://www.invision.net/ _______________________

Matthew E. Martini, PE InVision.com, Inc. (631) 543-1000 x104
Chief Technology Officer matt@invision.net (631) 864-8896 Fax
_______________________________________________________________________pgp_

i was arguing with my friend about whois servers. he thought that all
whois servers were relatively similar in design and function, and i
convinced that wasn't the case.

In theory they are all similar. In theory, all languages in the world are similar in design and function. They enable people to communicate and express ideas. Whois servers allow people to find out information about domains, hosts, and netblocks. Every company seems to have a different way of doing this.

the output of all of them differs (which makes parsing the output a
lot of fun :).

There is no standard specified in the RFC for output, just for query language.

the thing that gets me, though, is that the radb.net whois server
seems to have some 'extended command language' whereby one can pass
query after query over one tcp connection and not get dropped. is
this 'language' documented anywhere, or do i just have to find and
read source code that uses it?

As is usually the case, the RFCs are far too wordy. Basically, there are a number of basic mandatory functions and a larger set of optional commands which can be implemented if the developer desires. Since I have written several whois and rwhois servers, I have distilled the essential functions down to a one page cheat sheet I use to query and to write/modify our whois servers.

The command you are looking for is part of the standard features:

-holdconnect on (for multiple commands, keep the connection open after sending the response)

-holdconnect off (to disconnect after the response is sent)

I hope this helps.

-Robert

Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"They that give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety."
- Benjamin Franklin, 1758.

Is RFC954 a standard in any real sense? Seems to me that the RFC2026
designation for that document would be "Historic", although RFC954 is
old enough that it is not labelled with a maturity level.

The only consistent similarities I can find between all the deployed
production *IR/IRR/registry/registrar whois servers is (a) that they
all let you look stuff up, and (b) they all listen on 43/tcp.

Joe

i was arguing with my friend about whois servers. he thought that all
whois servers were relatively similar in design and function, and i
convinced that wasn't the case.

In theory they are all similar. In theory, all languages in the world are
similar in design and function. They enable people to communicate and
express ideas. Whois servers allow people to find out information about
domains, hosts, and netblocks. Every company seems to have a different way
of doing this.

in theory the protocols that flow over "well known ports" are somewhat
standardized. it seems, instead, that the protocols are sometimes
standardized and sometimes not, with a broad array of alternatives in
between.

the output of all of them differs (which makes parsing the output a
lot of fun :).

There is no standard specified in the RFC for output, just for query language.

the thing that gets me, though, is that the radb.net whois server
seems to have some 'extended command language' whereby one can pass
query after query over one tcp connection and not get dropped. is
this 'language' documented anywhere, or do i just have to find and
read source code that uses it?

As is usually the case, the RFCs are far too wordy. Basically, there are a
number of basic mandatory functions and a larger set of optional commands
which can be implemented if the developer desires. Since I have written
several whois and rwhois servers, I have distilled the essential functions
down to a one page cheat sheet I use to query and to write/modify our whois
servers.

The command you are looking for is part of the standard features:

-holdconnect on (for multiple commands, keep the connection open after
sending the response)

-holdconnect off (to disconnect after the response is sent)

actually...it turns out that it's rpsl, and the commands you have here
aren't understood by this whois server. you might be using those, but
they aren't.

> There is no standard specified in the RFC for output, just for query
> language.

Is RFC954 a standard in any real sense? Seems to me that the RFC2026
designation for that document would be "Historic", although RFC954 is
old enough that it is not labelled with a maturity level.

Well, the process is standardizes is so simple and flexible there
obviously hasn't been any need to change the past 16 years:

PROTOCOL

   To access the NICNAME/WHOIS server:

      Connect to the SRI-NIC service host at TCP service port 43
      (decimal).

      Send a single "command line", ending with <CRLF> (ASCII CR and
      LF).

      Receive information in response to the command line. The server
      closes its connection as soon as the output is finished.

The only consistent similarities I can find between all the deployed
production *IR/IRR/registry/registrar whois servers is (a) that they
all let you look stuff up, and (b) they all listen on 43/tcp.

Isn't trying to standardize the output of whois servers is like trying to
standardize the output of HTTP servers? Since this output is for human
consumtion (well, after HTML parsing in the case of HTTP) standardizing
has very few benefits.

> > There is no standard specified in the RFC for output, just for query
> > language.

> Is RFC954 a standard in any real sense? Seems to me that the RFC2026
> designation for that document would be "Historic", although RFC954 is
> old enough that it is not labelled with a maturity level.

Well, the process is standardizes is so simple and flexible there
obviously hasn't been any need to change the past 16 years:

The original comment was that the *query language* is standardised.
RFC954 digresses beyond the trivial protocol you mentioned to specify
lookup behaviour which is, in practice, entirely implementation-specific.

> production *IR/IRR/registry/registrar whois servers is (a) that they
> all let you look stuff up, and (b) they all listen on 43/tcp.

Isn't trying to standardize the output of whois servers is like trying to
standardize the output of HTTP servers? Since this output is for human
consumtion (well, after HTML parsing in the case of HTTP) standardizing
has very few benefits.

s/Since/If/

Scripts consume the output of whois servers, too. Ask abuse@$isp
(and witness the energy that went into RIPE-181 and later RPSL to
make the results of queries parsable).

Joe

A well-defined and widely implemented query language to large volumes of
data organized into tables does, in fact, exist.

It is called SQL.

I guess all that whois silliness is an acute case of NIH syndrome.

--vadim

[ On Saturday, October 20, 2001 at 16:15:48 (-0700), Vadim Antonov wrote: ]

Subject: Re: whois syntax

A well-defined and widely implemented query language to large volumes of
data organized into tables does, in fact, exist.

It is called SQL.

I guess all that whois silliness is an acute case of NIH syndrome.

I wouldn't think so -- NICNAME/WHOIS came long before SQL was popular
enough to depend upon for such a simple application. SQL wasn't
proposed as a standard until 1989 (with the beginnings of the process
starting in 1986). RFC 812 was published in 1982. (Yes there was
something very much resembling SQL published by IBM in 1976, but I
believe it was "just" a research project at the time.)

NICNAME/WHOIS was also initially designed to solve a problem that was at
the time so much infinitely simpler than anything anyone sane would ever
choose SQL for, even today.

SQL was not without competitors in the early days too! If the Internet
had started on Multics, the data would likely have been stored in MRDS
and its query language might have been available to WHOIS clients in
that scenario. If the SRI-NIC machines were unix-only at the time the
query language might have been regular expressions, with the search
engine implemented as a wrapper around grep!

As if that's all not reason enough, it's also important to remember that
SQL was a result of research at, and initially a product of, IBM (though
Oracle claims to have introduced the first commercially available
implementation); and undoubtably that just didn't sit well with the
early Internet pioneers who were working on primarily DEC equipment
(though I can't say that's related to the decisions of the SRI-NIC
implementors or not, except perhaps by chance).

1) I think it was more a case of NIY (Not Invented Yet).

2) If you think arguing about syntax is silly, wait till it
sinks in that if the syntax is standardized, the NEXT fight is
about what to call the fields in the schema....

I wish I were kidding - but I not too long ago came across a site with
a broken mail configuration - and mail to 'postmaster@' bounced due to a
'user unknown' error. Finally got the sysadmin on the phone, and he was
*very* apologetic - a PHB had decreed that all "role" mailboxes would
be 'something-MANAGER', so mail to 'mail-manager@' would have worked.
And no, an alias redirecting 'postmaster' to there was out too, because
the PHB said that would violate the One True Name. And no, it wasn't
likely to get fixed anytime soon, as the sysadmin was starting at
someplace else on Monday (for a manager with a clue), and the most
likely fix was the whole place dot-bombing.....

Be prepared for lots of arguments that boil down to "It should be called
'foo' because that's what it is on our database, and of COURSE we used
the best possible naming convention...."

        Valdis Kletnieks
        Operating Systems Analyst
        Virginia Tech

I would like to clarify that I'm talking about what's going on now, not
what WHOIS was back then.

--vadim