Frank Habicht via db-wg <db-wg@ripe.net> wrote:
so on my self-hosted MTA I got an email [unsure about good intentions, thus checking origin] from 82.156.114.62
Whois directed to ripe, ripe said it's iana, iana said it's ripe
Yes, but it's a bit more subtle than that. I have hacked a bit on FreeBSD's whois client, and the way it handles cases like this is to start off with whois.iana.net as the authority for IPv4 /8 allocations. IANA says (amongst other things): whois: whois.ripe.net which is a common format for a whois referral. So, ask whois.ripe.net, which says (amongst other things): netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK In the context of the IANA referral, that line means the address block has been transferred out of the RIPE region, but RIPE's whois server will not tell you which other RIR to ask. (ARIN provides referrals in this situation; AfriNIC says which RIR to try in comments rather than as a formal referral.) So FreeBSD whois tries the other RIRs in turn, starting with ARIN, because ARIN is often more knowledgable/informative than the other RIRs, especially for legacy allocations. But ARIN doesn't know about this block and just provides a referral to RIPE: ReferralServer: whois://whois.ripe.net So next guess APNIC, which it turns out does know about this address block. I have complained before that RIPE's whois server ought to provide proper referrals when the database has information about which RIR is responsible for an address block. Tony. -- f.anthony.n.finch <dot@dotat.at> https://dotat.at/ Shannon, Rockall: Westerly or northwesterly, backing southerly or southwesterly, then westerly later in west, 4 to 6, occasionally 7 later. Moderate or rough, becoming rough. Thundery showers. Good, occasionally poor later.