whois hacked? - google data changed
Christopher Browne
cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Wed Oct 31 15:55:11 UTC 2012
On Tue, Oct 30, 2012 at 10:11 AM, Lennart Sorensen
<lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org> wrote:
> On Tue, Oct 30, 2012 at 01:07:02AM -0400, Walter Dnes wrote:
>> That is not a compromise. Anybody can set up ***SUB*** domains
>> containing any legal characters. E.g. I could easily set up
>> GOOGLE.COM.WALTDNES.ORG which is *NOT* the same as
>> GOOGLE.COM/WALTDNES.ORG
>>
>> Notice the slash and the dot? Question; is there a way to search for
>> the end of the name? Something equivalant to regex "GOOGLE.COM$"
>
> Well typically for DNS stuff, if you care, you put a period at the end.
>
> google.com. for example.
>
> Unfortunately it seems whois doesn't work that way.
The WHOIS RFC <http://tools.ietf.org/html/rfc3912> specifies very
little about what data is to be returned, which means that almost
however egregious the result returned, it's not provably "wrong."
That being said, the result for GOOGLE.COM seems a little surprising to me.
The expected information about that singular zone is listed, at the
bottom, and a query is passed on to the relevant registrar, to get
contact information.
The additional information, with a whole series of "GOOGLE.COM.*"
entries, are evidently the list of nameservers/hosts (as per RFC 5732)
that begin with the specified string. It's a bit bizarre if you
weren't expecting it :-).
--
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list