Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[gentoo-user] Best whois client?
48 views
Skip to first unread message
Stroller
Mar 26, 2013, 2:00:03 PM3/26/13
to
Searching portage, I find there are quite a number of alternative whois clients.
I think I have always used net-misc/whois in the past I now notice that a BSD whois is available, a "generic" and an advanced jwhois.
Presumably there are some differences between the functionality provided by these packages, can anyone tell me which is the "best", please?
I use whois a lot for looking up the abuse address of a host, by IP address. Primarily I'd like to get up-to-date and useful results from something `whois 1.2.3.4 | grep -i abuse`.
TIA for any help,
Stroller.
I think I have always used net-misc/whois in the past I now notice that a BSD whois is available, a "generic" and an advanced jwhois.
Presumably there are some differences between the functionality provided by these packages, can anyone tell me which is the "best", please?
I use whois a lot for looking up the abuse address of a host, by IP address. Primarily I'd like to get up-to-date and useful results from something `whois 1.2.3.4 | grep -i abuse`.
TIA for any help,
Stroller.
Michael Orlitzky
Mar 27, 2013, 7:40:02 PM3/27/13
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/27/2013 06:08 AM, Mick wrote:
>
> Like Stroller I've been using net-misc/whois for ever and it does
> what I want, but don't know what the other packages may be able to
> do/do better. I would also be interested to find out why people
> prefer using these.
>
They're all identical. The whois protocol is stupid simple; here's the
entire spec from the RFC:
2. Protocol Specification
A WHOIS server listens on TCP port 43 for requests from WHOIS
clients. The WHOIS client makes a text request to the WHOIS server,
then the WHOIS server replies with text content. All requests are
terminated with ASCII CR and then ASCII LF. The response might
contain more than one line of text, so the presence of ASCII CR or
ASCII LF characters does not indicate the end of the response. The
WHOIS server closes its connection as soon as the output is finished.
The closed TCP connection is the indication to the client that the
response has been received.
Different data are located in different places, though. So if you're
looking up an IP address, you'll want one server. If you're looking up
an AS number, you'll want another. All the client does is run
heuristics to figure out who (and how) to query. Then it dumps it to a
terminal.
In short, there are a lot of whois clients for the same reason there
are a lot of telnet clients: it's something you can sit down and write
in a weekend.
Personally, I tried jwhois at first, but couldn't remember to type the
'j'. So now I use non-j whois.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQIcBAEBAgAGBQJRU4LDAAoJEBxJck0inpOiaeUQAKEf06tmlE2G3oaHcd6Vowgb
Xlkbp5o223eUHhGQ2wmtrxwKkShij8iIbq2HUTBboFXcLhj4SmbmgRBxcn1xtxu/
FcP1Icqu0ZHhKUJeB7C+5OYznTx+Rp79Bc325sYIhepP435bjMcAXQZLSiwJlmGX
xmW/KGZ16YUGtjMK7nNOHi49OirT8LBDW2Syx44ReF7T1i17Uqlw+/URyxdg+naY
ImDWPY8AD+uHRNNJYVBkimOlSCpA+N0cZ8jp1ehhxZw+I6G0Qmk9JW15l3e+knxQ
3LEspC55YhIbGwrA410XajBRDUPdUSrSo8KKjmYqYxJN9i7x4aHUGKs+jtB0lTFo
RWYYdQEwLielREbZZP3AvZLaSMSN6ekx9tu45u6oj2AiM5+28q237CQY1hQp1zC2
cZrqjOcJrDWygC6mpeIOyjt1bAI9XHrFArhRZfseW52bpz62+Zd2x9my6QP6dCug
f07iliWsayqsnzujv75kfOd4RReoCDhL/l+oDzEznRepO1Ds64WBx+pKcCwyb/bC
mNoyMcE4FKwlGKmTs4vM5e1gjpu//IntgGJCwb/+Su9HQF2IezMl2rlyMIsYWhlo
p0kYoCAGCxvKkJZbtqMzg6zhMWTAk9bD9OQVIP+Csez3BZk0dVDmEPPWUIh15yfM
RZAO1/8YSwXuNzRxezLT
=3GJk
-----END PGP SIGNATURE-----
Hash: SHA1
On 03/27/2013 06:08 AM, Mick wrote:
>
> Like Stroller I've been using net-misc/whois for ever and it does
> what I want, but don't know what the other packages may be able to
> do/do better. I would also be interested to find out why people
> prefer using these.
>
entire spec from the RFC:
2. Protocol Specification
A WHOIS server listens on TCP port 43 for requests from WHOIS
clients. The WHOIS client makes a text request to the WHOIS server,
then the WHOIS server replies with text content. All requests are
terminated with ASCII CR and then ASCII LF. The response might
contain more than one line of text, so the presence of ASCII CR or
ASCII LF characters does not indicate the end of the response. The
WHOIS server closes its connection as soon as the output is finished.
The closed TCP connection is the indication to the client that the
response has been received.
Different data are located in different places, though. So if you're
looking up an IP address, you'll want one server. If you're looking up
an AS number, you'll want another. All the client does is run
heuristics to figure out who (and how) to query. Then it dumps it to a
terminal.
In short, there are a lot of whois clients for the same reason there
are a lot of telnet clients: it's something you can sit down and write
in a weekend.
Personally, I tried jwhois at first, but couldn't remember to type the
'j'. So now I use non-j whois.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQIcBAEBAgAGBQJRU4LDAAoJEBxJck0inpOiaeUQAKEf06tmlE2G3oaHcd6Vowgb
Xlkbp5o223eUHhGQ2wmtrxwKkShij8iIbq2HUTBboFXcLhj4SmbmgRBxcn1xtxu/
FcP1Icqu0ZHhKUJeB7C+5OYznTx+Rp79Bc325sYIhepP435bjMcAXQZLSiwJlmGX
xmW/KGZ16YUGtjMK7nNOHi49OirT8LBDW2Syx44ReF7T1i17Uqlw+/URyxdg+naY
ImDWPY8AD+uHRNNJYVBkimOlSCpA+N0cZ8jp1ehhxZw+I6G0Qmk9JW15l3e+knxQ
3LEspC55YhIbGwrA410XajBRDUPdUSrSo8KKjmYqYxJN9i7x4aHUGKs+jtB0lTFo
RWYYdQEwLielREbZZP3AvZLaSMSN6ekx9tu45u6oj2AiM5+28q237CQY1hQp1zC2
cZrqjOcJrDWygC6mpeIOyjt1bAI9XHrFArhRZfseW52bpz62+Zd2x9my6QP6dCug
f07iliWsayqsnzujv75kfOd4RReoCDhL/l+oDzEznRepO1Ds64WBx+pKcCwyb/bC
mNoyMcE4FKwlGKmTs4vM5e1gjpu//IntgGJCwb/+Su9HQF2IezMl2rlyMIsYWhlo
p0kYoCAGCxvKkJZbtqMzg6zhMWTAk9bD9OQVIP+Csez3BZk0dVDmEPPWUIh15yfM
RZAO1/8YSwXuNzRxezLT
=3GJk
-----END PGP SIGNATURE-----
Stroller
Mar 28, 2013, 3:20:02 PM3/28/13
to
On 27 March 2013, at 23:37, Michael Orlitzky wrote:
>> ...
>> Like Stroller I've been using net-misc/whois for ever and it does
>> what I want, but don't know what the other packages may be able to
>> do/do better. I would also be interested to find out why people
>> prefer using these.
>
> They're all identical. The whois protocol is stupid simple
The search I made before posting led me the wikipedia article which mentioned, for example, using thick and thin client models.
>> what I want, but don't know what the other packages may be able to
>> do/do better. I would also be interested to find out why people
>> prefer using these.
>
> They're all identical. The whois protocol is stupid simple
http://en.wikipedia.org/wiki/Whois#Thin_and_thick_lookups
One might assume, for example, that a thin client might tend to give more accurate and up-to-date information, but of course there's also the issue that the whois server for the domain might move. Thus the client might need to be updated in a timely manner, too.
I have a Gentoo box here that, embarrassingly, hasn't been updated in several years. It seems to sometimes give different results than my laptop does.
Stroller.
Michael Orlitzky
Mar 28, 2013, 8:20:02 PM3/28/13
to
On 03/28/2013 03:11 PM, Stroller wrote:
> The search I made before posting led me the wikipedia article which
> mentioned, for example, using thick and thin client models.
>
> http://en.wikipedia.org/wiki/Whois#Thin_and_thick_lookups
>
> One might assume, for example, that a thin client might tend to give
> more accurate and up-to-date information, but of course there's also
> the issue that the whois server for the domain might move. Thus the
> client might need to be updated in a timely manner, too.
>
The thin model sort of works like DNS, except everything is unstructured
> The search I made before posting led me the wikipedia article which
> mentioned, for example, using thick and thin client models.
>
> http://en.wikipedia.org/wiki/Whois#Thin_and_thick_lookups
>
> One might assume, for example, that a thin client might tend to give
> more accurate and up-to-date information, but of course there's also
> the issue that the whois server for the domain might move. Thus the
> client might need to be updated in a timely manner, too.
>
and totally made-up on the server side and guessed-at on the client
side. The clients are trying to parse the unstructured output, like you
would if you were trying to screen scrape a webpage. As of ten seconds
ago, this is what I get for a lookup of orlitzky.com:
Domain Name: ORLITZKY.COM
Registrar: GANDI SAS
Whois Server: whois.gandi.net
Referral URL: http://www.gandi.net
...
The "Whois Server:" for the domain is something like an NS record, where
the guy higher up points you at the next level down. If the whois server
for the domain changed, you wouldn't need to update the client -- you
could just ask the top-level server for it again. What *would* make you
update the client is if, say, that top-level server started outputting a
space between "Server" and ":".
0 new messages