Another day, another illicit SQUAT - WebNX (AS18450) 22.214.171.124/24
dot at dotat.at
Mon Oct 31 10:57:00 UTC 2016
Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
> You are correct. In this case, it would have been helpful if APNIC's WHOIS
> server returned something, when queried about 126.96.36.199, that would
> include an explicit referral to the ARIN WHOIS server. I mean they
> obviously know all the transfers they've made.
Yes, the state of whois referrals from RIRs is a bit of a mess.
I have changed FreeBSD whois to rely more on referrals than built-in
knowledge, and this mostly works. There are a couple of hacks to cope with
awkward RIRs: AfriNIC's referrals are human-readable though they can be
parsed if you assume the rubric is fixed; for RIPE, if the netname is
NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK it is treated as a referral to ARIN;
there's a similar hack for APNIC's ERX-NETBLOCKs - but evidently this
doesn't apply to more recently transferred net blocks :-(
It's probably time to make whois use RDAP under the covers for address
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Southeast Iceland: Westerly veering northwesterly 6 to gale 8, decreasing 4 or
5 for a time. Rough or very rough, occasionally high at first, then becoming
moderate in west. Showers. Good, occasionally poor.
More information about the NANOG