

What's with all the spam on whois? - mtimjones

I was recently working on an article on network reconnaissance, and ran across this on Microsoft&#x27;s whois.  When did whois become spamworthy?<p># whois microsoft.com<p>Whois Server Version 2.0<p>Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http:&#x2F;&#x2F;www.internic.net for detailed information.<p><pre><code>   Server Name: MICROSOFT.COM.ZZZZZZZZZZZZZZZZZZZ.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM
   IP Address: 209.126.190.70
   Registrar: PDR LTD. D&#x2F;B&#x2F;A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http:&#x2F;&#x2F;www.PublicDomainRegistry.com

   Server Name: MICROSOFT.COM.ZZZ.IS.0WNED.AND.HAX0RED.BY.SUB7.NET
   IP Address: 207.44.240.96
   Registrar: TUCOWS DOMAINS INC.
   Whois Server: whois.tucows.com
   Referral URL: http:&#x2F;&#x2F;domainhelp.opensrs.net

   Server Name: MICROSOFT.COM.WILL.BE.SLAPPED.IN.THE.FACE.BY.MY.BLUE.VEINED.SPANNER.NET
   IP Address: 216.127.80.46
   Registrar: ASCIO TECHNOLOGIES, INC.
   Whois Server: whois.ascio.com
   Referral URL: http:&#x2F;&#x2F;www.ascio.com

   Server Name: MICROSOFT.COM.IS.A.STEAMING.HEAP.OF.FUCKING-BULLSHIT.NET
   IP Address: 63.99.165.11
   Registrar: 1 &amp; 1 INTERNET AG
   Whois Server: whois.schlund.info
   Referral URL: http:&#x2F;&#x2F;1and1.com&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;</code></pre>
======
Thereasione
There was similar thread on HN:
[https://news.ycombinator.com/item?id=6204867](https://news.ycombinator.com/item?id=6204867)

>This is because under the Verisign GRS, name servers for second level domains
also get entries created. So, you can create a Whois entry for an arbitrarily
named server, like ycombinator.com.paulgraham.have.mychildren.com, and it will
show up. I haven't been involved in Whois and tld stuff in a while, but back
in the day, these host Whois records were allowed because the gtld servers
needed glue for domain names - after all, if your domain name is
ycombinator.com and your name server is ns1.ycombinator.com, how can a
resolver recurse to find that, unless te gtld servers also have an A record
for that label/object? So, you could just go create arbitrary A records at the
gtld level, which would cause a corresponding Whois entry to be created.
Hilarity for all involved.

~~~
mtimjones
Thanks for the detailed response. Good stuff.

