some shallow statistics about finding the name/netname for IP address using RDAP and WHOIS
Martin T
m4rtntns at gmail.com
Mon Oct 15 19:06:42 UTC 2018
Hi!
For testing a script I generated 10000 random IPv4 and global unicast
IPv6 addresses. For all those addresses I tried to find the
netname/name attribute value from WHOIS servers using the latest
version of https://github.com/rfc1036/whois and RDAP servers using the
curl. Basically 'whois -H <ip>' and 'curl -L
"https://rdap.db.ripe.net/ip/<ip>"'. Out of those 10000 random IPv4
and IPv6 addresses, 7351 gave the same name/netname using RDAP and
WHOIS. In case of 2285 addresses, the RDAP was able to find the name
while WHOIS was not. Probably thanks to bootstrap feature. In case of
364 addresses, the WHOIS found a different netname than RDAP. Those
cases can be seen here: http://termbin.com/p6u7 Left column is the
RDAP and the right one is the WHOIS. If "IANA-BLK" WHOIS results for
IPv6 are excluded, then only <1% of queries did not return a result
using RDAP while they did return a result using WHOIS.
In short, based on this small test, the RDAP is much more reliable
than WHOIS for finding the name/netname for an IP address.
Maybe those results are interesting or useful for somebody.
PS. IPv4 and IPv6 addresses were generated like this:
if (( $(($RANDOM % 2)) == 0 )); then
# Generate random IPv4 address.
printf -v ip '%d.%d.%d.%d' \
"$(($RANDOM % 256))" \
"$(($RANDOM % 256))" \
"$(($RANDOM % 256))" \
"$(($RANDOM % 256))"
else
# Gnerate random IPv6 global unicast address.
hex_digit=( 0 1 2 3 4 5 6 7 8 9 a b c d e f )
ip=
for i in {1..7}; do
nibble=
for i in {1..4}; do
nibble="$nibble""${hex_digit[$(($RANDOM % 16))]}"
done
ip="$ip":"$nibble"
done
ip=2001"$ip"
fi
Martin
More information about the NANOG
mailing list