New RIPE Whois Database Manual
Dear Colleagues, We are pleased to announce the publication of an updated RIPE Whois Database Document. ripe-358 RIPE Whois Database Query Reference Manual Previously, this was part of ripe-252, The RIPE Database Reference Manual. The content has been thoroughly revised and updated. We have also improved the wording to make it clearer. We are now working on producing a RIPE Whois Database Update Reference Manual. The two new manuals together will obsolete ripe-252. You can find the document at: http://www.ripe.net/ripe/docs/db-query-manual.html Regards Denis Walker Software Enginerring Department RIPE NCC
At 11:46 AM 10-10-05 +0200, Denis Walker wrote: Excellent! If and when you update ripe-358 please include an appendix with some common query examples. I would also update the search page and advanced search pages at: http://www.ripe.net/fcgi-bin/whois to point to this doc rather than the database doc. Thanks, Hank
Dear Colleagues,
We are pleased to announce the publication of an updated RIPE Whois Database Document.
ripe-358 RIPE Whois Database Query Reference Manual
Previously, this was part of ripe-252, The RIPE Database Reference Manual. The content has been thoroughly revised and updated. We have also improved the wording to make it clearer.
We are now working on producing a RIPE Whois Database Update Reference Manual. The two new manuals together will obsolete ripe-252.
You can find the document at:
http://www.ripe.net/ripe/docs/db-query-manual.html
Regards Denis Walker Software Enginerring Department RIPE NCC
+++++++++++++++++++++++++++++++++++++++++++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC.
Hi,
ripe-358 RIPE Whois Database Query Reference Manual
You can find the document at: http://www.ripe.net/ripe/docs/db-query-manual.html
I'm in the process of modifying the cyberabuse whois so that it can use the new "abuse-oriented" query flag and object in ripe's db. I've just read the reference manual and here are my comments : 1 - The "-c" flag... From the manual : "Sometimes, no inet(6)num object is found in the hierarchy containing a reference to an irt object. In this the query will return no objects." Do you really think anyone is going to implement it if it does "one more query for nothing (ie: empty result)" ... in most cases ? It should return the "classic" (ie: without -c (but still processing other flags)) result if nothing is found... 2 - "e-mail" field of the IRT object Why would you want to hide the "e-mail" field of the IRT object by default (forcing the use of -B to get it) ? Do you really think people who want to contact an IRT will call/snailmail it for a security incident, or is it a bug ? 3 - "abuse-mailbox" field of the IRT object Why would an IRT object specify an abuse-mailbox, while there's already an e-mail field that is mandatory ? An IRT's e-mail address is an abuse-mailbox by definition, isn't it ? Sincerely, Philippe Bourcier
1 - The "-c" flag... From the manual : "Sometimes, no inet(6)num object is found in the hierarchy containing a reference to an irt object. In this the query will return no objects." Do you really think anyone is going to implement it if it does "one more query for nothing (ie: empty result)" ... in most cases ? It should return the "classic" (ie: without -c (but still processing other flags)) result if nothing is found... There is a consensus in the working group to make all queries return the relevant IRT records by default, so it's not clear what will happen to
On Oct 22, Philippe Bourcier <philippe@cyberabuse.org> wrote: the -c flag. I'm waiting for RIPE staff to comment on when it will be possible to implement the changes discussed. (Also, was this discussed at the last meeting?)
2 - "e-mail" field of the IRT object Why would you want to hide the "e-mail" field of the IRT object by default (forcing the use of -B to get it) ? Because of morons writing scripts which send mail to every address they see.
3 - "abuse-mailbox" field of the IRT object Why would an IRT object specify an abuse-mailbox, while there's already an e-mail field that is mandatory ? An IRT's e-mail address is an abuse-mailbox by definition, isn't it ? Just use it instead of the email attribute, if it exists.
-- ciao, Marco
On Sun, Oct 23, 2005 at 12:21:09PM +0200, Marco d'Itri wrote:
2 - "e-mail" field of the IRT object Why would you want to hide the "e-mail" field of the IRT object by default (forcing the use of -B to get it) ? Because of morons writing scripts which send mail to every address they see.
Those morons will just add -B to their scripts. Regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Re,
2 - "e-mail" field of the IRT object Those morons will just add -B to their scripts.
So true...
3 - "abuse-mailbox" field of the IRT object Why would an IRT object specify an abuse-mailbox, while there's=20 already an e-mail field that is mandatory ? An IRT's e-mail address is an abuse-mailbox by definition, isn't it ? Just use it instead of the email attribute, if it exists.
Is it really impossible to recognize that this is an error and that the IRT e-mail field should be switched to "not-hidden" (and I'm sure all IRTs agree on this one) ? If "-c" flag is merged with the "classic output", then the scripts that catch every email in the RIPE whois will catch the IRT one, which is in fact what everybody wants... Another solution is to ask all the IRT to add an abuse-mailbox field, but I wonder how you are going to explain to them why... Sincerely, Philippe Bourcier
On Sun, Oct 23, 2005 at 05:25:04PM +0200, Daniel Roesen wrote:
On Sun, Oct 23, 2005 at 12:21:09PM +0200, Marco d'Itri wrote:
2 - "e-mail" field of the IRT object Why would you want to hide the "e-mail" field of the IRT object by default (forcing the use of -B to get it) ? Because of morons writing scripts which send mail to every address they see.
Those morons will just add -B to their scripts.
Which reminds me, why is the hint to use -B in the output of whois. That makes it very easy to find out. Regards, Andre Koopal
Andre, Andre Koopal wrote:
On Sun, Oct 23, 2005 at 05:25:04PM +0200, Daniel Roesen wrote:
On Sun, Oct 23, 2005 at 12:21:09PM +0200, Marco d'Itri wrote:
2 - "e-mail" field of the IRT object Why would you want to hide the "e-mail" field of the IRT object by default (forcing the use of -B to get it) ?
Because of morons writing scripts which send mail to every address they see.
Those morons will just add -B to their scripts.
Which reminds me, why is the hint to use -B in the output of whois. That makes it very easy to find out.
IIRC, the idea was never to hide the attributes filtered by default. The idea was to avoid people doing: $ whois -h whois.ripe.net 1.2.3.4 | grep @ And e-mailing a bunch of useless addresses. We include the comment about -B because this was the first time that the default output of the Whois server was changed to modify the contents of objects. I thought it was very important that people be able to know how to get the original, unmodified objects. A few data points: Date Total queries -B queries Total IP's -B IP's 2005-10-23 2139305 58973 2.8% 45069 1143 2.5% 2005-10-24 2237340 72880 3.3% 51970 1346 2.6% 2005-10-25 2569724 170948 6.7% 49852 1521 3.1% 2005-10-26 2562303 98482 3.8% 52478 1526 2.9% A relatively small percentage of queries actually uses the -B flag, and these queries come from a relatively small percentage of IP addresses. I also looked at the counts of objects returned, and found them to be roughly similar. (The number "-B" queries is actually an overcount, because I just looked for "B" anywhere in the query string, but a quick look shows that almost all occurrences of "B" are for the flag. The number of IP's is an undercount, because we get a lot of queries from www.ripe.net, and I didn't convert these to the original client IP address. This is for both the total and the -B.) The message that I take from this is that when you put data in the database, you can assume that most users will get the default output. -- Shane
On Thu, Oct 27, 2005 at 10:13:22AM +0200, Shane Kerr wrote:
Date Total queries -B queries Total IP's -B IP's 2005-10-23 2139305 58973 2.8% 45069 1143 2.5% 2005-10-24 2237340 72880 3.3% 51970 1346 2.6% 2005-10-25 2569724 170948 6.7% 49852 1521 3.1% 2005-10-26 2562303 98482 3.8% 52478 1526 2.9%
Huge jump there last tuesday, is this 'normal' or simply somebody running doing massive updates who needed the original objects ? But overall, I do think the actual result is good, haven't seen any complaints coming in to the wrong (my personal) mailbox since the output changed. MarcoH
Marco Hogewoning wrote:
On Thu, Oct 27, 2005 at 10:13:22AM +0200, Shane Kerr wrote:
Date Total queries -B queries Total IP's -B IP's 2005-10-23 2139305 58973 2.8% 45069 1143 2.5% 2005-10-24 2237340 72880 3.3% 51970 1346 2.6% 2005-10-25 2569724 170948 6.7% 49852 1521 3.1% 2005-10-26 2562303 98482 3.8% 52478 1526 2.9%
Huge jump there last tuesday, is this 'normal' or simply somebody running doing massive updates who needed the original objects ?
But overall, I do think the actual result is good, haven't seen any complaints coming in to the wrong (my personal) mailbox since the output changed.
MarcoH
Same here, it was very effective indeed, but I think the -B alert in the answers could be removed by now? Wilfried.
participants (9)
-
Andre Koopal
-
Daniel Roesen
-
Denis Walker
-
Hank Nussbacher
-
Marco Hogewoning
-
md@Linux.IT
-
Philippe Bourcier
-
Shane Kerr
-
Wilfried Woeber, UniVie/ACOnet