whoisコマンドでdns spamの結果を拾わないようにする

memo

whoisコマンドが正しい情報を返してくれないで、ノイズのある結果が得られるなと思って調べたら、
ただしくwhoisを理解していないだけでした。

1
whois help

でわかる話ではありますが、whois spamの話です。

whois helpでみると

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
whois help

...
<KEYWORD overview>

WHOIS keywords fall into categories: those that specify the TYPE of
records to search, those that modify the interpretation of the input or
tell the type of output to produce, and those that are commands such as
HELP or QUIT.

The following keywords restrict a search to a certain TYPE of field in the
database:

    domain
        Finds a domain record. Find out domain name, registrar name,
        whois server and URL, Nameserver name and IP Addresses, and updated
        date.  For example, "domain netsol.com".

    nameserver
        Finds nameserver records. Find out nameserver name, registrar name,
        IP addresses, Whois Server name and URL.  For example,
        'nameserver DNS.SPRINTLINK.COM' or 'nameserver 101.198.1.101'.

    registrar
        Finds records for "registrar". Find out Registrar name, mail
        address, phone number and contact information. For example,
        'registrar Network Solutions, Inc.'

...

とあるように whois domain でコマンドを実行すると、取得できるドメイン名、レジストラ名、ネームサーバーなどの文字列からドメイン名を検索する。

ということで意図しない結果を返すことがある。

たとえば、 google.com の場合

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
whois google.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

GOOGLE.COM.ACKNOWLEDGES.NON-FREE.COM.NAMESILO.COM
GOOGLE.COM.AFRICANBATS.ORG
GOOGLE.COM.ANGRYPIRATES.COM
GOOGLE.COM.AR
GOOGLE.COM.AU
GOOGLE.COM.BAISAD.COM
GOOGLE.COM.BD
GOOGLE.COM.BEYONDWHOIS.COM
GOOGLE.COM.BR
GOOGLE.COM.BUGBOUNTY.TEST.AT.CIPRI.COM
GOOGLE.COM.CN
GOOGLE.COM.CO
GOOGLE.COM.DEADKNIFERECORDS.COM
GOOGLE.COM.DGJTEST028-PP-QM-STG.COM
GOOGLE.COM.DO
GOOGLE.COM.EG
GOOGLE.COM.FORSALE
GOOGLE.COM.HACKED.BY.JAPTRON.ES
GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM
GOOGLE.COM.HK
GOOGLE.COM.HOUDA.DO.YOU.WANT.TO.MARRY.ME.JEN.RE
GOOGLE.COM.IS.APPROVED.BY.NUMEA.COM
GOOGLE.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
GOOGLE.COM.LASERPIPE.COM.DOMAINPENDINGDELETE.COM
GOOGLE.COM.LOLOLOLOLOL.SHTHEAD.COM
GOOGLE.COM.MAIKO.BE
GOOGLE.COM.MX
GOOGLE.COM.MY
GOOGLE.COM.NS1.CHALESHGAR.COM
GOOGLE.COM.NS2.CHALESHGAR.COM
GOOGLE.COM.PE
GOOGLE.COM.PK
GOOGLE.COM.SA
GOOGLE.COM.SG
GOOGLE.COM.SHQIPERIA.COM
GOOGLE.COM.SOUTHBEACHNEEDLEARTISTRY.COM
GOOGLE.COM.SPAMMING.IS.UNETHICAL.PLEASE.STOP.THEM.HUAXUEERBAN.COM
GOOGLE.COM.SPROSIUYANDEKSA.RU
GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
GOOGLE.COM.TESTZZZZ.3000-RI.COM.DELETE-DNS.COM
GOOGLE.COM.TR
GOOGLE.COM.TW
GOOGLE.COM.UA
GOOGLE.COM.UK
GOOGLE.COM.UY
GOOGLE.COM.VABDAYOFF.COM
GOOGLE.COM.VN
GOOGLE.COM.YUCEHOCA.COM
GOOGLE.COM.ZNAET.PRODOMEN.COM
GOOGLE.COM

...

と全く見当違いのホストも帰ってくる。
ということで、helpにあるようにキーワードでクエリを絞り込む必要があるらしい。

ドメインのレコードだけを検索する場合は

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
whois 'domain google.com'

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: GOOGLE.COM
   Registrar: MARKMONITOR INC.
   Sponsoring Registrar IANA ID: 292
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
   Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
   Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
   Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
   Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
   Updated Date: 20-jul-2011
   Creation Date: 15-sep-1997
   Expiration Date: 14-sep-2020

>>> Last update of whois database: 2017-07-23T02:10:56Z <<<
...

と意図した結果を取得できる。

フィールドは domain, nameserver, registrarで絞り込むことができる。

ちなみに、google.comで全てのフィールドを検索した際に返される結果はshortタイプのため詳細を出したいのであれば = をつけるといい。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
whois =google.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Server Name: GOOGLE.COM.ACKNOWLEDGES.NON-FREE.COM.NAMESILO.COM
   IP Address: 1.1.1.1
   Registrar: NAMESILO, LLC
   Whois Server: whois.namesilo.com
   Referral URL: http://www.namesilo.com


   Server Name: GOOGLE.COM.AFRICANBATS.ORG
   Registrar: TUCOWS DOMAINS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://www.tucowsdomains.com


   Server Name: GOOGLE.COM.ANGRYPIRATES.COM
   IP Address: 8.8.8.8
   Registrar: NAME.COM, INC.
   Whois Server: whois.name.com
   Referral URL: http://www.name.com


   Server Name: GOOGLE.COM.AR
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com


   Server Name: GOOGLE.COM.AU
   Registrar: PLANETDOMAIN PTY LTD.
   Whois Server: whois.planetdomain.com
   Referral URL: http://www.planetdomain.com


   Server Name: GOOGLE.COM.BAISAD.COM
   IP Address: 91.218.229.20
   IP Address: 92.53.96.24
   Registrar: REGISTRAR OF DOMAIN NAMES REG.RU LLC
   Whois Server: whois.reg.com
   Referral URL: http://www.reg.ru


   Server Name: GOOGLE.COM.BD
   Registrar: LIQUIDNET LTD.
   Whois Server: whois.liquidnetlimited.com
   Referral URL: http://www.liquidnetlimited.com


   Server Name: GOOGLE.COM.BEYONDWHOIS.COM
   IP Address: 203.36.226.2
   Registrar: INSTRA CORPORATION PTY, LTD.
   Whois Server: whois.instra.net
   Referral URL: http://www.instra.com


   Server Name: GOOGLE.COM.BR
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com


   Server Name: GOOGLE.COM.BUGBOUNTY.TEST.AT.CIPRI.COM
   IP Address: 8.8.4.4
   IP Address: 8.8.8.8
   IP Address: 80.69.82.4
   Registrar: KEY-SYSTEMS GMBH
   Whois Server: whois.rrpproxy.net
   Referral URL: http://www.key-systems.net


   Server Name: GOOGLE.COM.CN
   Registrar: XIN NET TECHNOLOGY CORPORATION
   Whois Server: whois.paycenter.com.cn
   Referral URL: http://www.xinnet.com


   Server Name: GOOGLE.COM.CO
   Registrar: NAMESECURE.COM
   Whois Server: whois.namesecure.com
   Referral URL: http://www.namesecure.com


   Server Name: GOOGLE.COM.DEADKNIFERECORDS.COM
   IP Address: 216.58.208.132
   IP Address: 172.217.21.206
   IP Address: 2A00:1450:4001:818:0:0:0:200E
   IP Address: 2A00:1450:4009:803:0:0:0:2004
   Registrar: GOOGLE INC.
   Whois Server: whois.google.com
   Referral URL: http://domains.google.com


   Server Name: GOOGLE.COM.DGJTEST028-PP-QM-STG.COM
   IP Address: 8.8.8.8
   Registrar: JAPAN REGISTRY SERVICES CO., LTD.
   Whois Server: whois2016.jprs.jp
   Referral URL: http://jprs.jp/registrar/


   Server Name: GOOGLE.COM.DO
   Registrar: GODADDY.COM, LLC
   Whois Server: whois.godaddy.com
   Referral URL: http://www.godaddy.com


   Server Name: GOOGLE.COM.EG
   Registrar: GODADDY.COM, LLC
   Whois Server: whois.godaddy.com
   Referral URL: http://www.godaddy.com


   Server Name: GOOGLE.COM.FORSALE
   Registrar: NAMESILO, LLC
   Whois Server: whois.namesilo.com
   Referral URL: http://www.namesilo.com


   Server Name: GOOGLE.COM.HACKED.BY.JAPTRON.ES
   Registrar: GODADDY.COM, LLC
   Whois Server: whois.godaddy.com
   Referral URL: http://www.godaddy.com


   Server Name: GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM
   IP Address: 209.187.114.130
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com


   Server Name: GOOGLE.COM.HK
   Registrar: UK-2 LIMITED
   Whois Server: whois.hostingservicesinc.net
   Referral URL: http://www.uk2group.com/


   Server Name: GOOGLE.COM.HOUDA.DO.YOU.WANT.TO.MARRY.ME.JEN.RE
   Registrar: OVH
   Whois Server: whois.ovh.com
   Referral URL: http://www.ovh.com


   Server Name: GOOGLE.COM.IS.APPROVED.BY.NUMEA.COM
   IP Address: 213.228.0.43
   Registrar: GANDI SAS
   Whois Server: whois.gandi.net
   Referral URL: http://www.gandi.net


   Server Name: GOOGLE.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
   IP Address: 217.148.161.5
   Registrar: HOSTING CONCEPTS B.V. D/B/A OPENPROVIDER
   Whois Server: whois.registrar.eu
   Referral URL: http://www.openprovider.com


   Server Name: GOOGLE.COM.LASERPIPE.COM.DOMAINPENDINGDELETE.COM
   IP Address: 209.85.227.106
   Registrar: REALTIME REGISTER BV
   Whois Server: whois.yoursrs.com
   Referral URL: http://www.realtimeregister.com


   Server Name: GOOGLE.COM.LOLOLOLOLOL.SHTHEAD.COM
   IP Address: 123.123.123.123
   Registrar: CRAZY DOMAINS FZ-LLC
   Whois Server: whois.crazydomains.com
   Referral URL: http://www.crazydomains.com


   Server Name: GOOGLE.COM.MAIKO.BE
   Registrar: OVH
   Whois Server: whois.ovh.com
   Referral URL: http://www.ovh.com


   Server Name: GOOGLE.COM.MX
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.MY
   Registrar: WILD WEST DOMAINS, LLC
   Whois Server: whois.wildwestdomains.com
   Referral URL: http://www.wildwestdomains.com


   Server Name: GOOGLE.COM.NS1.CHALESHGAR.COM
   IP Address: 8.8.8.8
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com


   Server Name: GOOGLE.COM.NS2.CHALESHGAR.COM
   IP Address: 8.8.8.8
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com


   Server Name: GOOGLE.COM.PE
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.PK
   Registrar: BIGROCK SOLUTIONS LIMITED
   Whois Server: Whois.bigrock.com
   Referral URL: http://www.bigrock.com


   Server Name: GOOGLE.COM.SA
   Registrar: OMNIS NETWORK, LLC
   Whois Server: whois.omnis.com
   Referral URL: http://www.omnis.com


   Server Name: GOOGLE.COM.SG
   Registrar: GODADDY.COM, LLC
   Whois Server: whois.godaddy.com
   Referral URL: http://www.godaddy.com


   Server Name: GOOGLE.COM.SHQIPERIA.COM
   IP Address: 70.84.145.107
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com


   Server Name: GOOGLE.COM.SOUTHBEACHNEEDLEARTISTRY.COM
   IP Address: 74.125.229.52
   Registrar: GODADDY.COM, LLC
   Whois Server: whois.godaddy.com
   Referral URL: http://www.godaddy.com


   Server Name: GOOGLE.COM.SPAMMING.IS.UNETHICAL.PLEASE.STOP.THEM.HUAXUEERBAN.COM
   IP Address: 211.64.175.67
   IP Address: 211.64.175.66
   Registrar: GOOGLE INC.
   Whois Server: whois.google.com
   Referral URL: http://domains.google.com


   Server Name: GOOGLE.COM.SPROSIUYANDEKSA.RU
   Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
   Whois Server: whois.melbourneit.com
   Referral URL: http://www.melbourneit.com.au


   Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
   IP Address: 80.190.192.24
   Registrar: COREHUB, S.R.L.
   Whois Server: whois.corehub.net
   Referral URL: http://corehub.net


   Server Name: GOOGLE.COM.TESTZZZZ.3000-RI.COM.DELETE-DNS.COM
   IP Address: 8.8.8.8
   Registrar: MEGAZONE CORP. DBA HOSTING.KR
   Whois Server: whois.hosting.kr
   Referral URL: http://HOSTING.KR


   Server Name: GOOGLE.COM.TR
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.TW
   Registrar: WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC
   Whois Server: whois.webnic.cc
   Referral URL: http://www.webnic.cc


   Server Name: GOOGLE.COM.UA
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.UK
   Registrar: 123-REG LIMITED
   Whois Server: whois.123-reg.co.uk
   Referral URL: http://www.meshdigital.com


   Server Name: GOOGLE.COM.UY
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.VABDAYOFF.COM
   IP Address: 8.8.8.8
   Registrar: DOMAIN.COM, LLC
   Whois Server: whois.domain.com
   Referral URL: http://www.domain.com


   Server Name: GOOGLE.COM.VN
   Registrar: ONLINENIC, INC.
   Whois Server: whois.onlinenic.com
   Referral URL: http://www.onlinenic.com


   Server Name: GOOGLE.COM.YUCEHOCA.COM
   IP Address: 88.246.115.134
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.ZNAET.PRODOMEN.COM
   IP Address: 62.149.23.126
   Registrar: GODADDY.COM, LLC
   Whois Server: whois.godaddy.com
   Referral URL: http://www.godaddy.com


   Domain Name: GOOGLE.COM
   Registrar: MARKMONITOR INC.
   Sponsoring Registrar IANA ID: 292
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
   Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
   Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
   Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
   Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
   Updated Date: 20-jul-2011
   Creation Date: 15-sep-1997
   Expiration Date: 14-sep-2020

>>> Last update of whois database: 2017-07-23T02:12:11Z <<<
...

検索クエリを絞り込まないでwhosiコマンドを実施しすることで意図しないホストが得られるのはwhois spam(dns spam) というらしい。

ということで、自前のツールもここに対応してspam結果を拾わないようにした。

参考にしたページ

インターネット10分講座:WHOIS

Comments