[DBWG] WHOIS filtering and the "-B" option
Michel Odou
michel.odou at afrinic.net
Fri Nov 18 09:39:34 UTC 2016
Hi all,
Concerning the filtering functions (they are actually two: one that
filters the emails, another one that filters the authentication
details), there is an explanation at
https://www.ripe.net/publications/docs/ripe-358.
-- begin quote:
A filtering process restricts some data from default query results. This
applies to e-mail contact data. When a user is searching for abuse
contact data, they sometimes take all e-mail addresses found in all
objects returned from a query. This may include the correct address.
However, it often also includes many other addresses for people who are
not responsible for handling such complaints.
To help overcome this issue, some attributes containing e-mail addresses
are filtered out of the default output. Other attributes, also
containing e-mail addresses, are filtered if one of the returned objects
includes an “abuse-mailbox:” attribute.
-- end of quote
So the intention behind this behavior is not to prevent spammers get the
email addresses. They can get them if they want - and btw, if you want
to update an object, the WHOIS requires you to send the complete RPSL
object (including emails and auth details) otherwise the update will be
rejected.
On the other side, note that there is a limit on the queries to person
and role objects. Every IP address has a default daily limit of 5000
queries. If the limit is reached within 24 hours, the IP address is
blocked for 24 hours. If the same IP address was blocked more than 10
times in the last 3 months, then it will not be allowed to query the
WHOIS during one year.
Some white-listed addresses are not limited but this is done on a
case-by-case basis.
Regards,
Michel
On 18/11/2016 6:25 PM, Seun Ojedeji wrote:
> Well I don't use the -B option often (nevermind that I don't have
> need/reason to consult whois that often). I just don't see a problem we
> are solving by removing the filter option but I see a problem we may be
> solving by leaving it. No matter how little it is, not everyone uses a
> -B option and it just makes sense for the contact details to be filtered
> by default
>
> Cheers!
>
> On Fri, Nov 18, 2016 at 10:10 AM, Mark Elkins <mje at posix.co.za
> <mailto:mje at posix.co.za>> wrote:
>
> I usually run whois without the '-B' - realise stuff is filtered - then
> re-run with '-B'. Unless, as Frank asks, there is some form of rate
> limiting - then there is probably little point in filtering. It would
> be cute that if the request is from an IP address associated to the
> results, that any form of rate limiting is ignored - if there is rate
> limiting.
>
> On 18/11/2016 09:46, Alan Barrett wrote:
> > The AFRINIC WHOIS server “filters” results by default. It seems
> to delete all fields that contain
> email addresses.
> >
> > For example, here are two queries with and without “-B”:
> >
> > $ whois -h whois.afrinic.net <http://whois.afrinic.net>
> IT7-AFRINIC | egrep -v '^%|^$'
> > person: Infrastructure Team
> > address: AFRINIC Ltd
> > address: 11th Floor, Standard Chartered Tower
> > address: 19, Cybercity
> > address: Ebène
> > address: Mauritius
> > phone: +230 403 51 00 <tel:%2B230%20403%2051%2000>
> > nic-hdl: IT7-AFRINIC
> > source: AFRINIC # Filtered
> >
> > $ whois -h whois.afrinic.net <http://whois.afrinic.net> -- '-B
> IT7-AFRINIC' | egrep -v '^%|^$
> > person: Infrastructure Team
> > address: AFRINIC Ltd
> > address: 11th Floor, Standard Chartered Tower
> > address: 19, Cybercity
> > address: Ebène
> > address: Mauritius
> > phone: +230 403 51 00 <tel:%2B230%20403%2051%2000>
> > e-mail: sysadmin at afrinic.net <mailto:sysadmin at afrinic.net>
> > nic-hdl: IT7-AFRINIC
> > changed: hiba at afrinic.net <mailto:hiba at afrinic.net> 20130416
> > changed: radha.ramphul at afrinic.net
> <mailto:radha.ramphul at afrinic.net> 20160808
> > source: AFRINIC
> >
> > I have two questions about this:
> >
> > 1. Instead of deleting the lines that are “filtered”, would it
> make sense to replace them
> with some sort of explanation that the information has been filtered?
> For example, like this:
> >
> > person: Infrastructure Team
> > address: AFRINIC Ltd
> > address: 11th Floor, Standard Chartered Tower
> > address: 19, Cybercity
> > address: Ebène
> > address: Mauritius
> > phone: +230 403 51 00 <tel:%2B230%20403%2051%2000>
> > e-mail: # Filtered
> > nic-hdl: IT7-AFRINIC
> > changed: # Filtered
> > source: AFRINIC # Filtered
> >
> > 2. Is it useful to censor the email addresses by default? It
> seems to me that this adds
> no security (because the query can simply be repeated with the “-B”
> option), and reduces the usefulness.
> >
> > Alan Barrett
>
>
> --
> Mark James ELKINS - Posix Systems - (South) Africa
> mje at posix.co.za <mailto:mje at posix.co.za> Tel: +27.128070590
> <tel:%2B27.128070590> Cell: +27.826010496 <tel:%2B27.826010496>
> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
>
>
> _______________________________________________
> DBWG mailing list
> DBWG at afrinic.net <mailto:DBWG at afrinic.net>
> https://lists.afrinic.net/mailman/listinfo/dbwg
> <https://lists.afrinic.net/mailman/listinfo/dbwg>
>
>
>
>
> --
> ------------------------------------------------------------------------
>
> /Seun Ojedeji,
> Federal University Oye-Ekiti
> web: http://www.fuoye.edu.ng
> Mobile: +2348035233535
> //alt email:<http://goog_1872880453>seun.ojedeji at fuoye.edu.ng
> <mailto:seun.ojedeji at fuoye.edu.ng>/
>
> Bringing another down does not take you up - think about your
> action!
>
>
>
>
> _______________________________________________
> DBWG mailing list
> DBWG at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/dbwg
>
More information about the DBWG
mailing list