Prefix WhoIs

Last updated
This example Prefix WhoIs query shows various information about an IP address including its network origin and registrar details Prefix whois screenshot.png
This example Prefix WhoIs query shows various information about an IP address including its network origin and registrar details

Prefix WhoIs is an open source project that develops and operates a free whois-compatible framework for stockpiling and querying various routing and registry information. Prefix WhoIs uses global BGP routing data learned from many ISP backbone routers. Other information sources are also supported, such as imported data from every regional Internet registry (AFRINIC, APNIC, ARIN, LACNIC, and RIPE) and geocoding information.

Contents

The project has been mentioned in a number of popular network security and network engineering books [1] and articles. [2]

Public Prefix WhoIs Service

Many public servers around the world operate mirrors of Prefix WhoIs, making the information generally available worldwide. The service may be used with any client using the standard whois protocol. The DNS address whois.pwhois.org resolves to the Prefix WhoIs server nearest to the client based on anycast DNS.

Client Software

Several client software packages are available from both Prefix WhoIs itself and from commercial vendors. These include free, open source utilities such as WhoB and Layer Four Traceroute.

Server Software

Software Development Libraries

The Prefix WhoIs project distributes C and PHP libraries for direct access to Prefix WhoIs servers. A HTTP simpleQuery interface is also available.

Software licensing

The software is made available under a custom license. [3]

Sources

  1. Extreme Exploits: Advanced Defenses Against Hardcore Hacks (2005) by McGraw-Hill ISBN   0-07-225955-8
  2. SecurityFocus article
  3. "The Prefix WhoIs Project - Public License".

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

<span class="mw-page-title-main">IPv6</span> Version 6 of the Internet Protocol

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and was intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.

<span class="mw-page-title-main">APNIC</span> Regional Internet registry for the Asia Pacific region

APNIC is the regional Internet address registry (RIR) for the Asia–Pacific region. It is one of the world's five RIRs and is part of the Number Resource Organization (NRO).

Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information.

<span class="mw-page-title-main">Bonjour (software)</span> Computer networking technology

Bonjour is Apple's implementation of zero-configuration networking (zeroconf), a group of technologies that includes service discovery, address assignment, and hostname resolution. Bonjour locates devices such as printers, other computers, and the services that those devices offer on a local network using multicast Domain Name System (mDNS) service records.

Zero-configuration networking (zeroconf) is a set of technologies that automatically creates a usable computer network based on the Internet Protocol Suite (TCP/IP) when computers or network peripherals are interconnected. It does not require manual operator intervention or special configuration servers. Without zeroconf, a network administrator must set up network services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer's network settings manually.

In computing, a directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a network operating system. A directory server or name server is a server which provides such a service. Each resource on the network is considered an object by the directory server. Information about a particular resource is stored as a collection of attributes associated with that resource or object.

The Domain Name System Security Extensions (DNSSEC) is a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

A domain name registrar is a company, person, or office that manages the reservation of Internet domain names.

nslookup Utility to query the Domain Name System

nslookup is a network administration command-line tool for querying the Domain Name System (DNS) to obtain the mapping between domain name and IP address, or other DNS records.

This article presents a comparison of the features, platform support, and packaging of many independent implementations of Domain Name System (DNS) name server software.

WHOIS is a query and response protocol that is used for querying databases that store an Internet resource's registered users or assignees. These resources include domain names, IP address blocks and autonomous systems, but it is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The current iteration of the WHOIS protocol was drafted by the Internet Society, and is documented in RFC 3912.

dig (command) Network administration command-line tool

dig is a network administration command-line tool for querying the Domain Name System (DNS).

DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

The Handle System is a proprietary registry assigning persistent identifiers, or handles, to information resources, and for resolving "those handles into the information necessary to locate, access, and otherwise make use of the resources". As with handles used elsewhere in computing, Handle System handles are opaque, and encode no information about the underlying resource, being bound only to metadata regarding the resource. Consequently, the handles are not rendered invalid by changes to the metadata.

<span class="mw-page-title-main">IPv6 address</span> Label to identify a network interface of a computer or other network node

An Internet Protocol version 6 address is a numeric label that is used to identify and locate a network interface of a computer or a network node participating in a computer network using IPv6. IP addresses are included in the packet header to indicate the source and the destination of each packet. The IP address of the destination is used to make decisions about routing IP packets to other networks.

Google Public DNS is a Domain Name System (DNS) service offered to Internet users worldwide by Google. It functions as a recursive name server. Google Public DNS was announced on December 3, 2009, in an effort described as "making the web faster and more secure." As of 2018, it is the largest public DNS service in the world, handling over a trillion queries per day. Google Public DNS is not related to Google Cloud DNS, which is a DNS hosting service.

<span class="mw-page-title-main">Response policy zone</span> Internet firewall mechanism for DNS

A response policy zone (RPZ) is a mechanism to introduce a customized policy in Domain Name System servers, so that recursive resolvers return possibly modified results. By modifying a result, access to the corresponding host can be blocked.

The WHOIS++ protocol is a distributed directory system, originally designed to provide a "white pages" search mechanism to find humans, but which could actually be used for arbitrary information retrieval tasks. It was developed in the early 1990s by BUNYIP Information Systems and is documented in the IETF.

DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver. By March 2018, Google and the Mozilla Foundation had started testing versions of DNS over HTTPS. In February 2020, Firefox switched to DNS over HTTPS by default for users in the United States. In May 2020, Chrome switched to DNS over HTTPS by default.