On 7/31/06, Reinier <[EMAIL PROTECTED]> wrote:
joomlastats (the tool i use) then uses the RIPE whois function. I took a quick look at that website, and here i again get lost and require some proper knowledge. Can you shed some light as to how that works? Do they use the actual address of the owner of the domain?
The RIPE Database is an RPSL compliant whois implementation. It contains records of which Local Internet Registries have been allocated which blocks of IP addresses, and from those, which have been assigned to their customers (or customers of the customers). Anyway, for geography it is useful but not 100%, as it wasn't designed for this. Let's take an example from your earlier mail: 1) A provider in Israel gets an allocation from RIPE. inetnum: 81.199.0.0 - 81.199.255.255 org: ORG-IPNL1-RIPE netname: IL-IPPLANET-20021004 descr: Gilat Satcom country: IL They assign a /24 (call it 81.199.24.0/24) to an ISP operating in UG, but if they do not enter the assignment in the database, we can't get accurate geoloacation info. These addresses get assigned to hosts and infrastructure in UG. Your website gets a hit from one of these addresse, say 81.199.24.200) . Joomla tld lookup reports it being in IL, but it really is in UG. In this case, IPPLannet has entered the assignment in the RIPE Db: inetnum: 81.199.16.0 - 81.199.31.255 netname: CIDR-UTL-01 descr: Uganda Telecom country: UG admin-c: MM85-RIPE tech-c: MM85-RIPE status: ASSIGNED PA "status:" definitions notify: [EMAIL PROTECTED] mnt-by: AS12491-MNT mnt-routes: MNT-UTL changed: [EMAIL PROTECTED] 20040614 source: RIPE So we see the value "UG" in the country attribute. The reverse DNS is also made up of records in the RIPE Db. These allow you to find out which nameservers are authoritative for which blocks of addresses. So in our example above the IP block 81.199.24.0/24 gets "reversed" and put into a special DNS domain called in-addr.arpa (short for inverse-addressing address and routing parameter area). In this case the real world address space shows that it is UTL IP space. whois -h whois.ripe.net 24.199.81.in-addr.arpa gives: % This is the RIPE Whois query server #1. % The objects are in RPSL format. % domain: 24.199.81.in-addr.arpa descr: Uganda Telecom admin-c: MM85-RIPE tech-c: MM85-RIPE zone-c: MM85-RIPE nserver: ns1.ugandatelecom.com nserver: ns2.ugandatelecom.com source: RIPE mnt-by: AS12491-MNT No machine readable geolocation information here, but if you do a recursive query, you get this also: person: Michael Magambo address: Rwenzori Courts address: Lumumba Avenue address: Uganda Africa phone: +256 71 123 123 e-mail: [EMAIL PROTECTED] nic-hdl: MM85-RIPE mnt-by: M-LINK-MNT source: RIPE # Filtered No machine readable geolocation information here, either. In this rDNS area, most ISPs will NOT give you reverse for your specific IP. It involves a hack, has to be done on the ISP nameserver, (since reverse DNS is done on /24 bit boundary), and it takes manual intervention. This is not the neccesarrily the same as some naming convention for xDSL routers!! For example: 22k43h2938749832ho.suburb.losangeles.verizon.com does not 'resolve': [EMAIL PROTECTED] ~]$ dig 22k43h2938749832ho.suburb.losangeles.verizon.com/ ; <<>> DiG 9.3.2 <<>> 22k43h2938749832ho.suburb.losangeles.verizon.com/ ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39045 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;22k43h2938749832ho.suburb.losangeles.verizon.com/. IN A ;; AUTHORITY SECTION: . 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2006073100 1800 900 604800 86400 ;; Query time: 5 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 31 17:51:43 2006 ;; MSG SIZE rcvd: 142 but the other one you gave does resolve: [EMAIL PROTECTED] ~]$ dig cpe002078c78d8d-cm000e5c22a7be.cpe.net.cable.rogers.com ; <<>> DiG 9.3.2 <<>> cpe002078c78d8d-cm000e5c22a7be.cpe.net.cable.rogers.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21926 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;cpe002078c78d8d-cm000e5c22a7be.cpe.net.cable.rogers.com. IN A ;; ANSWER SECTION: cpe002078c78d8d-cm000e5c22a7be.cpe.net.cable.rogers.com. 1006 IN A 74.117.165.42 ;; AUTHORITY SECTION: cpe.net.cable.rogers.com. 86206 IN NS ns3.ym.rnc.net.cable.rogers.com. cpe.net.cable.rogers.com. 86206 IN NS ns3.wlfdle.rnc.net.cable.rogers.com. cpe.net.cable.rogers.com. 86206 IN NS ns2.ym.rnc.net.cable.rogers.com. cpe.net.cable.rogers.com. 86206 IN NS ns2.wlfdle.rnc.net.cable.rogers.com. ;; ADDITIONAL SECTION: ns2.ym.rnc.net.cable.rogers.com. 110458 IN A 24.153.22.142 ns2.wlfdle.rnc.net.cable.rogers.com. 110458 IN A 24.153.22.14 ns3.ym.rnc.net.cable.rogers.com. 110458 IN A 64.71.246.156 ns3.wlfdle.rnc.net.cable.rogers.com. 110458 IN A 64.71.246.28 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 31 17:54:22 2006 ;; MSG SIZE rcvd: 239 You'll never get rDNS for all IP's, nor will you get perfect geolocation data. This is why you and I got some Danish Google pages last month! ;-) -- Cheers, McTim $ whois -h whois.afrinic.net mctim _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
