"Fossies" - the Fresh Open Source Software Archive

Member "whois-5.5.2/whois.txt" (8 Aug 2012, 24768 Bytes) of package /linux/privat/old/whois-5.5.2.tgz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 NAME
    2     BW Whois -- A whois client by Bill Weinman
    3 
    4 SYNOPSIS
    5     whois [options] request[@host[:port]] [ ... ]
    6 
    7 VERSION
    8     This documents BW Whois version 5.5.2
    9 
   10 DESCRIPTION
   11     BW Whois was originally designed to work with the new "Shared
   12     Registration System" whois introduced 1 December 1999. This new system
   13     has proved to be remarkably disorganized and inconsistent, resulting in
   14     tremendous confusion for those of us who need to find the ownership of a
   15     domain now and then.
   16 
   17     This program mitigates most of that confusion by referring to a table of
   18     TLDs (Top-Level Domains) and associated registrars in the tld.conf file.
   19 
   20     Over the past few years this program has evolved into the most
   21     full-featured whois client available providing features like a
   22     self-detecting CGI mode and SQL database caching, for those who need
   23     such features, while still maintaining a simple command-line interface
   24     for those who just need that.
   25 
   26     The CGI mode can be secured against abuse by a number of different
   27     methods including "Referer:" headers, IP addresses, and a system of
   28     128-bit hashed cookies. These security options can be tailored to suit
   29     the demands of a given installation using the whois.conf configuration
   30     file.
   31 
   32     There are features to support a web-based whois service, including
   33     support for Apache-style server-side includes, and support for a
   34     distinct initial page a "domain not found" page.
   35 
   36     An optional caching capability is provide for using an SQL database
   37     (currently MySQL, PostgreSQL and SQLite are supported). When configured
   38     for caching, requests are forwarded to the corresponding whois server
   39     only if the cache does not contain a result for the given request/server
   40     combination. Cached values are expired after a configurable amount of
   41     time.
   42 
   43 OPERATION
   44     When given a request, the program first checks the requested domain
   45     against the tld.conf file for an associated whois server. If not found
   46     the program will then submit the request to the "root" whois server
   47     (currently whois.crsnic.net) and wait for a referral to a registrar's
   48     whois server.
   49 
   50     If given a referral, the program will then submit the request a second
   51     time to the referred whois server.
   52 
   53     The request can be a domain name, (e.g. whois bw.org) or any other
   54     entity that the given host can resolve (e.g. whois
   55     !ww104@whois.networksolutions.com).
   56 
   57     If request is an IP address (or part thereof), the ARIN whois server
   58     will be used as a root server (whois.arin.net).
   59 
   60     If host is specified, the request will be sent literally to the
   61     specified host.
   62 
   63     If both host and port are specified, the request will be sent to that
   64     host using the specified port instead of the normal whois port (43).
   65 
   66     Multiple requests on a single command line are supported.
   67 
   68   Self-detecting CGI Support
   69     BW Whois detects CGI operation by looking for the standard "SCRIPT_NAME"
   70     environment variable. This behavior can be overridden by using the
   71     --nocgi switch.
   72 
   73     In CGI mode the program attempts to make intelligent links out of IP
   74     addresses, domain names, and handles. It doesn't always get it right,
   75     but it tries real hard!
   76 
   77     You can also specify an optional whois.html file to create your own
   78     look. The HTML file will need a few simple "placeholders" in it. The
   79     placeholders are replaced at runtime with the various values which make
   80     this work. These placeholders are represented by text enclosed in '$'
   81     signs like this: "$PLACEHOLDER$"
   82 
   83     Separate HTML files may be specified for an initial page and a "not
   84     found" page, if desired.
   85 
   86     The placeholders are described here:
   87 
   88     $SELF$
   89         The URI path of the program on your web server, taken from the value
   90         of the "SCRIPT_NAME" environment variable.
   91 
   92     $DOMAIN$
   93         The domain that was last looked up, if any.
   94 
   95     $RESULT$
   96         The result of the whois query from BW Whois.
   97 
   98     You can get an example file from the program with:
   99 
  100         whois --makehtml > whois.html
  101 
  102   Optional Apache SSI Support
  103     If you need to include other files into your HTML file dynamically,
  104     experimental support for Apache-style SSI (server-side includes) is
  105     provided with the bwInclude.pm module. This currently works only for
  106     "include virtual" and "echo var" directives.
  107 
  108     Simply place the bwInclude.pm file with your other perl module files, or
  109     specify the directory that contains the module in the "use lib" line in
  110     the source code.
  111 
  112   Optional TLD Table Support
  113     Bcause of the unfortunate design of the Shared Registration System, only
  114     the .COM, .NET, and .ORG Top-Level Domains (TLDs) are referred by the
  115     "root" domain servers at whois.crsnic.net and whois.internic.net. If you
  116     want results for other TLDs you must know where to find them, and there
  117     is no central repository for current whois server referrals.
  118 
  119     The optional tld.conf file includes whois servers for all known TLDs,
  120     and some second-level domains that are registrered separately (e.g.
  121     .net.au, .uk.com, etc.).
  122 
  123     The format of the tld.conf file is as follows:
  124 
  125        Lines that begin with "#" are ignored.
  126 
  127        Token lines are like:
  128 
  129             token  token  optional comments
  130 
  131        The first token is the TLD, the leading dot (".") is required.
  132 
  133        The second token is the fully-qualified domain name for the whois
  134         server that responds to requests for the given TLD.
  135 
  136        The two tokens can be separated by spaces and/or tabs
  137 
  138        Anything on the line after the second token is ignored.
  139 
  140        A leading "#" for in-line comments is not required, but may be in
  141         the future.
  142 
  143        The file is searched sequentially, so it's important to have
  144         2nd-level domains earlier in the file than corresponding top-level
  145         domains. (e.g. .net.au before .au).
  146 
  147   Optional Support for Stripping Disclaimers
  148     Most whois servers deliver a disclaimer along with thier whois results.
  149     The disclaimer generallly says something like "By submitting the request
  150     that you already submitted before you saw this agreement you have agreed
  151     to this binding contract. Haha!"
  152 
  153     Many people who are not otherwise lawyers are annoyed by this. The
  154     stripdisclaimer option will remove the disclaimers before you see them.
  155 
  156     This feature requires the sd.conf file.
  157 
  158     The format of the sd.conf file is:
  159 
  160         server "first line" "last line"
  161 
  162        server is the DNS name of the whois server
  163 
  164        "first line" and "last line" are regular expressions that match
  165         the first and last line (respectively) of the disclaimer to be
  166         stripped. The quotes are required.
  167 
  168   Netblock Referrals
  169     This program attempts to find netblock requests. If a request is
  170     entirely numeric (e.g. 123.234), the program first checks with
  171     whois.arin.net (ARIN). If an ARIN record contains a referral to another
  172     whois system, (e.g. RIPE or APNIC) the program will attempt to detect
  173     that and snatch the record from the referened whois system. Note: ARIN's
  174     records are very inconsistent in their formatting, so this may not
  175     always do something intelligent.
  176 
  177   Packed IP addresses
  178     If the request is a string of numbers without any other characters, the
  179     program will treat it as a 32-bit (packed) IP address. It will first
  180     unpack it into dotted-quad notation and then submit it to the ARIN whois
  181     server.
  182 
  183     Packed IP addresses are often used by spammers in an attempt to confuse
  184     those who might try to report thier abuse. This feature makes it easy
  185     for you to decypher those addresses and find the owner of the netblock
  186     all in one step.
  187 
  188     IP addresses are actually 32-bit integers (until we get IPv6 -- but
  189     that's another story). The common notation represents the address as
  190     four separate 8-bit integers, like this: 192.149.252.21 (actually one of
  191     ARIN's servers). That's called "dotted-quad" notaion. If you were to
  192     represent that address as one big 32-bit integer it would look like
  193     this: 3231054869. I call that a "packed" IP address.
  194 
  195     Sometimes a spammer will use a packed IP address in a URL like this:
  196 
  197         http://3231054869/index.html
  198 
  199     That address will work in a web browser, but it's hard to look up. This
  200     program will accept a packed IP address like this:
  201 
  202         whois 3231054869
  203 
  204     The program will unpack it into dotted-quad notation, and submit it to
  205     the ARIN whois server just like a normal IP address.
  206 
  207 COMMAND LINE SWITCHES
  208     --help
  209         Print a usage message.
  210 
  211     --version
  212         Print the version information and exit.
  213 
  214     --config=path
  215         Full path to the configuration file. Default: /etc/whois/whois.conf
  216 
  217     --refresh, -r
  218         Refresh the cache for this query. Forces the request to go to the
  219         whois server even if the result is cached. (Only valid if caching is
  220         configured.)
  221 
  222     --tld=path
  223         Full path/file name for tld.conf file. Default: /etc/whois/tld.conf
  224 
  225     --host=host, -h host
  226         Specify a specific host.
  227 
  228     --port=port, -p port
  229         Specify an alternate port.
  230 
  231     --timeout=seconds
  232         Set the timeout to a number of seconds. The default is 60 seconds if
  233         this is not specified.
  234 
  235     --quiet, -q
  236         Be wery, wery quiet. I'm hunting wabbits. (--quiet overrides
  237         --verbose)
  238 
  239     --verbose, -v
  240         Show details of every step. (--quiet overrides --verbose)
  241 
  242     --stripdisclaimer, -s
  243         Sets the stripdisclaimer mode. The program makes an attempt to strip
  244         off those inane disclaimers that so many registries are starting to
  245         include with their whois records. This feature requires the sd.conf
  246         file.
  247 
  248     --makehtml
  249         Writes a sample HTML file (for CGI mode use) to standard out.
  250 
  251     --nocgi
  252         Prevent CGI mode. This is useful if you have a script that used a
  253         legacy character-mode whois program.
  254 
  255     --html
  256         Create HTML links of handles, IP addresses, and domains without
  257         using HTML in the rest of the output. Useful with --nocgi for using
  258         an external wrapper CGI program.
  259 
  260     --jpokay
  261         Allow japanese output from nic.ad.jp.
  262 
  263 CONFIGURATION FILE
  264     A sample whois.conf file is included with the BW Whois distribution. It
  265     is not necessary to use the whois.conf file to use the program.
  266 
  267     If you want to use advanced features, such as caching or optional CGI
  268     security features, you will need to install the whois.conf file and
  269     configure it to reflect your preferences.
  270 
  271     The standard location for whois.conf is in the /etc/whois directory. If
  272     you do not have access to that directory, or are running on a non-UNIX
  273     operating system that does not use the /etc directory, you may specify
  274     another location by setting the "WHOIS_CONF" environment variable or by
  275     editing the source code.
  276 
  277     If you need to edit the source code, be sure you are using a plain
  278     text editor (not a word processor!) and that you save the file with
  279     appropriate line-endings for your system. If you do not understand those
  280     distinctions I highly recommend that you find a friend or hire a
  281     consultant who knows about such things. (The author is occasionally
  282     available for such small consulting tasks -- feel free to contact him if
  283     you need help.)
  284 
  285   Format of the Config File
  286     The config file format is very simple.
  287 
  288     Lines that begin with "#" are considered comments and are ignored.
  289 
  290     Anything after a "#" to the end of a line is considered a comment and
  291     ignored.
  292 
  293     The format of each non-comment line is:
  294 
  295      option value
  296 
  297     For logical values, "1" or "true" (without the quotes) are considered
  298     true. Anything else is considered false.
  299 
  300     For options that take a list of values, the list is separated by colons
  301     (":") without spaces. Spaces are not currently supported in any value.
  302 
  303     See the SECURITY section of this man page for more information about
  304     security features.
  305 
  306     The following options are supported:
  307 
  308     stripdisclaimer true|false
  309         Strip off the disclaimer/header from the results returned by many
  310         registrars. This feature requires the sd.conf file.
  311 
  312     tld_conf filepath
  313         Alternate location for the tld.conf file. Default:
  314         /etc/whois/tld.conf
  315 
  316     sd_conf filepath
  317         Alternate location for the sd.conf file. Default: /etc/whois/sd.conf
  318 
  319     timeout number
  320         The number of seconds to timeout if a result is not returned by a
  321         whois server. Default: 60 seconds.
  322 
  323     default_host hostname
  324         A hostname to use as a default whois server if the TLD is not found
  325         in the tld.conf file. Default: whois.crsnic.net
  326 
  327     htmlfile filepath
  328         An HTML file to use for queries and results. Default: internal
  329 
  330     htmlfirst filepath
  331         An HTML file to use for the initial page. This is the page displayed
  332         when no query is submitted. Default: htmlfile or internal
  333 
  334     htmlnotfound filepath
  335         An HTML file to use for results that are not found. This is the page
  336         displayed when a query returns a negative response. It may be used
  337         to display a page indicating that a domain may be available for
  338         registration. Default: htmlfile or internal
  339 
  340     htmlfound filepath
  341         An HTML file to use for results that are found. This is the page
  342         displayed when a query returns a positive response. It may be used
  343         to display a page indicating that a domain is not available for
  344         registration. Default: htmlfile or internal
  345 
  346     error_403 filepath
  347         An HTML file to use for error 403 (Forbidden) results. Default:
  348         internal
  349 
  350     error_408 filepath
  351         An HTML file to use for error 408 (Expired Session) results.
  352         Default: internal
  353 
  354     logfile filepath
  355         This option enables logging and provides a path and filename for the
  356         log. Log entries look like this:
  357 
  358           2002-12-11 20:06:00 [12745] (192.168.0.30) whois.cgi: cgi domain: bw.org (1)
  359 
  360         Items are, from left to right:
  361 
  362            Date and time (UTC) of the log entry.
  363 
  364            The process ID, enclosed in square brackets.
  365 
  366            The IP address of the CGI client, enclosed in parenthesis. This
  367             item only appears in CGI mode.
  368 
  369            The process name, or the log_name (see below), followed by a
  370             colon.
  371 
  372            The text of the log entry (in this case, "cgi domain: bw.org").
  373 
  374            A log-level for this item. The log-level only appears if
  375             log_level (see below) is provided in the config file.
  376 
  377         Make sure the user-ID that owns the whois process has permission to
  378         write the log file. This option is usually used when running in CGI
  379         mode. In that case, you need to ensure that the user-ID of the web
  380         server has permission to write to the log file.
  381 
  382     log_level level
  383         level can be a number from 1-9.
  384 
  385         This item specifies what level of logging you want. Without this
  386         item, events with log-levels higher than 1 will not be logged. For
  387         most purposes, that will be fine. The higher the number, the more
  388         events get logged.
  389 
  390     log_name name
  391         This option provides a specific name for log entries. This will be
  392         used instead of the process-name in log entries.
  393 
  394     database token
  395         This option enables database operations. The token can be mysql,
  396         pgsql, or sqlite3 corresponding to the database system you are
  397         using.
  398 
  399     connect connect string
  400         This option is required if database is used. It specifies the
  401         connection parameters used to access the database. The format is:
  402 
  403          database:host:port:user:pass
  404 
  405         For example, if your database were named "whois" on the local
  406         machine, on the standard MySQL port (3306) and the user was "web"
  407         and the password was "foo.bar" you could use:
  408 
  409          connect whois:localhost:3306:web:foo.bar
  410 
  411         Note: if you are using SQLite 3 your connect string will only have
  412         the path to the database file, as in this example:
  413 
  414          connect /etc/whois/data/whois.db
  415 
  416     cache_table table_name
  417         The name of the database table to use for the results cache. This
  418         also serves to enable results caching.
  419 
  420     cache_expire seconds
  421         The number of seconds to hold a result before it is considered
  422         stale. Stale results will be refreshed when requested again.
  423         Default: 432000 seconds (five days).
  424 
  425     control_table table_name
  426         The table name to use for security control records. This is required
  427         to enable security control features.
  428 
  429     cookie_name cookie_name
  430         The name to use for control cookies. This also serves to enable the
  431         cookie control feature.
  432 
  433     cookie_expire seconds
  434         How many seconds a cookie is valid for. Default: 3600 seconds (one
  435         hour).
  436 
  437     ip_control number
  438         The number of hits allowed from one IP address within the ip_expire
  439         time. This also serves to enable the IP control feature.
  440 
  441     ip_expire seconds
  442         The number of seconds required between hits from one IP address
  443         before that address is expired from the control table.
  444 
  445     allow_referer list:of:domains
  446         A list of valid hostnames to allow in the "Referer:" header. Use a
  447         value of  to turn off referer checking entirely. Default: The
  448         hostname in the HTTP "Host:" header.
  449 
  450     direct_link number
  451         Allow links to a whois record without a cookie or a referer. This is
  452         useful for providing a link in an email message. The number is how
  453         many seconds apart to allow linked hits from the same IP address.
  454         This requires control_table and ip_control.
  455 
  456     outgoing_ip list:of:ip:addresses
  457         A list of IP addresses that can be used for the outgoing connection.
  458         BW Whois will select an address from this list at random and bind to
  459         that for your outgoing connection. This will help with some whois
  460         servers that block based on number of connections from a given IP
  461         address. These are IP addresses ON YOUR SYSTEM. You must have these
  462         IP addresses configured in order for them to work.
  463 
  464 ENVIRONMENT
  465     The environment variable "WHOIS_CONF" may be used to specify an
  466     alternate path to the whois.conf file.
  467 
  468     The environment variable "BW_WHOIS" is no longer supported.
  469 
  470 SECURITY
  471     This version of BW Whois contains features to help secure a
  472     web-accessable installation from abuse.
  473 
  474     Over the past few months many users of BW Whois have sustained attacks
  475     from automated web clients (bad robots) that would rapidly request whois
  476     results, presumably for illicit purposes. My own server was attacked and
  477     queries from my server became disallowed by Verisign (ne Network
  478     Solutions).
  479 
  480     When I first detected these attacks on my own site, I quickly
  481     implemented a simple control that kept a flat-file list of IP addresses
  482     and refused connections from an IP address after it was represented more
  483     than a given number of times in that file.
  484 
  485     A few weeks later the attack started up again from a number of IP
  486     addresses too large to control in this manner. I was amazed, to say the
  487     least. My server was blocked again by NSI. This was a coordinated attack
  488     from a large number of hosts on a large number of disparate networks.
  489 
  490     This time I buckled down and devised a set of controls that would
  491     require a lot more sophistication to subvert. So far these controls have
  492     been very successful on my server.
  493 
  494   Three Types of Controls
  495     There are three distinct types of controls. They can be used separately,
  496     but personally, I use all three and I recommend you do the same.
  497 
  498   Referer Controls
  499     The referer controls are enabled by default and do not require that a
  500     database be installed.
  501 
  502     If a request is received that does not provide an HTTP "Referer:"
  503     header, or provides a referer that does not match the hostname in the
  504     "Host:" header, the request is denied and a 403 (Forbidden) result code
  505     is returned.
  506 
  507     So far the robots do not provide an HTTP "Referer:" header, but I expect
  508     they will soon if people rely on this control without the others. It
  509     would be a trivial addition to their code.
  510 
  511   IP Controls
  512     The IP control requires an SQL database. Currently MySQL, PostgreSQL,
  513     and SQLite are supported.
  514 
  515     Whenever a request comes in from a web client, the database is queried
  516     to see if that IP address has visited recently. If not found, the
  517     request is allowed and a record is created.
  518 
  519     If the IP address is found in the database, a counter is updated to
  520     reflect how many hits have arrived from that address. If the count is
  521     above the limit, the request is denied and a 403 (Forbidden) result code
  522     is returned. If more than "ip_expire" seconds have passed since the last
  523     hit from that IP address, the count is reset and the request is allowed.
  524 
  525     This control will be difficult to subvert. The problem is that the count
  526     must be high enough to permit hits from clients behind proxy servers,
  527     such as AOL and Earthlink users.
  528 
  529   Cookie Controls
  530     The cookie controls also require an SQL database. Currently MySQL,
  531     PostgreSQL, and SQLite are supported.
  532 
  533     When a first request comes in from a web client (e.g., a request for a
  534     web form, but not for data), a unique cookie is generated with a 128-bit
  535     pseudo-random hash, and given to the browser. The cookie is then stored
  536     in the database with a timestamp showing when it was generated.
  537 
  538     When a web client makes a request that requires a data response, a
  539     registered cookie is required. If no cookie is provided a 403
  540     (Forbidden) result code is returned. If an expired cookie is provided a
  541     408 (Expired Session) result code is returned.
  542 
  543     A new cookie is generated on each connection from each client.
  544 
  545     In order to subvert this control, a robot would have to process and
  546     store actual cookies. So far, they don't do that.
  547 
  548   Direct Links
  549     Some users have requested a way to provide links to individual whois
  550     records to their clients in email messages. A facility is provided to
  551     allow this practice without significant compromise to the system.
  552 
  553     When the direct_link option is set in the whois.conf file, links are
  554     allowed with neiter a cookie nor a referer, but not if that IP address
  555     has been used within the number of seconds provided in the option line.
  556 
  557     This has the same problem as the IP controls with proxy clients, but it
  558     should work under most circumstances.
  559 
  560 CAVEATS
  561     Not all whois servers comply with RFC 954. Unfortunately that lack of
  562     compliance is so inconsistent that the same commands can produce wildly
  563     different results from server to server.
  564 
  565     This client deals with the situation by sending fully-qualified requests
  566     only to NSI's servers, and the simplest form of request to other
  567     servers. This tactic is not entirely reliable.
  568 
  569 SEE ALSO
  570     RFC 954: NICNAME/WHOIS
  571         http://www.ietf.org/rfc/rfc0954.txt
  572 
  573 FILES
  574     /etc/whois/tld.conf
  575         An optional table of TLDs and associated whois servers.
  576 
  577     /etc/whois/whois.conf
  578         A configuration file for optional flags and other configurable
  579         values.
  580 
  581     /etc/whois/sd.conf
  582         A configuration file for optional stripdisclaimer feature.
  583 
  584 NOTE BENE
  585     The format of the tld.conf file changed in version 2.7. Please be sure
  586     your file has leading dots (e.g. .au) if you are using a current version
  587     of BW Whois.
  588 
  589     The tld.conf file for versions 3.0 and above includes servers for the
  590     .COM, .NET, and .ORG domains. Older versions of the program did not
  591     support tld.conf file lookups for these domains.
  592 
  593     The default location for all the configuration files was changed to
  594     /etc/whois/ in version 3.1.
  595 
  596     The stripheader feature was changed to stripdisclaimer in version 3.1.
  597     This feature now requires the sd.conf configuration file.
  598 
  599 HISTORY
  600     The whois command first appeared in 4.3BSD. The BW Whois command first
  601     appeared 2 December 1999.
  602 
  603     See the HISTORY file for more detail about the history of BW Whois.
  604 
  605 AUTHOR
  606     Bill Weinman <http://bw.org/>
  607 
  608     You can find the latest version of BW Whois at <http://whois.bw.org/>.
  609 
  610     You can send email to Bill Weinman using the web form at
  611     <http://bw.org/contact/>.
  612 
  613 COPYRIGHT
  614     Copyright 1999-2012 William E. Weinman
  615 
  616     This program is free software. You may modify and distribute it under
  617     the same terms as perl itself.
  618