Mike Rosing <[EMAIL PROTECTED]> wrote: > I'm not a router guru, maybe somebody can explain these results: > > $ dig 216.34.94.186 > > ; <<>> DiG 9.2.0 <<>> 216.34.94.186 > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2646 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;216.34.94.186. IN A > > ;; AUTHORITY SECTION: > . 86400 IN SOA A.ROOT-SERVERS.NET. > NSTLD.VERISIGN-GRS.COM. 2003032700 1800 900 604800 86400 > > ;; Query time: 113 msec > ;; SERVER: 128.104.20.18#53(128.104.20.18) > ;; WHEN: Wed Mar 26 23:19:48 2003 > ;; MSG SIZE rcvd: 106 > > $ host 216.34.94.186 > 186.94.34.216.in-addr.arpa is an alias for > 186.160/27.94.34.216.in-addr.arpa. > 186.160/27.94.34.216.in-addr.arpa domain name pointer redirect.dnsix.com. > > How do I chase this thing down to who actually owns it?
whois aljazeera.net? Registrant: Jazeera Space Channel TV station (ALJAZEERA2-DOM) P.O. Box 231234 Doha QA Domain Name: ALJAZEERA.NET Administrative Contact: AlaliAJ7476, MJ (HCSGDXPWTI) [EMAIL PROTECTED] Al Jazeera Space TV Station Po Box. 211234 Doha, QT 7476 QA +974 07 04 17761 +999 999 9999 Technical Contact: VeriSign, Inc. (HOST-ORG) [EMAIL PROTECTED] VeriSign, Inc. 21355 Ridgetop Circle Dulles, VA 20166 US 1-888-642-9675 Record expires on 31-Aug-2010. Record created on 30-Aug-1996. Database last updated on 27-Mar-2003 14:33:52 EST. Domain servers in listed order: NS3.ALJAZEERA.NET 213.30.180.218 ALJNS1SA.NAV-LINK.NET 217.26.193.15 Do you want to look for the domain registrars, the people who own the nameservers, the people who own the netblocks the web site lives in, the people who own the netblocks the nameservers live in... ? It looks like, from below, the IP address is with dotster... > Note I do get: > > $ host www.aljazeera.net > www.aljazeera.net has address 216.34.94.186 > > So why the original error response if "host" can find it? > Interesting! Because 'host' is doing magic that 'dig' presumes you don't want done. Try this instead of your dig command above: % dig -x 216.34.94.186 ; <<>> DiG 8.3 <<>> 216.34.94.186 ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; 216.34.94.186, type = A, class = IN ;; Total query time: 97 msec ;; FROM: <removed> to SERVER: default -- <removed> ;; WHEN: Thu Mar 27 14:34:42 2003 ;; MSG SIZE sent: 31 rcvd: 31 % dig -x 216.34.94.186 ; <<>> DiG 8.3 <<>> -x ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUERY SECTION: ;; 186.94.34.216.in-addr.arpa, type = ANY, class = IN ;; ANSWER SECTION: 186.94.34.216.in-addr.arpa. 1D IN CNAME 186.160/27.94.34.216.in-addr.arpa. ;; AUTHORITY SECTION: 94.34.216.in-addr.arpa. 1H IN NS dns02.exodus.net. 94.34.216.in-addr.arpa. 1H IN NS dns03.exodus.net. 94.34.216.in-addr.arpa. 1H IN NS dns04.exodus.net. 94.34.216.in-addr.arpa. 1H IN NS dns01.exodus.net. ;; ADDITIONAL SECTION: dns02.exodus.net. 21H IN A 209.1.222.245 dns03.exodus.net. 21H IN A 209.1.222.246 dns04.exodus.net. 21H IN A 209.1.222.247 dns01.exodus.net. 21H IN A 209.1.222.244 ;; Total query time: 236 msec ;; FROM: <removed> to SERVER: default -- <removed> ;; WHEN: Thu Mar 27 14:34:45 2003 ;; MSG SIZE sent: 44 rcvd: 249 (Remember, 216.34.94.186 when doing DNS lookups is actually 186.94.34.216.in-addr.arpa...) So we take a look at that CNAME... % dig any 186.160/27.94.34.216.in-addr.arpa. ; <<>> DiG 8.3 <<>> 186.160/27.94.34.216.in-addr.arpa. any ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUERY SECTION: ;; 186.160/27.94.34.216.in-addr.arpa, type = ANY, class = IN ;; ANSWER SECTION: 186.160/27.94.34.216.in-addr.arpa. 23h57m3s IN PTR redirect.dnsix.com. ;; AUTHORITY SECTION: 160/27.94.34.216.in-addr.arpa. 1d9h19m32s IN NS ns1.dotster.com. 160/27.94.34.216.in-addr.arpa. 1d9h19m32s IN NS ns2.dotster.com. ;; ADDITIONAL SECTION: ns1.dotster.com. 23h44m IN A 64.94.117.199 ns2.dotster.com. 23h44m IN A 63.251.83.78 ;; Total query time: 1 msec ;; FROM: <removed> to SERVER: default -- <removed> ;; WHEN: Thu Mar 27 14:47:36 2003 ;; MSG SIZE sent: 51 rcvd: 159 And voila! We have what looks like a dnsix.com IP ownership, hosted from dotster, who gets service through Exodus! A quick 'whois' check verifies (most of) that... % whois 216.34.94.186 OrgName: Cable & Wireless OrgID: EXCW Address: 3300 Regency Pkwy City: Cary StateProv: NC PostalCode: 27511 Country: US NetRange: 216.32.0.0 - 216.35.255.255 CIDR: 216.32.0.0/14 NetName: LEGACY-8 NetHandle: NET-216-32-0-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Allocation NameServer: DNS01.EXODUS.NET NameServer: DNS02.EXODUS.NET NameServer: DNS03.EXODUS.NET NameServer: DNS04.EXODUS.NET Comment: * Rwhois reassignment information for this block is available at: Comment: * rwhois.exodus.net 4321 Comment: * For abuse please contact [EMAIL PROTECTED] RegDate: 1998-07-30 Updated: 2002-10-30 TechHandle: ZC221-ARIN TechName: Cable & Wireless TechPhone: +1-919-465-4023 TechEmail: [EMAIL PROTECTED] OrgAbuseHandle: ABUSE11-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-877-393-7878 OrgAbuseEmail: [EMAIL PROTECTED] OrgNOCHandle: NOC99-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-800-977-4662 OrgNOCEmail: [EMAIL PROTECTED] OrgTechHandle: EIAA-ARIN OrgTechName: Exodus IP Address Administration OrgTechPhone: +1-888-239-6387 OrgTechEmail: [EMAIL PROTECTED] OrgTechHandle: GIAA-ARIN OrgTechName: Global IP Address Administration OrgTechPhone: +1-919-465-4096 OrgTechEmail: [EMAIL PROTECTED] # ARIN WHOIS database, last updated 2003-03-26 20:00 # Enter ? for additional hints on searching ARIN's WHOIS database. Follow the little white rwhois... % whois -h rwhois.exodus.net -p rwhois 216.34.94.186 %rwhois V-1.5:001ab7:00 rwhois.exodus.net (Exodus Communications) network:Class-Name:network network:Auth-Area:0.0.0.0/0 network:Network-Name:216.34.94.160 network:IP-Network:216.34.94.160/27 network:Organization;I:Dotster, Inc. network:Name;I:George DeCarlo network:Email;I:[EMAIL PROTECTED] network:Street;I:11807 N.E. 99th Street. Suite 1100 network:City;I:Vancouver network:State;I:WA network:Postal-Code;I:98682 network:Country-Code;I:USA network:Class-Name:network network:Auth-Area:0.0.0.0/0 network:Network-Name:216.34.64.0 network:IP-Network:216.34.64.0/19 network:Organization;I:Exodus IDC - SE/SE2 network:Name;I:Exodus IP Address Administrator network:Email;I:[EMAIL PROTECTED] network:Street;I:12301 Pacific Coast Hwy network:City;I:Tukwila network:State;I:WA network:Postal-Code;I:98168 network:Country-Code;I:USA network:Class-Name:network network:Auth-Area:0.0.0.0/0 network:Network-Name:216.32.0.0 network:IP-Network:216.32.0.0/14 network:Organization;I:Exodus Communications (Exodus Legacy) network:Name;I:Exodus Hostmaster network:Phone;I:888-239-6387 network:Email;I:[EMAIL PROTECTED] network:Street;I:2831 Mission College Boulevard network:City;I:Santa Clara network:State;I:CA network:Postal-Code;I:95054 network:Country-Code;I:US Feel free to correct/add anything, anyone...