Spurling, Shannon <shan...@more.net> wrote: > It’s a problem with the miss-use of the RIR delegation of a legacy > block. > > The assumption that because a block is assigned to a particular RIR, all > users in that block have to be in that RIR’s territory, without actually > running a query against that RIR’s Whois database.
Actually, a simple whois query often isn't enough to solve this problem. Neither RIPE nor APNIC do proper whois referrals for IPv4 addresses that are registered in other RIRs. ARIN, however, does. (However, if the geoip people are using whois data, I can't believe they aren't handling cases like this properly, because it's blatantly obvious if you scan IPv4 address space for referrals.) If you use FreeBSD-CURRENT's whois client, it tries to work mostly by following referrals, rather than using a built-in database mapping query strings to whois servers. If you query for 150.199.0.0 (for example) you get the following (which I have brutally trimmed for length): % IANA WHOIS server refer: whois.apnic.net inetnum: 150.0.0.0 - 150.255.255.255 organisation: Administered by APNIC status: LEGACY % [whois.apnic.net] inetnum: 150.0.0.0 - 150.255.255.255 netname: ERX-NETBLOCK descr: Early registration addresses remarks: Address ranges from this historical space have now remarks: been transferred to the appropriate RIR database.remarks: remarks: If your search has returned this record, it means the remarks: address range is not administered by APNIC. remarks: remarks: Instead, please search one of the following databases: (It then unhelpfully lists all the other RIRs.) FreeBSD's whois client spots this failure then retries the query at ARIN. There's a similar problem with RIPE, for instance if you query for 141.211.0.0: % IANA WHOIS server refer: whois.ripe.net inetnum: 141.0.0.0 - 141.255.255.255 organisation: Administered by RIPE NCC status: LEGACY % This is the RIPE Database query service. inetnum: 141.209.0.0 - 141.225.255.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: You can find the whois server to query, or the remarks: IANA registry to query on this web page: remarks: http://www.iana.org/assignments/ipv4-address-space remarks: remarks: You can access databases of other RIRs at: (It then unhelpfully lists all the other RIRs.) Actually RIPE is even worse than APNIC because it implicitly has a referral loop between IANA and RIPE. BUT NOTE! The APNIC and RIPE databases do in fact contain the referral information - you can get it via RDAP but not whois. Repeating the examples, $ curl -i https://rdap.apnic.net/ip/150.199.0.0 HTTP/1.1 301 Moved Permanently Location: https://rdap.arin.net/registry/ip/150.199.0.0 $ curl -i https://rdap.db.ripe.net/ip/141.211.0.0 HTTP/1.1 301 Moved Permanently Location: https://rdap.arin.net/registry/ip/141.211.0.0 Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Biscay: Cyclonic becoming mainly northwest, 4 or 5. Moderate. Fog patches, thundery showers. Moderate, occasionally very poor.
