whois

[John Wobus]

I agree with you that whois can be less than helpful at times.
In fact, you probably want to use dig for what you are doing.
Whois can be extremely helpful when it is working and providing
correct data, but the whois system is a separate database, while dig
goes directly to DNS servers themselves.  Whois clients differ, as you 
found;
your whois queries might be stymied by the very DNS problem
you're attempting to investigate; it's possible the Registrar doesn't
even provide a whois database, or they have one that's so overloaded
as to be useless, and it's possible they don't keep it in synch
with the actual DNS.  So even if you get an answer, you can't fully
trust it until you verify it more directly.

Dig gives you ways to check each piece of the puzzle.

Your mention that you get different results on different VLANs & clients
throws suspicion on port blocking, firewall, or the DNS caching servers,
obviously depending upon how these differ from client to client.

John Wobus
Cornell U

On Apr 30, 2007, at 2:17 PM, Jeff Lightner wrote:

> OK I know this isn't BIND specific but I'm a little confused.
> On checking an outbound email going to an address @sas.samsung.com I
> wanted to verify that was a real server.   I found I couldn't ping it
> and also when going on line I couldn't go to www.samsung.com (that may
> be DNS).   I then decided just to do a whois to make sure Samsung.com
> was the correct domain.
>
> On attempting that from my Linux (FC4) workstation I found saw the
> following:
>
> whois samsung.com
> [Querying whois.internic.net]
> [Redirected to whois.yesnic.com]
> [Querying whois.yesnic.com]
> [whois.yesnic.com: Temporary failure in name resolution]
> [Unable to connect to remote host]
>
> I get the same sort of response trying whois yesnic.com.
>
> That might make me think it was all just a DNS problem except that it
> seems to be restricted to Linux servers in a VLAN dedicated for that
> purpose.   Doing whois from HP-UX servers in a different VLAN gives the
> correct response.   Doing whois from Linux workstations in another VLN
> gives the right answer but then ends in:
>
> The Registry database contains ONLY .COM, .NET, .EDU domains and
> Registrars.
> getaddrinfo: Temporary failure in name resolution
>
> Also going to the Internic web site as well as dnsstuff.com I find both
> able to provide the whois and the latter able to give me A records for
> specific items such as the sas.samsung.com.   (I can't ping any
> Samsung.com or Yesnic.com sites by name so it appears lookup is failing
> but if so why does UNIX work?)
>
> All of this makes it seem that:
> A)	I have some trouble resolving items from yesnic.com for itself
> and samsung.com
> B)	Not all my servers are getting their whois information the same
> way.
>
> I verified the resolv.conf for the hosts were using the same 
> nameservers
> to rule that out.   My security admin confirmed our outbound NATed IP
> all the servers is the same so it doesn't seem it could be 
> blacklisting.
>
> I've done some reading on whois including the RFC but don't quite get
> why I would be getting full results on the UNIX servers, partial 
> results
> on the Linux workstation VLAN and no results on the Linux server VLAN.
> That is to say I could understand this failing if it simply wasn't
> resolving yesnic.com but since some servers are that doesn't seem to be
> the whole story.
>
>
>