WHOIS is another useful read-only directory service. WHOIS provides a telephone directory-like service for machines, networks, and the people who run them. Some larger organizations like IBM, UC Berkeley, and MIT provide WHOIS service, but the most important WHOIS servers by far are those run by the InterNIC and other Internet registries like RIPE (European IP address allocations) and APNIC (Asia/Pacific address allocations).
If you have to contact a system administrator at another site to report suspicious network activity, you would use WHOIS to get the contact info. There are GUI and command-line based tools for making WHOIS queries available for most operating systems. Under Unix, a typical query looks like this:
% whois -h whois.networksolutions.com brandeis.edu <large legal paragraph omitted> Registrant: Brandeis University (BRANDEIS-DOM) Information Technology Services Waltham, MA 02454-9110 US Domain Name: BRANDEIS.EDU Administrative Contact: Koskovich, Bob (BK138) [email protected] +1-781-555-1212 (FAX) +1-781-555-1212 Technical Contact, Zone Contact: Hostmaster, Brandeis C (RCG51) [email protected] +1-781-555-1212 (FAX) +1-781-555-1212 Billing Contact: Koskovich, Bob (BK138) [email protected] +1-781-555-1212 (FAX) +1-781-555-1212 Record last updated on 13-Oct-1999. Record created on 27-May-1987. Database last updated on 19-Dec-1999 17:42:19 EST. Domain servers in listed order: LILITH.UNET.BRANDEIS.EDU 129.64.99.12 FRASIER.UNET.BRANDEIS.EDU 129.64.99.11 DIAMOND.CS.BRANDEIS.EDU 129.64.2.3 DNSAUTH1.SYS.GTEI.NET 4.2.49.2 DNSAUTH2.SYS.GTEI.NET 4.2.49.3
If you needed to track down the owner of a particular IP address range, WHOIS is also the right tool:
% whois -h whois.arin.net 129.64.2 Brandeis University (NET-BRANDEIS) 415 South Street Waltham, MA 02254 Netname: BRANDEIS Netnumber: 129.64.0.0 Coordinator: Koskovich, Bob (BK138-ARIN) [email protected] 617-555-1212 Domain System inverse mapping provided by: BINAH.CC.BRANDEIS.EDU 129.64.1.3 NIC.NEAR.NET 192.52.71.4 NOC.CERF.NET 192.153.156.22 Record last updated on 10-Jul-97. Database last updated on 9-Oct-98 16:10:44 EDT. The ARIN Registration Services Host contains ONLY Internet Network Information: Networks, ASN's, and related POC's. Please use the whois server at rs.internic.net for DOMAIN related Information and nic.mil for NIPRNET Information.
The previous sessions used a Unix command-line WHOIS client. Windows NT and MacOS do not ship with clients like this, but that shouldn't stop users of those systems from accessing this information. There are many fine shareware clients available, but it is easy enough to construct a very simple client in Perl using Net::Whois, originally by Chip Salzenberg and now maintained by Dana Hudes. The following example is only slightly modified from one provided in the documentation that comes with the module:
use Net::Whois; # query server, returning an object with results my $w = new Net::Whois::Domain $ARGV[0] or die "Can't connect to Whois server\n"; die "No domain information found for $ARGV[0]\n" unless ($w->ok); # print out parts of that object print "Domain: ", $w->domain, "\n"; print "Name: ", $w->name, "\n"; print "Tag: ", $w->tag, "\n"; print "Address:\n", map { " $_\n" } $w->address; print "Country: ", $w->country, "\n"; print "Record created: ".$w->record_created."\n"; print "Record updated: ".$w->record_updated."\n"; # print out name servers ($w->servers returns a list of lists) print "Name Servers:\n", map { " $$_[0] ($$_[1])\n" } @{$w->servers}; # print out contact list ($w->contacts returns a hash of lists) my($c,$t); if ($c = $w->contacts) { print "Contacts:\n"; for $t (sort keys %$c) { print " $t:\n"; print map { "\t$_\n" } @{$$c{$t}}; } }
Querying the InterNIC/Network Solutions WHOIS server is a simple process. We use Net::Whois::Domain to return a result object. Data is then accessed by calling the methods of that object named after the fields returned by the WHOIS query.
WHOIS will play a significant role in Chapter 8, "Electronic Mail", but for now let's move on to more complex directory services. We've already begun that transition simply by moving from Finger to WHOIS. There's an important distinction between the Finger and WHOIS examples that you've seen so far: structure.
The output of Finger varies from one server implementation to another. Although some output conventions exist, it is freeform in nature. The InterNIC/Network Solutions WHOIS server returns data with a more consistent structure and organization. We can expect each entry to have at least Name, Address, and Domain fields. The Net::Whois module relies on this structure and parses the response into fields for us. There is another module by Vipul Ved Prakash called Net::XWhois which takes this a step further, providing a framework for parsing information formatted in different ways by different WHOIS servers.
Even though the WHOIS protocol itself does not have a notion of fields, the modules we are calling are starting to rely on the structure of the information. The directory services we are about to look at take this structuring more seriously.
Copyright © 2001 O'Reilly & Associates. All rights reserved.