[PATCH] Do not use -V on RIPE/Bird WHOIS queries
Faidon Liambotis
paravoid at debian.org
Fri Jan 7 17:44:39 UTC 2011
Marco, hi,
Marco d'Itri wrote:
> I do not understand your point. -VTAG works and I expect it will work
> forever since many widely used clients use it. I believe it is a good
> idea to make clients which make a lot of queries advertise their name
> to the server.
We began investigating the issue after an upgrade of our internal WHOIS
server to 3.10; specifically, irrtoolset was getting "address passing
not allowed" and then banned.
Naturally, at first I thought it was a bug in the new version of whoisd.
However, RIPE's own database query reference manual[1] says:
> The database server provides a facility for such proxy clients that
> allows accounting to be based on the IP address of the clients using
> the proxy to query the RIPE Database and not on the IP address of the
> proxy server. This is done using the "-V" flag as follows:
>
> -V <version>,<ipv4-address>
and more importantly,
> Not all users can use this "-V" flag. Before you can, you must
> contact RIPE Database Administration and tell us why you need this
> facility. If we approve your request, we will add the IP address of
> the proxy server to an access control list. You can then use the "-V"
> flag, but only from your stated IP address.
>
> Attempting to use the "-V" flag without approval may result in
> permanent denial of access to the RIPE Database. This denial of
> access will apply to the IP address that submits the query.
Hence their (new?) code matches the documentation, so I figured it's
irrtoolset that doesn't conform to that. Is there documentation that
suggests otherwise?
Regards,
Faidon
1: http://www.ripe.net/db/support/query-reference-manual.pdf §.212
More information about the irrtoolset
mailing list