I hate co-incidences. At the same time as this story appeared today http://www.news.com/News/Item/0,4,30366,00.html?st.ne.140.head whois queries started returning: * * WELCOME to InterNIC Registration Services * * Sorry, the system load is temporarily too heavy. * * Please wait a while and try again. Thanks * It's currently 12:34am EST. and the response is still mostly the same. A query still needs 5-10 attempts before a server responds. Dig used to (a couple of weeks ago) show a bunch of servers. Now there is only 1: 198.41.0.6 Is anyone else having this problem? Does anyone else have a solution? We're trying to track down the source of a dos attack, and this kind of screwing around to find contact data isn't helpful...
On Tue, Dec 29, 1998 at 10:38:59PM -0700, Rodney Joffe wrote:
I hate co-incidences.
I don't think it's coincidental. Well, maybe it was... Using the default server that ships with Red Hat Linux's whois, I got that message too. Using rs8.internic.net, one of the other names in the "hunt group", worked, though.
At the same time as this story appeared today http://www.news.com/News/Item/0,4,30366,00.html?st.ne.140.head whois queries started returning:
* * WELCOME to InterNIC Registration Services * * Sorry, the system load is temporarily too heavy. * * Please wait a while and try again. Thanks *
It's currently 12:34am EST. and the response is still mostly the same.
A query still needs 5-10 attempts before a server responds.
Dig used to (a couple of weeks ago) show a bunch of servers. Now there is only 1: 198.41.0.6
Is anyone else having this problem?
Does anyone else have a solution?
We're trying to track down the source of a dos attack, and this kind of screwing around to find contact data isn't helpful...
The computers are rs[0-8].internic.net. whois.internic.net is supposed to work too, but I always forget to use it :) and it's not the compiled-in default in my particular copy of whois. Recompile whois and set the default host to whois.internic.net and you may have better luck. -- Steve Sobol [sjsobol@nacs.net] Part-time Support Droid [support@nacs.net] NACS Spaminator [abuse@nacs.net] Proud resident of Cleveland Heights, Ohio, the coolest place on earth. http://www.ClevelandHeights.com
At 6:02 AM -0500 12/30/98, Steven J. Sobol wrote:
On Tue, Dec 29, 1998 at 10:38:59PM -0700, Rodney Joffe wrote:
I hate co-incidences.
I don't think it's coincidental. Well, maybe it was... Using the default server that ships with Red Hat Linux's whois, I got that message too. Using rs8.internic.net, one of the other names in the "hunt group", worked, though.
I think I remember that NetSol was using or experimenting with some dynamic load balancing system to help scale up some of their services. If that work was successful then there may be several hosts behind a load balancer... effectively hidden behind a single IP address which seems to be the driver in the assumption that there's now only one host. We use sililarly configured infrastructure to deploy most of our services (at Critical Path) and believe me... we've got dozens of hosts with many "hiding" behind single IP addresses... Just a thought I'd put out there before the ISP community heads to northern Virginia with torches and pitchforks. :-)
At the same time as this story appeared today http://www.news.com/News/Item/0,4,30366,00.html?st.ne.140.head whois queries started returning:
* * WELCOME to InterNIC Registration Services * * Sorry, the system load is temporarily too heavy. * * Please wait a while and try again. Thanks *
It's currently 12:34am EST. and the response is still mostly the same.
A query still needs 5-10 attempts before a server responds.
Dig used to (a couple of weeks ago) show a bunch of servers. Now there is only 1: 198.41.0.6
Is anyone else having this problem?
Does anyone else have a solution?
We're trying to track down the source of a dos attack, and this kind of screwing around to find contact data isn't helpful...
The computers are rs[0-8].internic.net. whois.internic.net is supposed to work too, but I always forget to use it :) and it's not the compiled-in default in my particular copy of whois.
Recompile whois and set the default host to whois.internic.net and you may have better luck.
-- Steve Sobol [sjsobol@nacs.net] Part-time Support Droid [support@nacs.net] NACS Spaminator [abuse@nacs.net]
Proud resident of Cleveland Heights, Ohio, the coolest place on earth. http://www.ClevelandHeights.com
On Wed, Dec 30, 1998 at 09:21:17AM -0800, Wayne wrote:
I think I remember that NetSol was using or experimenting with some dynamic load balancing system to help scale up some of their services. If that work was successful then there may be several hosts behind a load balancer... effectively hidden behind a single IP address which seems to be the driver in the assumption that there's now only one host.
Yes. And as I think I mentioned, we should probably be reconfiguring our whois clients to use whois.internic.net. However, I'd REALLY REALLY like for someone from NetSol to verify this for me. (Please?) The thing is, whois's standard out-of-the-box config doesn't default to whois.internic.net... -- Steve Sobol [sjsobol@nacs.net] Part-time Support Droid [support@nacs.net] NACS Spaminator [abuse@nacs.net] Proud resident of Cleveland Heights, Ohio, the coolest place on earth. http://www.ClevelandHeights.com
In message <19990105003747.54703@shell.nacs.net>you write:
The thing is, whois's standard out-of-the-box config doesn't default to whois.internic.net...
I wrote the following shell script to: a) easily allow changing the default host (change the default "args=") b) have shorthands for other servers like ARIN, etc. Bill
participants (4)
-
Bill Fenner
-
Rodney Joffe
-
Steven J. Sobol
-
Wayne