"Fossies" - the Fresh Open Source Software Archive

Member "whois-5.5.2/whois.txt" (8 Aug 2012, 24768 Bytes) of package /linux/privat/old/whois-5.5.2.tgz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 NAME
    2     BW Whois -- A whois client by Bill Weinman
    5     whois [options] request[@host[:port]] [ ... ]
    8     This documents BW Whois version 5.5.2
   11     BW Whois was originally designed to work with the new "Shared
   12     Registration System" whois introduced 1 December 1999. This new system
   13     has proved to be remarkably disorganized and inconsistent, resulting in
   14     tremendous confusion for those of us who need to find the ownership of a
   15     domain now and then.
   17     This program mitigates most of that confusion by referring to a table of
   18     TLDs (Top-Level Domains) and associated registrars in the tld.conf file.
   20     Over the past few years this program has evolved into the most
   21     full-featured whois client available providing features like a
   22     self-detecting CGI mode and SQL database caching, for those who need
   23     such features, while still maintaining a simple command-line interface
   24     for those who just need that.
   26     The CGI mode can be secured against abuse by a number of different
   27     methods including "Referer:" headers, IP addresses, and a system of
   28     128-bit hashed cookies. These security options can be tailored to suit
   29     the demands of a given installation using the whois.conf configuration
   30     file.
   32     There are features to support a web-based whois service, including
   33     support for Apache-style server-side includes, and support for a
   34     distinct initial page a "domain not found" page.
   36     An optional caching capability is provide for using an SQL database
   37     (currently MySQL, PostgreSQL and SQLite are supported). When configured
   38     for caching, requests are forwarded to the corresponding whois server
   39     only if the cache does not contain a result for the given request/server
   40     combination. Cached values are expired after a configurable amount of
   41     time.
   44     When given a request, the program first checks the requested domain
   45     against the tld.conf file for an associated whois server. If not found
   46     the program will then submit the request to the "root" whois server
   47     (currently whois.crsnic.net) and wait for a referral to a registrar's
   48     whois server.
   50     If given a referral, the program will then submit the request a second
   51     time to the referred whois server.
   53     The request can be a domain name, (e.g. whois bw.org) or any other
   54     entity that the given host can resolve (e.g. whois
   55     !ww104@whois.networksolutions.com).
   57     If request is an IP address (or part thereof), the ARIN whois server
   58     will be used as a root server (whois.arin.net).
   60     If host is specified, the request will be sent literally to the
   61     specified host.
   63     If both host and port are specified, the request will be sent to that
   64     host using the specified port instead of the normal whois port (43).
   66     Multiple requests on a single command line are supported.
   68   Self-detecting CGI Support
   69     BW Whois detects CGI operation by looking for the standard "SCRIPT_NAME"
   70     environment variable. This behavior can be overridden by using the
   71     --nocgi switch.
   73     In CGI mode the program attempts to make intelligent links out of IP
   74     addresses, domain names, and handles. It doesn't always get it right,
   75     but it tries real hard!
   77     You can also specify an optional whois.html file to create your own
   78     look. The HTML file will need a few simple "placeholders" in it. The
   79     placeholders are replaced at runtime with the various values which make
   80     this work. These placeholders are represented by text enclosed in '$'
   81     signs like this: "$PLACEHOLDER$"
   83     Separate HTML files may be specified for an initial page and a "not
   84     found" page, if desired.
   86     The placeholders are described here:
   88     $SELF$
   89         The URI path of the program on your web server, taken from the value
   90         of the "SCRIPT_NAME" environment variable.
   92     $DOMAIN$
   93         The domain that was last looked up, if any.
   95     $RESULT$
   96         The result of the whois query from BW Whois.
   98     You can get an example file from the program with:
  100         whois --makehtml > whois.html
  102   Optional Apache SSI Support
  103     If you need to include other files into your HTML file dynamically,
  104     experimental support for Apache-style SSI (server-side includes) is
  105     provided with the bwInclude.pm module. This currently works only for
  106     "include virtual" and "echo var" directives.
  108     Simply place the bwInclude.pm file with your other perl module files, or
  109     specify the directory that contains the module in the "use lib" line in
  110     the source code.
  112   Optional TLD Table Support
  113     Bcause of the unfortunate design of the Shared Registration System, only
  114     the .COM, .NET, and .ORG Top-Level Domains (TLDs) are referred by the
  115     "root" domain servers at whois.crsnic.net and whois.internic.net. If you
  116     want results for other TLDs you must know where to find them, and there
  117     is no central repository for current whois server referrals.
  119     The optional tld.conf file includes whois servers for all known TLDs,
  120     and some second-level domains that are registrered separately (e.g.
  121     .net.au, .uk.com, etc.).
  123     The format of the tld.conf file is as follows:
  125        Lines that begin with "#" are ignored.
  127        Token lines are like:
  129             token  token  optional comments
  131        The first token is the TLD, the leading dot (".") is required.
  133        The second token is the fully-qualified domain name for the whois
  134         server that responds to requests for the given TLD.
  136        The two tokens can be separated by spaces and/or tabs
  138        Anything on the line after the second token is ignored.
  140        A leading "#" for in-line comments is not required, but may be in
  141         the future.
  143        The file is searched sequentially, so it's important to have
  144         2nd-level domains earlier in the file than corresponding top-level
  145         domains. (e.g. .net.au before .au).
  147   Optional Support for Stripping Disclaimers
  148     Most whois servers deliver a disclaimer along with thier whois results.
  149     The disclaimer generallly says something like "By submitting the request
  150     that you already submitted before you saw this agreement you have agreed
  151     to this binding contract. Haha!"
  153     Many people who are not otherwise lawyers are annoyed by this. The
  154     stripdisclaimer option will remove the disclaimers before you see them.
  156     This feature requires the sd.conf file.
  158     The format of the sd.conf file is:
  160         server "first line" "last line"
  162        server is the DNS name of the whois server
  164        "first line" and "last line" are regular expressions that match
  165         the first and last line (respectively) of the disclaimer to be
  166         stripped. The quotes are required.
  168   Netblock Referrals
  169     This program attempts to find netblock requests. If a request is
  170     entirely numeric (e.g. 123.234), the program first checks with
  171     whois.arin.net (ARIN). If an ARIN record contains a referral to another
  172     whois system, (e.g. RIPE or APNIC) the program will attempt to detect
  173     that and snatch the record from the referened whois system. Note: ARIN's
  174     records are very inconsistent in their formatting, so this may not
  175     always do something intelligent.
  177   Packed IP addresses
  178     If the request is a string of numbers without any other characters, the
  179     program will treat it as a 32-bit (packed) IP address. It will first
  180     unpack it into dotted-quad notation and then submit it to the ARIN whois
  181     server.
  183     Packed IP addresses are often used by spammers in an attempt to confuse
  184     those who might try to report thier abuse. This feature makes it easy
  185     for you to decypher those addresses and find the owner of the netblock
  186     all in one step.
  188     IP addresses are actually 32-bit integers (until we get IPv6 -- but
  189     that's another story). The common notation represents the address as
  190     four separate 8-bit integers, like this: (actually one of
  191     ARIN's servers). That's called "dotted-quad" notaion. If you were to
  192     represent that address as one big 32-bit integer it would look like
  193     this: 3231054869. I call that a "packed" IP address.
  195     Sometimes a spammer will use a packed IP address in a URL like this:
  197         http://3231054869/index.html
  199     That address will work in a web browser, but it's hard to look up. This
  200     program will accept a packed IP address like this:
  202         whois 3231054869
  204     The program will unpack it into dotted-quad notation, and submit it to
  205     the ARIN whois server just like a normal IP address.
  208     --help
  209         Print a usage message.
  211     --version
  212         Print the version information and exit.
  214     --config=path
  215         Full path to the configuration file. Default: /etc/whois/whois.conf
  217     --refresh, -r
  218         Refresh the cache for this query. Forces the request to go to the
  219         whois server even if the result is cached. (Only valid if caching is
  220         configured.)
  222     --tld=path
  223         Full path/file name for tld.conf file. Default: /etc/whois/tld.conf
  225     --host=host, -h host
  226         Specify a specific host.
  228     --port=port, -p port
  229         Specify an alternate port.
  231     --timeout=seconds
  232         Set the timeout to a number of seconds. The default is 60 seconds if
  233         this is not specified.
  235     --quiet, -q
  236         Be wery, wery quiet. I'm hunting wabbits. (--quiet overrides
  237         --verbose)
  239     --verbose, -v
  240         Show details of every step. (--quiet overrides --verbose)
  242     --stripdisclaimer, -s
  243         Sets the stripdisclaimer mode. The program makes an attempt to strip
  244         off those inane disclaimers that so many registries are starting to
  245         include with their whois records. This feature requires the sd.conf
  246         file.
  248     --makehtml
  249         Writes a sample HTML file (for CGI mode use) to standard out.
  251     --nocgi
  252         Prevent CGI mode. This is useful if you have a script that used a
  253         legacy character-mode whois program.
  255     --html
  256         Create HTML links of handles, IP addresses, and domains without
  257         using HTML in the rest of the output. Useful with --nocgi for using
  258         an external wrapper CGI program.
  260     --jpokay
  261         Allow japanese output from nic.ad.jp.
  264     A sample whois.conf file is included with the BW Whois distribution. It
  265     is not necessary to use the whois.conf file to use the program.
  267     If you want to use advanced features, such as caching or optional CGI
  268     security features, you will need to install the whois.conf file and
  269     configure it to reflect your preferences.
  271     The standard location for whois.conf is in the /etc/whois directory. If
  272     you do not have access to that directory, or are running on a non-UNIX
  273     operating system that does not use the /etc directory, you may specify
  274     another location by setting the "WHOIS_CONF" environment variable or by
  275     editing the source code.
  277     If you need to edit the source code, be sure you are using a plain
  278     text editor (not a word processor!) and that you save the file with
  279     appropriate line-endings for your system. If you do not understand those
  280     distinctions I highly recommend that you find a friend or hire a
  281     consultant who knows about such things. (The author is occasionally
  282     available for such small consulting tasks -- feel free to contact him if
  283     you need help.)
  285   Format of the Config File
  286     The config file format is very simple.
  288     Lines that begin with "#" are considered comments and are ignored.
  290     Anything after a "#" to the end of a line is considered a comment and
  291     ignored.
  293     The format of each non-comment line is:
  295      option value
  297     For logical values, "1" or "true" (without the quotes) are considered
  298     true. Anything else is considered false.
  300     For options that take a list of values, the list is separated by colons
  301     (":") without spaces. Spaces are not currently supported in any value.
  303     See the SECURITY section of this man page for more information about
  304     security features.
  306     The following options are supported:
  308     stripdisclaimer true|false
  309         Strip off the disclaimer/header from the results returned by many
  310         registrars. This feature requires the sd.conf file.
  312     tld_conf filepath
  313         Alternate location for the tld.conf file. Default:
  314         /etc/whois/tld.conf
  316     sd_conf filepath
  317         Alternate location for the sd.conf file. Default: /etc/whois/sd.conf
  319     timeout number
  320         The number of seconds to timeout if a result is not returned by a
  321         whois server. Default: 60 seconds.
  323     default_host hostname
  324         A hostname to use as a default whois server if the TLD is not found
  325         in the tld.conf file. Default: whois.crsnic.net
  327     htmlfile filepath
  328         An HTML file to use for queries and results. Default: internal
  330     htmlfirst filepath
  331         An HTML file to use for the initial page. This is the page displayed
  332         when no query is submitted. Default: htmlfile or internal
  334     htmlnotfound filepath
  335         An HTML file to use for results that are not found. This is the page
  336         displayed when a query returns a negative response. It may be used
  337         to display a page indicating that a domain may be available for
  338         registration. Default: htmlfile or internal
  340     htmlfound filepath
  341         An HTML file to use for results that are found. This is the page
  342         displayed when a query returns a positive response. It may be used
  343         to display a page indicating that a domain is not available for
  344         registration. Default: htmlfile or internal
  346     error_403 filepath
  347         An HTML file to use for error 403 (Forbidden) results. Default:
  348         internal
  350     error_408 filepath
  351         An HTML file to use for error 408 (Expired Session) results.
  352         Default: internal
  354     logfile filepath
  355         This option enables logging and provides a path and filename for the
  356         log. Log entries look like this:
  358           2002-12-11 20:06:00 [12745] ( whois.cgi: cgi domain: bw.org (1)
  360         Items are, from left to right:
  362            Date and time (UTC) of the log entry.
  364            The process ID, enclosed in square brackets.
  366            The IP address of the CGI client, enclosed in parenthesis. This
  367             item only appears in CGI mode.
  369            The process name, or the log_name (see below), followed by a
  370             colon.
  372            The text of the log entry (in this case, "cgi domain: bw.org").
  374            A log-level for this item. The log-level only appears if
  375             log_level (see below) is provided in the config file.
  377         Make sure the user-ID that owns the whois process has permission to
  378         write the log file. This option is usually used when running in CGI
  379         mode. In that case, you need to ensure that the user-ID of the web
  380         server has permission to write to the log file.
  382     log_level level
  383         level can be a number from 1-9.
  385         This item specifies what level of logging you want. Without this
  386         item, events with log-levels higher than 1 will not be logged. For
  387         most purposes, that will be fine. The higher the number, the more
  388         events get logged.
  390     log_name name
  391         This option provides a specific name for log entries. This will be
  392         used instead of the process-name in log entries.
  394     database token
  395         This option enables database operations. The token can be mysql,
  396         pgsql, or sqlite3 corresponding to the database system you are
  397         using.
  399     connect connect string
  400         This option is required if database is used. It specifies the
  401         connection parameters used to access the database. The format is:
  403          database:host:port:user:pass
  405         For example, if your database were named "whois" on the local
  406         machine, on the standard MySQL port (3306) and the user was "web"
  407         and the password was "foo.bar" you could use:
  409          connect whois:localhost:3306:web:foo.bar
  411         Note: if you are using SQLite 3 your connect string will only have
  412         the path to the database file, as in this example:
  414          connect /etc/whois/data/whois.db
  416     cache_table table_name
  417         The name of the database table to use for the results cache. This
  418         also serves to enable results caching.
  420     cache_expire seconds
  421         The number of seconds to hold a result before it is considered
  422         stale. Stale results will be refreshed when requested again.
  423         Default: 432000 seconds (five days).
  425     control_table table_name
  426         The table name to use for security control records. This is required
  427         to enable security control features.
  429     cookie_name cookie_name
  430         The name to use for control cookies. This also serves to enable the
  431         cookie control feature.
  433     cookie_expire seconds
  434         How many seconds a cookie is valid for. Default: 3600 seconds (one
  435         hour).
  437     ip_control number
  438         The number of hits allowed from one IP address within the ip_expire
  439         time. This also serves to enable the IP control feature.
  441     ip_expire seconds
  442         The number of seconds required between hits from one IP address
  443         before that address is expired from the control table.
  445     allow_referer list:of:domains
  446         A list of valid hostnames to allow in the "Referer:" header. Use a
  447         value of  to turn off referer checking entirely. Default: The
  448         hostname in the HTTP "Host:" header.
  450     direct_link number
  451         Allow links to a whois record without a cookie or a referer. This is
  452         useful for providing a link in an email message. The number is how
  453         many seconds apart to allow linked hits from the same IP address.
  454         This requires control_table and ip_control.
  456     outgoing_ip list:of:ip:addresses
  457         A list of IP addresses that can be used for the outgoing connection.
  458         BW Whois will select an address from this list at random and bind to
  459         that for your outgoing connection. This will help with some whois
  460         servers that block based on number of connections from a given IP
  461         address. These are IP addresses ON YOUR SYSTEM. You must have these
  462         IP addresses configured in order for them to work.
  465     The environment variable "WHOIS_CONF" may be used to specify an
  466     alternate path to the whois.conf file.
  468     The environment variable "BW_WHOIS" is no longer supported.
  471     This version of BW Whois contains features to help secure a
  472     web-accessable installation from abuse.
  474     Over the past few months many users of BW Whois have sustained attacks
  475     from automated web clients (bad robots) that would rapidly request whois
  476     results, presumably for illicit purposes. My own server was attacked and
  477     queries from my server became disallowed by Verisign (ne Network
  478     Solutions).
  480     When I first detected these attacks on my own site, I quickly
  481     implemented a simple control that kept a flat-file list of IP addresses
  482     and refused connections from an IP address after it was represented more
  483     than a given number of times in that file.
  485     A few weeks later the attack started up again from a number of IP
  486     addresses too large to control in this manner. I was amazed, to say the
  487     least. My server was blocked again by NSI. This was a coordinated attack
  488     from a large number of hosts on a large number of disparate networks.
  490     This time I buckled down and devised a set of controls that would
  491     require a lot more sophistication to subvert. So far these controls have
  492     been very successful on my server.
  494   Three Types of Controls
  495     There are three distinct types of controls. They can be used separately,
  496     but personally, I use all three and I recommend you do the same.
  498   Referer Controls
  499     The referer controls are enabled by default and do not require that a
  500     database be installed.
  502     If a request is received that does not provide an HTTP "Referer:"
  503     header, or provides a referer that does not match the hostname in the
  504     "Host:" header, the request is denied and a 403 (Forbidden) result code
  505     is returned.
  507     So far the robots do not provide an HTTP "Referer:" header, but I expect
  508     they will soon if people rely on this control without the others. It
  509     would be a trivial addition to their code.
  511   IP Controls
  512     The IP control requires an SQL database. Currently MySQL, PostgreSQL,
  513     and SQLite are supported.
  515     Whenever a request comes in from a web client, the database is queried
  516     to see if that IP address has visited recently. If not found, the
  517     request is allowed and a record is created.
  519     If the IP address is found in the database, a counter is updated to
  520     reflect how many hits have arrived from that address. If the count is
  521     above the limit, the request is denied and a 403 (Forbidden) result code
  522     is returned. If more than "ip_expire" seconds have passed since the last
  523     hit from that IP address, the count is reset and the request is allowed.
  525     This control will be difficult to subvert. The problem is that the count
  526     must be high enough to permit hits from clients behind proxy servers,
  527     such as AOL and Earthlink users.
  529   Cookie Controls
  530     The cookie controls also require an SQL database. Currently MySQL,
  531     PostgreSQL, and SQLite are supported.
  533     When a first request comes in from a web client (e.g., a request for a
  534     web form, but not for data), a unique cookie is generated with a 128-bit
  535     pseudo-random hash, and given to the browser. The cookie is then stored
  536     in the database with a timestamp showing when it was generated.
  538     When a web client makes a request that requires a data response, a
  539     registered cookie is required. If no cookie is provided a 403
  540     (Forbidden) result code is returned. If an expired cookie is provided a
  541     408 (Expired Session) result code is returned.
  543     A new cookie is generated on each connection from each client.
  545     In order to subvert this control, a robot would have to process and
  546     store actual cookies. So far, they don't do that.
  548   Direct Links
  549     Some users have requested a way to provide links to individual whois
  550     records to their clients in email messages. A facility is provided to
  551     allow this practice without significant compromise to the system.
  553     When the direct_link option is set in the whois.conf file, links are
  554     allowed with neiter a cookie nor a referer, but not if that IP address
  555     has been used within the number of seconds provided in the option line.
  557     This has the same problem as the IP controls with proxy clients, but it
  558     should work under most circumstances.
  561     Not all whois servers comply with RFC 954. Unfortunately that lack of
  562     compliance is so inconsistent that the same commands can produce wildly
  563     different results from server to server.
  565     This client deals with the situation by sending fully-qualified requests
  566     only to NSI's servers, and the simplest form of request to other
  567     servers. This tactic is not entirely reliable.
  569 SEE ALSO
  570     RFC 954: NICNAME/WHOIS
  571         http://www.ietf.org/rfc/rfc0954.txt
  573 FILES
  574     /etc/whois/tld.conf
  575         An optional table of TLDs and associated whois servers.
  577     /etc/whois/whois.conf
  578         A configuration file for optional flags and other configurable
  579         values.
  581     /etc/whois/sd.conf
  582         A configuration file for optional stripdisclaimer feature.
  585     The format of the tld.conf file changed in version 2.7. Please be sure
  586     your file has leading dots (e.g. .au) if you are using a current version
  587     of BW Whois.
  589     The tld.conf file for versions 3.0 and above includes servers for the
  590     .COM, .NET, and .ORG domains. Older versions of the program did not
  591     support tld.conf file lookups for these domains.
  593     The default location for all the configuration files was changed to
  594     /etc/whois/ in version 3.1.
  596     The stripheader feature was changed to stripdisclaimer in version 3.1.
  597     This feature now requires the sd.conf configuration file.
  600     The whois command first appeared in 4.3BSD. The BW Whois command first
  601     appeared 2 December 1999.
  603     See the HISTORY file for more detail about the history of BW Whois.
  605 AUTHOR
  606     Bill Weinman <http://bw.org/>
  608     You can find the latest version of BW Whois at <http://whois.bw.org/>.
  610     You can send email to Bill Weinman using the web form at
  611     <http://bw.org/contact/>.
  614     Copyright 1999-2012 William E. Weinman
  616     This program is free software. You may modify and distribute it under
  617     the same terms as perl itself.