8 Mar
2017
8 Mar
'17
11:25 p.m.
On 8 March 2017 at 19:46, Pete Turnbull <pete at dunnington.plus.com> wrote:
Notice that - unlike normal whois servers - this one
apparently requires
some other stuff, possibly including the text "whois", as part of the query.
That may explain why a normal whois client gets an error, because the
standard way to make a query is simply to send the string to query (eg,
"uni-stuttgart.de" or "dunnington.cx"):
$ whois -h whois.denic.de uni-stuttgart.de
% Error: 55000000007 Request not clearly specified
OK, so back to telnet, and try it with the syntax DENIC claims to want:
$ telnet whois.denic.de 43
Trying 81.91.170.6...
Connected to whois.denic.de.
Escape character is '^]'.
-T dn uni-stuttgart.de
[lots of output]
$
Aha! That works. But I can't replicate it with most whois clients.
However, it /does/ work with the jwhois client, which some linux systems
have, and which seems to have some special method to deal with DENIC. It
doesn't work with the RIPE client - despite DENIC recommending that - unless
you construct a rather odd-looking query by adding at least "--T dn":
[..]
Pete Turnbull
I did an strace and I can confirm that the Linux 'whois' client that I
used from those various sites sends '-T dn' (or actually -T dn,ace)
write(3, "-T dn,ace uni-stuttgart.de\r\n", 28) = 28
I can't see where this whois originates from, it has version number
'5.2.<something>'. Its man page refers to RFC 3912, but RFC 3912 says
nothing about -T. RFC 3912's single example wouldn't have worked in
this case. So I wonder what replaced RFC 3912, and why there's a
mismatch between documentation and functionality.