Hello nanog, This morning while troubleshooting some weird dns-poisoning issues I came across this:
[root@scooby parked]# whois yahoo.com@whois.crsnic.net [whois.crsnic.net]
Whois Server Version 1.3
Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information.
YAHOO.COM.REALLY.NEEDS.TO.GET.A.CLUE.AT.JIMPHILLIPS.ORG YAHOO.COM.IS.TRYING.TO.STEAL.YAHOO.VU.HOW.ACIDULOUS.COM YAHOO.COM.AINT.NOTHIN.COMPARED.TO.SAFESEARCH.COM YAHOO.COM
To single out one record, look it up with "xxx", where xxx is one of the of the records displayed above. If the records are the same, look them up with "=xxx" to receive a full display for each record.
Last update of whois database: Sat, 8 Dec 2001 05:13:13 EST <<<
The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and Registrars.
[root@scooby parked]#
compared to this:
[root@scooby parked]# whois yahoo.com@whois.networksolutions.com [whois.networksolutions.com] The Data in Network Solutions' WHOIS database is provided by Network Solutions for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Network Solutions does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to Network Solutions (or its systems). Network Solutions reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Registrant: Yahoo (YAHOO-DOM) 701 First Avenue Sunnyvale, CA 94089 US
Domain Name: YAHOO.COM
Administrative Contact, Technical Contact: Administrator, Domain (DA16065) domainadmin@YAHOO-INC.COM Yahoo! Inc. 701 First Avenue Sunnyvale, CA 94089 US 1-408-530-5062 Billing Contact: Billing, Domain (DB28833) domainbilling@YAHOO-INC.COM Yahoo! Inc. 225 Broadway, 13th Floor San Diego, CA 92101 1-408-731-3300
Record last updated on 05-Oct-2001. Record expires on 20-Jan-2010. Record created on 18-Jan-1995. Database last updated on 8-Dec-2001 00:50:00 EST.
Domain servers in listed order:
NS1.SNV.YAHOO.COM 216.115.108.33 NS2.SAN.YAHOO.COM 209.132.1.29 NS3.EUROPE.YAHOO.COM 217.12.4.71 NS4.DAL.YAHOO.COM 63.250.206.50 NS5.DCX.YAHOO.COM 216.32.74.10
[root@scooby parked]#
Is this just someone at yahoo having fun with whois, or a more serious problem? Thanks, David Ulevitch mailto:davidu@everydns.net EveryDNS.net http://www.everydns.net
On Sat, Dec 08, 2001 at 11:06:15AM -0600, David Ulevitch wrote: [snip]
YAHOO.COM.IS.TRYING.TO.STEAL.YAHOO.VU.HOW.ACIDULOUS.COM YAHOO.COM.AINT.NOTHIN.COMPARED.TO.SAFESEARCH.COM YAHOO.COM [snip] Is this just someone at yahoo having fun with whois, or a more serious problem?
Those are people at safesearch.com and acidulous.com having fun with whois. Nothing serious. Greetz, Peter -- Monopoly http://www.dataloss.nl/monopoly.html
Date: Sat, 8 Dec 2001 18:17:04 +0100 From: Peter van Dijk <peter@dataloss.nl>
On Sat, Dec 08, 2001 at 11:06:15AM -0600, David Ulevitch wrote: [snip]
YAHOO.COM.IS.TRYING.TO.STEAL.YAHOO.VU.HOW.ACIDULOUS.COM YAHOO.COM.AINT.NOTHIN.COMPARED.TO.SAFESEARCH.COM YAHOO.COM [snip] Is this just someone at yahoo having fun with whois, or a more serious problem?
Those are people at safesearch.com and acidulous.com having fun with whois. Nothing serious.
Note that you'll see the same behavior with microsoft.com and other domains where people want to have a little fun. It's just a difference in the regex matching -- does it match "^string$" only (what you expected), or does it match "string" (when you see creative NS entries). Eddy --------------------------------------------------------------------------- Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence --------------------------------------------------------------------------- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.
participants (3)
-
David Ulevitch
-
E.B. Dreger
-
Peter van Dijk