How do I programatically determine the WHOIS server for a given TLD?
For name servers, I just query a.root-servers.net
Is there an equivalent procedure for WHOIS?
I know "host -t ns xxx." yields the DNS for a TLD: can the WHOIS
server be derived from that result?
It's in the SRV-record _nicname._tcp.tld -
For example;
# dig +short SRV _nicname._tcp.no
0 0 43 whois.norid.no.
More information can be found in the Wikipedia-article of whois.
That works for some tld's at least - but not .com.
tld.whois-servers.net is a commonly used alias that should point to a valid whois-server. For example com.whois-servers.net
Related
i have a Ubuntu 16.04.5 server with Vesta CP.
I checked the server on https://dnsflagday.net, and I got this report:
domain.cl. #123.456.78.90 (ns1.domain.cl.): dns=ok edns=ok edns1=ok edns#512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=timeout optlist=ok
domain.cl. #123.456.78.90 (ns2.domain.cl.): dns=ok edns=ok edns1=ok edns#512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=timeout optlist=ok
I do not know what edns512tcp = timeout means and I have not had much luck looking for a solution on internet.
Can someone help me? thanks
For that tool, any kind of "timeout" error is a problem, it means some server did not reply or the message (either query or reply) was eaten by some active element on the path, so it needs to be fixed.
edns512tcp is when the testing software does an EDNS query with a buffer of 512 bytes and over TCP.
If you go to https://ednscomp.isc.org/ednscomp/ for your domain you will have the full test results.
For that specific error it is:
EDNS - over TCP Response (edns#512tcp)
dig +vc +nocookie +norec +noad +edns +dnssec +bufsize=512 dnskey zone #server
expect: NOERROR
expect: OPT record with version set to 0
See RFC5966 and See RFC6891
So you can see which DNS query was done with dig, that you can reproduce it (+vc is an old flag name that is an alias for +tcp). The test expects to get a NOERROR code back and an OPT record. Your servers did not reply at all, so the test failed.
It seems that your servers did not reply to that at all, which is wrong. Maybe they do not reply to TCP queries at all which is even more wrong. In all cases you will need to contact the entity responsible for maintaining those servers and point it to the test results so that they start to fix the problem.
thanks for your help.
I read more about it and I could detect that port 53 was being blocked by the firewall, I added the rule to the firewall to allow TCP connections on port 53.
Everything it's fine now
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
before I begin kindly note that I am a newbie and still learning.
Yesterday 10 hours from now, I had to move all my hosted websites to a new server(to be more specific - from one droplet to a new droplet). So, since the websites were moved to a new server, meant that their ip addresses would change too. So, I updated the dns configuration for all the websites to point to the new ip address now. But I was unaware that the previous dns configuration had set the ttl to 86400(1 day). I learned about this concept after searching on google why my websites would still resolve to the old server.
So, that basically meant that the old dns config is cached for 1 day and I have to wait that long to see the change in the domain name resolution to reflect the websites from the new server.
So, i tried to perform nslookup and dig commands on the domains to just check the remaining ttl. But, this is where I am upset right now.
The nslookup command with -debug parameter gave the following result:
Please Note:- I have replaced my website's domain name with (mywebsite.com) and my new server's ip address with (new.server.ip.address) from the actual nslookup result
nslookup -debug mywebsite.com new.server.ip.address
------------
Got answer:
HEADER:
opcode = QUERY, id = 1, rcode = REFUSED
header flags: response, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
address.ip.server.new.in-addr.arpa, type = PTR, class = IN
------------
Server: UnKnown
Address: new.server.ip.address
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want recursion
questions = 1, answers = 1, authority records = 2, additional = 2
QUESTIONS:
mywebsite.com, type = A, class = IN
ANSWERS:
-> mywebsite.com
internet address = new.server.ip.address
ttl = 14400 (4 hours)
AUTHORITY RECORDS:
-> mywebsite.com
nameserver = ns2.centos-webpanel.com
ttl = 86400 (1 day)
-> mywebsite.com
nameserver = ns1.centos-webpanel.com
ttl = 86400 (1 day)
ADDITIONAL RECORDS:
-> ns1.centos-webpanel.com
internet address = 127.0.0.1
ttl = 14400 (4 hours)
-> ns2.centos-webpanel.com
internet address = 127.0.0.1
ttl = 14400 (4 hours)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, auth. answer, want recursion
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
mywebsite.com, type = AAAA, class = IN
AUTHORITY RECORDS:
-> mywebsite.com
ttl = 86400 (1 day)
primary name server = ns1.centos-webpanel.com
responsible mail addr = myemail#gmail.com
serial = 2013071601
refresh = 86400 (1 day)
retry = 7200 (2 hours)
expire = 3600000 (41 days 16 hours)
default TTL = 86400 (1 day)
------------
Name: mywebsite.com
Address: new.server.ip.address
Now, here's what upset me. As in the above result, the ttl (even after 10 hours since changing the dns configuration) shows 86400. I was expecting it to show the remaining ttl but the ttl is constant at 86400. Does that mean that the dns will never update for my websites?? The ttl just does not decrease.
So, to verify even further I tried using linux's dig command and here's the result I got.
Please Note:- I have replaced my website's domain name with (mywebsite.com) and my old server's ip address with (old.server.ip.address) from the actual dig result
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5 <<>> mywebsite.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15423
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mywebsite.com. IN A
;; ANSWER SECTION:
mywebsite.com. 83221 IN A old.server.ip.address
;; Query time: 0 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Feb 5 01:55:05 2018
;; MSG SIZE rcvd: 44
Now here, the dig command resolves the domain to my old server's ip address and it shows the ttl as 83221 !!! Like I said, its more than 10 hours that I updated the dns configuration to point to my new server's ip address. But, even after 10 hours passing, the ttl says 83221 !!!!
Running the dig command again does reflect a reduction in the ttl here though, unlike the nslookup command.
So, what do you guys think is the problem that has been going on here?? Or I am misunderstanding something?? If so, please correct me. Any kind of help will seriously assist a lot. It would really help me if someone can explain what is going on here and also what's wrong or if something is wrong with my new server.
And just if it helps, I have kept the websites' files on both - the old server as well as the new server.
Thanks.
Edit:- (Solved)
So here's what fixed all the issues I was facing. I use centos web panel on my server which comes bundled with freedns manager. So, a bug in freedns kept my nameservers and domains' dns from updating. So, I went for cloudflare dns and that fixed all the issues.
Your domain is not correctly configured, please use online diagnostics tools such as dnsviz.net, see the report: http://dnsviz.net/d/mkinfra.in/dnssec/
You are in a lame delegation situation.
If we query .IN authoritative nameservers for your domain, they reply:
mkinfra.in. 86400 IN NS ns1.centos-webpanel.com.
mkinfra.in. 86400 IN NS ns2.centos-webpanel.com.
mkinfra.in. 86400 IN NS ns3.centos-webpanel.com.
mkinfra.in. 86400 IN NS ns4.centos-webpanel.com.
mkinfra.in. 86400 IN NS ns5.centos-webpanel.com.
If we query any of these 5 nameservers for your domain, they reply:
mkinfra.in. 86400 IN NS ns1.centos-webpanel.com.
mkinfra.in. 86400 IN NS ns2.centos-webpanel.com.
Which is not the same set of records. You will first need to resolve this discrepancy.
For your website they all reply the same:
www.mkinfra.in. 86400 IN CNAME mkinfra.in.
mkinfra.in. 86400 IN A 139.59.63.210
So they all reply will your old IP and not the new one. Your problem has nothing to do with TTLs: the authoritative nameservers for your domain are still not delivering the new IP address you wish, so you have to configure them properly. If you do it yourself, please remember to update the serial of the zone for any change.
The serial is in fact 2018012401 which follows the pattern YYYYMMDDXX so we can infer that the zone was changed on January 24th but not since then (or was changed but serial not updated so the new content is not taken into account at all).
And to reply to your other question: if you query an authoritative nameserver you will always get the same TTL, which is per design. It is only if you query a resolving and caching nameserver that you will see the TTL decreasing from one query to another, because the case is slowly forgetting about the data it resolved in the past.
Never use nslookup but always dig but always specify the command you use when you ask for people to check what you are doing (it is very important to specify the nameserver you query with the # parameter of dig since the results will be vastly different from an authoritative or a recursive nameserver).
I'm writing a short script to query domain names from their respective whois servers - while in most cases, while the TCP connection via port 43 seems to be working for most whois servers, the queries to whois.markmonitor.com seems to be failing with an odd error that says Invalid query.
Here's the barebones of what I'm using:
#!/usr/bin/perl
#whois.pl
use strict;
use IO::Socket;
my $domain_name = "google.com";
my $query_socket = new IO::Socket::INET(
PeerAddr => 'whois.iana.org',
PeerPort => 43,
Proto => 'tcp');
print $query_socket "$domain_name ";
print $query_socket "\n\r";
while(my $this_line = <$query_socket>) {
print $this_line;
}
close($query_socket);
As seen above, the whois server used is whois.iana.org; this also works as expected with whois.internic.net as well. Only in the case of whois.markmonitor.com, the following error is seen:
$ perl whois.pl
Invalid query
Could someone help shed more light on how can I perhaps get a more verbose output to check if there are any errors in the query that is being made to the server?
As an added test, a normal connection via telnet seems to be working as expected as seen below:
$ telnet whois.markmonitor.com 43
Trying 64.124.14.21...
Connected to whois.markmonitor.com.
Escape character is '^]'.
google.com
Domain Name: google.com
Registry Domain ID: 2138514_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2015-06-12T10:38:52-0700
Creation Date: 1997-09-15T00:00:00-0700
......<output truncated>......
which leads me to believe that the actual connections to the server via port 43 are being accepted on the server's side.
As artistoex notes - it's because there's a space in your domain name.
Change your print line to:
print {$query_socket} "$domain_name\n";
(Note - the curly braces are for style reasons and can be omitted - I prefer them to make clear this is a file handle)
Per RFC3912 the client is expected to communicate like that in whois protocol: "All requests are terminated with ASCII CR and then ASCII LF"
So in your code, instead of "\n\r" please use "\r\n". And remove the extra space like written in other replies.
Note however that whoisis not a well defined structured protocol: do not expect all whois servers to work in the same way nor to adhere to some kind of standards. You will find a lot of strange cases...
As i am trying to open my site(posting.ly) but its not working rather it shows blank page for a while than error of "could not load posting.ly"
I have updated the namespace and tested it,updated A recoord,but cannot figure out the problem.I have already worked with DNS and i know this should work plus its more than 24 hrs so this should work or show me a proper error.
Hosting is rackspace and i have added A record of the ip address.
This appears to be fine now. No www or wildcard, but main domain resolves.
$ checksoa posting.ly
Serial # RTT(ms) Nameservers (name, IP, SOA mname field) for posting.ly
1403808455 50 dns1.stabletransit.com 69.20.95.4 SOA: ns.rackspace.com
1403808455 80 dns2.stabletransit.com 65.61.188.4 SOA: ns.rackspace.com
$ dig +noall +answer +authority posting.ly
posting.ly. 300 IN A 162.13.143.172
$ dig +noall +answer +authority www.posting.ly
posting.ly. 300 IN SOA ns.rackspace.com. azm.dar.gmail.com. 1403808455 21600 3600 1814400 300
I develop our application and can succeed to get hotsname through func: ServiceFound(DNSSDService sref, DNSSDFlags flags, uint ifIndex, String serviceName, String regType, String domain)
I checked the wireshark and Log, the serviceName is right.
My question:
Why I can not ping it through "serviceName.domain", e.g: ping serviceName.local. (I want to use ping to test the network available beofre run my application. now it is blocked the failed ping)
But I can ping it through the real IP, e.g: ping 1.2.3.4 (This means that the network is ok)
ServiceFound and ServiceResolved only provide serviceName.
So how to solve this problem:
1) one simple way to get IP
or 2) how to solve the problem of "ping serviceName.local"
Thanks a lot for your support in advance!
************************Update*******
I retest it on other PC:
I use dns-sd.exe to debug the network
Using following command can get servicename
$ dns-sd.exe -B _http._tcp
Browsing for _http._tcp
Timestamp A/R Flags if Domain Service Type Instance Name
4:33:52.663 Add 3 3 local. _http._tcp. test
Using following command can get zone file
$ dns-sd.exe -Z _http._tcp
Browsing for _http._tcp
_http._tcp PTR Officejet\032Pro\032L7500\032[FEDCE8]._http._tcp
Officejet\032Pro\032L7500\032[FEDCE8]._http._tcp SRV 0 0 80 HPFEDCE8.local. ; Replace with unicast FQDN of target host
Officejet\032Pro\032L7500\032[FEDCE8]._http._tcp TXT ""
using following command can get IP (based on HPFEDCE8.local. in above feedback)
$ dns-sd.exe -G v4 HPFEDCE8.local.
Timestamp A/R Flags if Hostname Address TTL
4:43:38.965 Add 2 3 bej1301Dell2360.local. 10.61.20.99 240
So I can ping it through HPFEDCE8.local.
But in my Test PC: "$ dns-sd.exe -B _http._tcp" is ok, but others commands are failed.
So I think this is the root cause.
So my question is:
as I know, we can use "instance Name" to generate the hostname: test.local.
why they are different from "HPFEDCE8.local." in the zone file
why "ping HPFEDCE8.local." ok and "ping test.local." failed
Do you have any others ideas for my Test PC?
Thanks a lot!!