Whois broken for IP address queries

For Developers
1

It seems that the busybox whois is broken for IP address queries in OpenWrt 18.06. It used to work, in Bleeding Edge (r49395) for example.

In Archlinux you do:
whois 136.49.31.225
and you get:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
#


NetRange:       136.32.0.0 - 136.63.255.255
CIDR:           136.32.0.0/11
NetName:        GOOGLE-FIBER
NetHandle:      NET-136-32-0-0-1
Parent:         NET136 (NET-136-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Google Fiber Inc. (GF)
RegDate:        2015-10-06
Updated:        2015-10-06
Ref:            https://rdap.arin.net/registry/ip/136.32.0.0



OrgName:        Google Fiber Inc.
OrgId:          GF
Address:        1600 Amphitheatre Parkway
City:           Mountain View
StateProv:      CA
PostalCode:     94043
Country:        US
RegDate:        2010-10-08
Updated:        2017-01-28
Ref:            https://rdap.arin.net/registry/entity/GF

ReferralServer:  rwhois://rwhois.googlefiber.net:8987

OrgTechHandle: ZG39-ARIN
OrgTechName:   Google LLC
OrgTechPhone:  +1-650-253-0000 
OrgTechEmail:  arin-contact@google.com
OrgTechRef:    https://rdap.arin.net/registry/entity/ZG39-ARIN

OrgAbuseHandle: GFA32-ARIN
OrgAbuseName:   Google Fiber Abuse
OrgAbusePhone:  +1-650-253-0000 
OrgAbuseEmail:  abuse@googlefiber.net
OrgAbuseRef:    https://rdap.arin.net/registry/entity/GFA32-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
#



Found a referral to rwhois.googlefiber.net:8987.

%rwhois V-1.5:000090:00 rwhois.googlefiber.net
network:ID:NET-GF-V4-136-49-16-0
network:IP-Network:136.49.16.0/20
network:Org-Name:Google Fiber Inc.
network:Description:Residential Market Area
network:Street-Address:201 Colorado Street
network:City:Austin
network:State:TX
network:Postal-Code:78701
network:Country-Code:US

%ok

In Bleeding Edge you had to specify the server (like whois.ripe.net) and you got the same output.

In 18.06:
whois -h whois.arin.net 136.49.31.225
results in:

[Querying whois.arin.net:43 '136.49.31.225']
[Querying whois.arin.net:43 'domain 136.49.31.225']
[whois.arin.net]

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "e / domain 136.49.31.225"
#
# Use "?" to get help.
#

No match found for domain 136.49.31.225.


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
#

There is no useful output. The reason for this is that two queries are performed as you can see at the start of the output:

[Querying whois.arin.net:43 '136.49.31.225']
[Querying whois.arin.net:43 'domain 136.49.31.225']

Only the output of the second query is output to the screen. Unfortunately this is the wrong query (domain 136.49.31.225) and the result of the correct query (136.49.31.225) is not output.

I confirmed this with a network analyser. The first query gives a result similar to the one executed on Archlinux but never makes it to the output.

Who can repair this?

2

You're one up on me, where whois is not implemented in a build off master.

How things worked in Barrier Breaker or Chaos Calmer are, at this point in time, interesting points in history, but "ancient" history.

CONFIG_BUSYBOX_CONFIG_WHOIS can be set during a from-source build. I didn't immediately find a package that supplies whois, though there may be one.

Edit: https://lookup.icann.org/ is another option for certain queries

1 Like
3

Note that all busybox tools are meant to be small items providing the key functionality of the usual Linux tools, not the full versatility of the original full tool.

Busybox whois was heavily rewritten in 2016
https://git.busybox.net/busybox/log/networking/whois.c

Thus the previous version that was in busybox in 2015 (and in OpenWrt BB14.07, CC15.05 and the OpenWrt trunk of that time) was heavily modified. The new version is in the new busybox versions since then, and thus also in OpenWrt 18.06 and 19.07 and master ...

The busybox people upstream. You can help them in that task, hopefully.

2 Likes
4

I wonder how to contact the developer because if he removes this:

	if (!success && !pfx[0]) {
		/*
		 * Looking at /etc/jwhois.conf, some whois servers use
		 * "domain = DOMAIN", "DOMAIN ID <DOMAIN>"
		 * and "domain=DOMAIN_WITHOUT_LAST_COMPONENT"
		 * formats, but those are rare.
		 * (There are a few even more contrived ones.)
		 * We are trying only "domain DOMAIN", the typical one.
		 */
		pfx = "domain ";
		bufpos = 0;
		goto again;
	}

in whois.c it works fine for me :smile:

5

https://busybox.net/FAQ.html