"Fossies" - the Fresh Open Source Software Archive
Member "whois-5.5.2/whois.txt" (8 Aug 2012, 24768 Bytes) of package /linux/privat/old/whois-5.5.2.tgz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard
) with prefixed line numbers.
Alternatively you can here view
the uninterpreted source code file.
2 BW Whois -- A whois client by Bill Weinman
5 whois [options] request[@host[:port]] [ ... ]
8 This documents BW Whois version 5.5.2
11 BW Whois was originally designed to work with the new "Shared
12 Registration System" whois introduced 1 December 1999. This new system
13 has proved to be remarkably disorganized and inconsistent, resulting in
14 tremendous confusion for those of us who need to find the ownership of a
15 domain now and then.
17 This program mitigates most of that confusion by referring to a table of
18 TLDs (Top-Level Domains) and associated registrars in the tld.conf file.
20 Over the past few years this program has evolved into the most
21 full-featured whois client available providing features like a
22 self-detecting CGI mode and SQL database caching, for those who need
23 such features, while still maintaining a simple command-line interface
24 for those who just need that.
26 The CGI mode can be secured against abuse by a number of different
27 methods including "Referer:" headers, IP addresses, and a system of
28 128-bit hashed cookies. These security options can be tailored to suit
29 the demands of a given installation using the whois.conf configuration
32 There are features to support a web-based whois service, including
33 support for Apache-style server-side includes, and support for a
34 distinct initial page a "domain not found" page.
36 An optional caching capability is provide for using an SQL database
37 (currently MySQL, PostgreSQL and SQLite are supported). When configured
38 for caching, requests are forwarded to the corresponding whois server
39 only if the cache does not contain a result for the given request/server
40 combination. Cached values are expired after a configurable amount of
44 When given a request, the program first checks the requested domain
45 against the tld.conf file for an associated whois server. If not found
46 the program will then submit the request to the "root" whois server
47 (currently whois.crsnic.net) and wait for a referral to a registrar's
48 whois server.
50 If given a referral, the program will then submit the request a second
51 time to the referred whois server.
53 The request can be a domain name, (e.g. whois bw.org) or any other
54 entity that the given host can resolve (e.g. whois
57 If request is an IP address (or part thereof), the ARIN whois server
58 will be used as a root server (whois.arin.net).
60 If host is specified, the request will be sent literally to the
61 specified host.
63 If both host and port are specified, the request will be sent to that
64 host using the specified port instead of the normal whois port (43).
66 Multiple requests on a single command line are supported.
68 Self-detecting CGI Support
69 BW Whois detects CGI operation by looking for the standard "SCRIPT_NAME"
70 environment variable. This behavior can be overridden by using the
71 --nocgi switch.
73 In CGI mode the program attempts to make intelligent links out of IP
74 addresses, domain names, and handles. It doesn't always get it right,
75 but it tries real hard!
77 You can also specify an optional whois.html file to create your own
78 look. The HTML file will need a few simple "placeholders" in it. The
79 placeholders are replaced at runtime with the various values which make
80 this work. These placeholders are represented by text enclosed in '$'
81 signs like this: "$PLACEHOLDER$"
83 Separate HTML files may be specified for an initial page and a "not
84 found" page, if desired.
86 The placeholders are described here:
89 The URI path of the program on your web server, taken from the value
90 of the "SCRIPT_NAME" environment variable.
93 The domain that was last looked up, if any.
96 The result of the whois query from BW Whois.
98 You can get an example file from the program with:
100 whois --makehtml > whois.html
102 Optional Apache SSI Support
103 If you need to include other files into your HTML file dynamically,
104 experimental support for Apache-style SSI (server-side includes) is
105 provided with the bwInclude.pm module. This currently works only for
106 "include virtual" and "echo var" directives.
108 Simply place the bwInclude.pm file with your other perl module files, or
109 specify the directory that contains the module in the "use lib" line in
110 the source code.
112 Optional TLD Table Support
113 Bcause of the unfortunate design of the Shared Registration System, only
114 the .COM, .NET, and .ORG Top-Level Domains (TLDs) are referred by the
115 "root" domain servers at whois.crsnic.net and whois.internic.net. If you
116 want results for other TLDs you must know where to find them, and there
117 is no central repository for current whois server referrals.
119 The optional tld.conf file includes whois servers for all known TLDs,
120 and some second-level domains that are registrered separately (e.g.
121 .net.au, .uk.com, etc.).
123 The format of the tld.conf file is as follows:
125 Lines that begin with "#" are ignored.
127 Token lines are like:
129 token token optional comments
131 The first token is the TLD, the leading dot (".") is required.
133 The second token is the fully-qualified domain name for the whois
134 server that responds to requests for the given TLD.
136 The two tokens can be separated by spaces and/or tabs
138 Anything on the line after the second token is ignored.
140 A leading "#" for in-line comments is not required, but may be in
141 the future.
143 The file is searched sequentially, so it's important to have
144 2nd-level domains earlier in the file than corresponding top-level
145 domains. (e.g. .net.au before .au).
147 Optional Support for Stripping Disclaimers
148 Most whois servers deliver a disclaimer along with thier whois results.
149 The disclaimer generallly says something like "By submitting the request
150 that you already submitted before you saw this agreement you have agreed
151 to this binding contract. Haha!"
153 Many people who are not otherwise lawyers are annoyed by this. The
154 stripdisclaimer option will remove the disclaimers before you see them.
156 This feature requires the sd.conf file.
158 The format of the sd.conf file is:
160 server "first line" "last line"
162 server is the DNS name of the whois server
164 "first line" and "last line" are regular expressions that match
165 the first and last line (respectively) of the disclaimer to be
166 stripped. The quotes are required.
168 Netblock Referrals
169 This program attempts to find netblock requests. If a request is
170 entirely numeric (e.g. 123.234), the program first checks with
171 whois.arin.net (ARIN). If an ARIN record contains a referral to another
172 whois system, (e.g. RIPE or APNIC) the program will attempt to detect
173 that and snatch the record from the referened whois system. Note: ARIN's
174 records are very inconsistent in their formatting, so this may not
175 always do something intelligent.
177 Packed IP addresses
178 If the request is a string of numbers without any other characters, the
179 program will treat it as a 32-bit (packed) IP address. It will first
180 unpack it into dotted-quad notation and then submit it to the ARIN whois
183 Packed IP addresses are often used by spammers in an attempt to confuse
184 those who might try to report thier abuse. This feature makes it easy
185 for you to decypher those addresses and find the owner of the netblock
186 all in one step.
188 IP addresses are actually 32-bit integers (until we get IPv6 -- but
189 that's another story). The common notation represents the address as
190 four separate 8-bit integers, like this: 126.96.36.199 (actually one of
191 ARIN's servers). That's called "dotted-quad" notaion. If you were to
192 represent that address as one big 32-bit integer it would look like
193 this: 3231054869. I call that a "packed" IP address.
195 Sometimes a spammer will use a packed IP address in a URL like this:
199 That address will work in a web browser, but it's hard to look up. This
200 program will accept a packed IP address like this:
202 whois 3231054869
204 The program will unpack it into dotted-quad notation, and submit it to
205 the ARIN whois server just like a normal IP address.
207 COMMAND LINE SWITCHES
209 Print a usage message.
212 Print the version information and exit.
215 Full path to the configuration file. Default: /etc/whois/whois.conf
217 --refresh, -r
218 Refresh the cache for this query. Forces the request to go to the
219 whois server even if the result is cached. (Only valid if caching is
223 Full path/file name for tld.conf file. Default: /etc/whois/tld.conf
225 --host=host, -h host
226 Specify a specific host.
228 --port=port, -p port
229 Specify an alternate port.
232 Set the timeout to a number of seconds. The default is 60 seconds if
233 this is not specified.
235 --quiet, -q
236 Be wery, wery quiet. I'm hunting wabbits. (--quiet overrides
239 --verbose, -v
240 Show details of every step. (--quiet overrides --verbose)
242 --stripdisclaimer, -s
243 Sets the stripdisclaimer mode. The program makes an attempt to strip
244 off those inane disclaimers that so many registries are starting to
245 include with their whois records. This feature requires the sd.conf
249 Writes a sample HTML file (for CGI mode use) to standard out.
252 Prevent CGI mode. This is useful if you have a script that used a
253 legacy character-mode whois program.
256 Create HTML links of handles, IP addresses, and domains without
257 using HTML in the rest of the output. Useful with --nocgi for using
258 an external wrapper CGI program.
261 Allow japanese output from nic.ad.jp.
263 CONFIGURATION FILE
264 A sample whois.conf file is included with the BW Whois distribution. It
265 is not necessary to use the whois.conf file to use the program.
267 If you want to use advanced features, such as caching or optional CGI
268 security features, you will need to install the whois.conf file and
269 configure it to reflect your preferences.
271 The standard location for whois.conf is in the /etc/whois directory. If
272 you do not have access to that directory, or are running on a non-UNIX
273 operating system that does not use the /etc directory, you may specify
274 another location by setting the "WHOIS_CONF" environment variable or by
275 editing the source code.
277 If you need to edit the source code, be sure you are using a plain
278 text editor (not a word processor!) and that you save the file with
279 appropriate line-endings for your system. If you do not understand those
280 distinctions I highly recommend that you find a friend or hire a
281 consultant who knows about such things. (The author is occasionally
282 available for such small consulting tasks -- feel free to contact him if
283 you need help.)
285 Format of the Config File
286 The config file format is very simple.
288 Lines that begin with "#" are considered comments and are ignored.
290 Anything after a "#" to the end of a line is considered a comment and
293 The format of each non-comment line is:
295 option value
297 For logical values, "1" or "true" (without the quotes) are considered
298 true. Anything else is considered false.
300 For options that take a list of values, the list is separated by colons
301 (":") without spaces. Spaces are not currently supported in any value.
303 See the SECURITY section of this man page for more information about
304 security features.
306 The following options are supported:
308 stripdisclaimer true|false
309 Strip off the disclaimer/header from the results returned by many
310 registrars. This feature requires the sd.conf file.
312 tld_conf filepath
313 Alternate location for the tld.conf file. Default:
316 sd_conf filepath
317 Alternate location for the sd.conf file. Default: /etc/whois/sd.conf
319 timeout number
320 The number of seconds to timeout if a result is not returned by a
321 whois server. Default: 60 seconds.
323 default_host hostname
324 A hostname to use as a default whois server if the TLD is not found
325 in the tld.conf file. Default: whois.crsnic.net
327 htmlfile filepath
328 An HTML file to use for queries and results. Default: internal
330 htmlfirst filepath
331 An HTML file to use for the initial page. This is the page displayed
332 when no query is submitted. Default: htmlfile or internal
334 htmlnotfound filepath
335 An HTML file to use for results that are not found. This is the page
336 displayed when a query returns a negative response. It may be used
337 to display a page indicating that a domain may be available for
338 registration. Default: htmlfile or internal
340 htmlfound filepath
341 An HTML file to use for results that are found. This is the page
342 displayed when a query returns a positive response. It may be used
343 to display a page indicating that a domain is not available for
344 registration. Default: htmlfile or internal
346 error_403 filepath
347 An HTML file to use for error 403 (Forbidden) results. Default:
350 error_408 filepath
351 An HTML file to use for error 408 (Expired Session) results.
352 Default: internal
354 logfile filepath
355 This option enables logging and provides a path and filename for the
356 log. Log entries look like this:
358 2002-12-11 20:06:00  (192.168.0.30) whois.cgi: cgi domain: bw.org (1)
360 Items are, from left to right:
362 Date and time (UTC) of the log entry.
364 The process ID, enclosed in square brackets.
366 The IP address of the CGI client, enclosed in parenthesis. This
367 item only appears in CGI mode.
369 The process name, or the log_name (see below), followed by a
372 The text of the log entry (in this case, "cgi domain: bw.org").
374 A log-level for this item. The log-level only appears if
375 log_level (see below) is provided in the config file.
377 Make sure the user-ID that owns the whois process has permission to
378 write the log file. This option is usually used when running in CGI
379 mode. In that case, you need to ensure that the user-ID of the web
380 server has permission to write to the log file.
382 log_level level
383 level can be a number from 1-9.
385 This item specifies what level of logging you want. Without this
386 item, events with log-levels higher than 1 will not be logged. For
387 most purposes, that will be fine. The higher the number, the more
388 events get logged.
390 log_name name
391 This option provides a specific name for log entries. This will be
392 used instead of the process-name in log entries.
394 database token
395 This option enables database operations. The token can be mysql,
396 pgsql, or sqlite3 corresponding to the database system you are
399 connect connect string
400 This option is required if database is used. It specifies the
401 connection parameters used to access the database. The format is:
405 For example, if your database were named "whois" on the local
406 machine, on the standard MySQL port (3306) and the user was "web"
407 and the password was "foo.bar" you could use:
409 connect whois:localhost:3306:web:foo.bar
411 Note: if you are using SQLite 3 your connect string will only have
412 the path to the database file, as in this example:
414 connect /etc/whois/data/whois.db
416 cache_table table_name
417 The name of the database table to use for the results cache. This
418 also serves to enable results caching.
420 cache_expire seconds
421 The number of seconds to hold a result before it is considered
422 stale. Stale results will be refreshed when requested again.
423 Default: 432000 seconds (five days).
425 control_table table_name
426 The table name to use for security control records. This is required
427 to enable security control features.
429 cookie_name cookie_name
430 The name to use for control cookies. This also serves to enable the
431 cookie control feature.
433 cookie_expire seconds
434 How many seconds a cookie is valid for. Default: 3600 seconds (one
437 ip_control number
438 The number of hits allowed from one IP address within the ip_expire
439 time. This also serves to enable the IP control feature.
441 ip_expire seconds
442 The number of seconds required between hits from one IP address
443 before that address is expired from the control table.
445 allow_referer list:of:domains
446 A list of valid hostnames to allow in the "Referer:" header. Use a
447 value of to turn off referer checking entirely. Default: The
448 hostname in the HTTP "Host:" header.
450 direct_link number
451 Allow links to a whois record without a cookie or a referer. This is
452 useful for providing a link in an email message. The number is how
453 many seconds apart to allow linked hits from the same IP address.
454 This requires control_table and ip_control.
456 outgoing_ip list:of:ip:addresses
457 A list of IP addresses that can be used for the outgoing connection.
458 BW Whois will select an address from this list at random and bind to
459 that for your outgoing connection. This will help with some whois
460 servers that block based on number of connections from a given IP
461 address. These are IP addresses ON YOUR SYSTEM. You must have these
462 IP addresses configured in order for them to work.
465 The environment variable "WHOIS_CONF" may be used to specify an
466 alternate path to the whois.conf file.
468 The environment variable "BW_WHOIS" is no longer supported.
471 This version of BW Whois contains features to help secure a
472 web-accessable installation from abuse.
474 Over the past few months many users of BW Whois have sustained attacks
475 from automated web clients (bad robots) that would rapidly request whois
476 results, presumably for illicit purposes. My own server was attacked and
477 queries from my server became disallowed by Verisign (ne Network
480 When I first detected these attacks on my own site, I quickly
481 implemented a simple control that kept a flat-file list of IP addresses
482 and refused connections from an IP address after it was represented more
483 than a given number of times in that file.
485 A few weeks later the attack started up again from a number of IP
486 addresses too large to control in this manner. I was amazed, to say the
487 least. My server was blocked again by NSI. This was a coordinated attack
488 from a large number of hosts on a large number of disparate networks.
490 This time I buckled down and devised a set of controls that would
491 require a lot more sophistication to subvert. So far these controls have
492 been very successful on my server.
494 Three Types of Controls
495 There are three distinct types of controls. They can be used separately,
496 but personally, I use all three and I recommend you do the same.
498 Referer Controls
499 The referer controls are enabled by default and do not require that a
500 database be installed.
502 If a request is received that does not provide an HTTP "Referer:"
503 header, or provides a referer that does not match the hostname in the
504 "Host:" header, the request is denied and a 403 (Forbidden) result code
505 is returned.
507 So far the robots do not provide an HTTP "Referer:" header, but I expect
508 they will soon if people rely on this control without the others. It
509 would be a trivial addition to their code.
511 IP Controls
512 The IP control requires an SQL database. Currently MySQL, PostgreSQL,
513 and SQLite are supported.
515 Whenever a request comes in from a web client, the database is queried
516 to see if that IP address has visited recently. If not found, the
517 request is allowed and a record is created.
519 If the IP address is found in the database, a counter is updated to
520 reflect how many hits have arrived from that address. If the count is
521 above the limit, the request is denied and a 403 (Forbidden) result code
522 is returned. If more than "ip_expire" seconds have passed since the last
523 hit from that IP address, the count is reset and the request is allowed.
525 This control will be difficult to subvert. The problem is that the count
526 must be high enough to permit hits from clients behind proxy servers,
527 such as AOL and Earthlink users.
529 Cookie Controls
530 The cookie controls also require an SQL database. Currently MySQL,
531 PostgreSQL, and SQLite are supported.
533 When a first request comes in from a web client (e.g., a request for a
534 web form, but not for data), a unique cookie is generated with a 128-bit
535 pseudo-random hash, and given to the browser. The cookie is then stored
536 in the database with a timestamp showing when it was generated.
538 When a web client makes a request that requires a data response, a
539 registered cookie is required. If no cookie is provided a 403
540 (Forbidden) result code is returned. If an expired cookie is provided a
541 408 (Expired Session) result code is returned.
543 A new cookie is generated on each connection from each client.
545 In order to subvert this control, a robot would have to process and
546 store actual cookies. So far, they don't do that.
548 Direct Links
549 Some users have requested a way to provide links to individual whois
550 records to their clients in email messages. A facility is provided to
551 allow this practice without significant compromise to the system.
553 When the direct_link option is set in the whois.conf file, links are
554 allowed with neiter a cookie nor a referer, but not if that IP address
555 has been used within the number of seconds provided in the option line.
557 This has the same problem as the IP controls with proxy clients, but it
558 should work under most circumstances.
561 Not all whois servers comply with RFC 954. Unfortunately that lack of
562 compliance is so inconsistent that the same commands can produce wildly
563 different results from server to server.
565 This client deals with the situation by sending fully-qualified requests
566 only to NSI's servers, and the simplest form of request to other
567 servers. This tactic is not entirely reliable.
569 SEE ALSO
570 RFC 954: NICNAME/WHOIS
575 An optional table of TLDs and associated whois servers.
578 A configuration file for optional flags and other configurable
582 A configuration file for optional stripdisclaimer feature.
584 NOTE BENE
585 The format of the tld.conf file changed in version 2.7. Please be sure
586 your file has leading dots (e.g. .au) if you are using a current version
587 of BW Whois.
589 The tld.conf file for versions 3.0 and above includes servers for the
590 .COM, .NET, and .ORG domains. Older versions of the program did not
591 support tld.conf file lookups for these domains.
593 The default location for all the configuration files was changed to
594 /etc/whois/ in version 3.1.
596 The stripheader feature was changed to stripdisclaimer in version 3.1.
597 This feature now requires the sd.conf configuration file.
600 The whois command first appeared in 4.3BSD. The BW Whois command first
601 appeared 2 December 1999.
603 See the HISTORY file for more detail about the history of BW Whois.
606 Bill Weinman <http://bw.org/>
608 You can find the latest version of BW Whois at <http://whois.bw.org/>.
610 You can send email to Bill Weinman using the web form at
614 Copyright 1999-2012 William E. Weinman
616 This program is free software. You may modify and distribute it under
617 the same terms as perl itself.