Mike Rosing <[EMAIL PROTECTED]> wrote:
> I'm not a router guru, maybe somebody can explain these results:
>
> $ dig 216.34.94.186
>
> ; <<>> DiG 9.2.0 <<>> 216.34.94.186
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2646
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;216.34.94.186. IN A
>
> ;; AUTHORITY SECTION:
> . 86400 IN SOA A.ROOT-SERVERS.NET.
> NSTLD.VERISIGN-GRS.COM. 2003032700 1800 900 604800 86400
>
> ;; Query time: 113 msec
> ;; SERVER: 128.104.20.18#53(128.104.20.18)
> ;; WHEN: Wed Mar 26 23:19:48 2003
> ;; MSG SIZE rcvd: 106
>
> $ host 216.34.94.186
> 186.94.34.216.in-addr.arpa is an alias for
> 186.160/27.94.34.216.in-addr.arpa.
> 186.160/27.94.34.216.in-addr.arpa domain name pointer redirect.dnsix.com.
>
> How do I chase this thing down to who actually owns it?
whois aljazeera.net?
Registrant:
Jazeera Space Channel TV station (ALJAZEERA2-DOM)
P.O. Box 231234
Doha
QA
Domain Name: ALJAZEERA.NET
Administrative Contact:
AlaliAJ7476, MJ (HCSGDXPWTI) [EMAIL PROTECTED]
Al Jazeera Space TV Station
Po Box. 211234
Doha, QT 7476
QA
+974 07 04 17761 +999 999 9999
Technical Contact:
VeriSign, Inc. (HOST-ORG) [EMAIL PROTECTED]
VeriSign, Inc.
21355 Ridgetop Circle
Dulles, VA 20166
US
1-888-642-9675
Record expires on 31-Aug-2010.
Record created on 30-Aug-1996.
Database last updated on 27-Mar-2003 14:33:52 EST.
Domain servers in listed order:
NS3.ALJAZEERA.NET 213.30.180.218
ALJNS1SA.NAV-LINK.NET 217.26.193.15
Do you want to look for the domain registrars, the people who own the
nameservers, the people who own the netblocks the web site lives in, the
people who own the netblocks the nameservers live in... ?
It looks like, from below, the IP address is with dotster...
> Note I do get:
>
> $ host www.aljazeera.net
> www.aljazeera.net has address 216.34.94.186
>
> So why the original error response if "host" can find it?
> Interesting!
Because 'host' is doing magic that 'dig' presumes you don't want done. Try
this instead of your dig command above:
% dig -x 216.34.94.186
; <<>> DiG 8.3 <<>> 216.34.94.186
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; 216.34.94.186, type = A, class = IN
;; Total query time: 97 msec
;; FROM: <removed> to SERVER: default -- <removed>
;; WHEN: Thu Mar 27 14:34:42 2003
;; MSG SIZE sent: 31 rcvd: 31
% dig -x 216.34.94.186
; <<>> DiG 8.3 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;; 186.94.34.216.in-addr.arpa, type = ANY, class = IN
;; ANSWER SECTION:
186.94.34.216.in-addr.arpa. 1D IN CNAME 186.160/27.94.34.216.in-addr.arpa.
;; AUTHORITY SECTION:
94.34.216.in-addr.arpa. 1H IN NS dns02.exodus.net.
94.34.216.in-addr.arpa. 1H IN NS dns03.exodus.net.
94.34.216.in-addr.arpa. 1H IN NS dns04.exodus.net.
94.34.216.in-addr.arpa. 1H IN NS dns01.exodus.net.
;; ADDITIONAL SECTION:
dns02.exodus.net. 21H IN A 209.1.222.245
dns03.exodus.net. 21H IN A 209.1.222.246
dns04.exodus.net. 21H IN A 209.1.222.247
dns01.exodus.net. 21H IN A 209.1.222.244
;; Total query time: 236 msec
;; FROM: <removed> to SERVER: default -- <removed>
;; WHEN: Thu Mar 27 14:34:45 2003
;; MSG SIZE sent: 44 rcvd: 249
(Remember, 216.34.94.186 when doing DNS lookups is actually
186.94.34.216.in-addr.arpa...)
So we take a look at that CNAME...
% dig any 186.160/27.94.34.216.in-addr.arpa.
; <<>> DiG 8.3 <<>> 186.160/27.94.34.216.in-addr.arpa. any
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; 186.160/27.94.34.216.in-addr.arpa, type = ANY, class = IN
;; ANSWER SECTION:
186.160/27.94.34.216.in-addr.arpa. 23h57m3s IN PTR redirect.dnsix.com.
;; AUTHORITY SECTION:
160/27.94.34.216.in-addr.arpa. 1d9h19m32s IN NS ns1.dotster.com.
160/27.94.34.216.in-addr.arpa. 1d9h19m32s IN NS ns2.dotster.com.
;; ADDITIONAL SECTION:
ns1.dotster.com. 23h44m IN A 64.94.117.199
ns2.dotster.com. 23h44m IN A 63.251.83.78
;; Total query time: 1 msec
;; FROM: <removed> to SERVER: default -- <removed>
;; WHEN: Thu Mar 27 14:47:36 2003
;; MSG SIZE sent: 51 rcvd: 159
And voila! We have what looks like a dnsix.com IP ownership, hosted from
dotster, who gets service through Exodus!
A quick 'whois' check verifies (most of) that...
% whois 216.34.94.186
OrgName: Cable & Wireless
OrgID: EXCW
Address: 3300 Regency Pkwy
City: Cary
StateProv: NC
PostalCode: 27511
Country: US
NetRange: 216.32.0.0 - 216.35.255.255
CIDR: 216.32.0.0/14
NetName: LEGACY-8
NetHandle: NET-216-32-0-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: DNS01.EXODUS.NET
NameServer: DNS02.EXODUS.NET
NameServer: DNS03.EXODUS.NET
NameServer: DNS04.EXODUS.NET
Comment: * Rwhois reassignment information for this block is available at:
Comment: * rwhois.exodus.net 4321
Comment: * For abuse please contact [EMAIL PROTECTED]
RegDate: 1998-07-30
Updated: 2002-10-30
TechHandle: ZC221-ARIN
TechName: Cable & Wireless
TechPhone: +1-919-465-4023
TechEmail: [EMAIL PROTECTED]
OrgAbuseHandle: ABUSE11-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-877-393-7878
OrgAbuseEmail: [EMAIL PROTECTED]
OrgNOCHandle: NOC99-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-800-977-4662
OrgNOCEmail: [EMAIL PROTECTED]
OrgTechHandle: EIAA-ARIN
OrgTechName: Exodus IP Address Administration
OrgTechPhone: +1-888-239-6387
OrgTechEmail: [EMAIL PROTECTED]
OrgTechHandle: GIAA-ARIN
OrgTechName: Global IP Address Administration
OrgTechPhone: +1-919-465-4096
OrgTechEmail: [EMAIL PROTECTED]
# ARIN WHOIS database, last updated 2003-03-26 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
Follow the little white rwhois...
% whois -h rwhois.exodus.net -p rwhois 216.34.94.186
%rwhois V-1.5:001ab7:00 rwhois.exodus.net (Exodus Communications)
network:Class-Name:network
network:Auth-Area:0.0.0.0/0
network:Network-Name:216.34.94.160
network:IP-Network:216.34.94.160/27
network:Organization;I:Dotster, Inc.
network:Name;I:George DeCarlo
network:Email;I:[EMAIL PROTECTED]
network:Street;I:11807 N.E. 99th Street.
Suite 1100
network:City;I:Vancouver
network:State;I:WA
network:Postal-Code;I:98682
network:Country-Code;I:USA
network:Class-Name:network
network:Auth-Area:0.0.0.0/0
network:Network-Name:216.34.64.0
network:IP-Network:216.34.64.0/19
network:Organization;I:Exodus IDC - SE/SE2
network:Name;I:Exodus IP Address Administrator
network:Email;I:[EMAIL PROTECTED]
network:Street;I:12301 Pacific Coast Hwy
network:City;I:Tukwila
network:State;I:WA
network:Postal-Code;I:98168
network:Country-Code;I:USA
network:Class-Name:network
network:Auth-Area:0.0.0.0/0
network:Network-Name:216.32.0.0
network:IP-Network:216.32.0.0/14
network:Organization;I:Exodus Communications (Exodus Legacy)
network:Name;I:Exodus Hostmaster
network:Phone;I:888-239-6387
network:Email;I:[EMAIL PROTECTED]
network:Street;I:2831 Mission College Boulevard
network:City;I:Santa Clara
network:State;I:CA
network:Postal-Code;I:95054
network:Country-Code;I:US
Feel free to correct/add anything, anyone...
