Hacker News new | comments | ask | show | jobs | submit login
Just type `whois Microsoft.com` in your shell
58 points by janjongboom on Aug 13, 2013 | hide | past | web | favorite | 23 comments
That's some interesting data...



  Whois Server Version 2.0
  
  Domain names in the .com and .net domains can now be registered
  with many different competing registrars. Go to http://www.internic.net
  for detailed information.
  
  MICROSOFT.COM.ZZZZZZZZZZZZZZZZZZZZZZ.IS.A.GREAT.COMPANY.ITREBAL.COM
  MICROSOFT.COM.ZZZZZZZZZZZZZZZZZZZ.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM
  MICROSOFT.COM.ZZZZZZZZZZZZZZZZZZ.IM.ELITE.WANNABE.TOO.WWW.PLUS613.NET
  MICROSOFT.COM.ZZZZZZ.MORE.DETAILS.AT.WWW.BEYONDWHOIS.COM
  MICROSOFT.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
  MICROSOFT.COM.ZZZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
  MICROSOFT.COM.ZZZ.IS.0WNED.AND.HAX0RED.BY.SUB7.NET
  MICROSOFT.COM.WILL.BE.SLAPPED.IN.THE.FACE.BY.MY.BLUE.VEINED.SPANNER.NET
  MICROSOFT.COM.WILL.BE.BEATEN.WITH.MY.SPANNER.NET
  MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM
  MICROSOFT.COM.THIS.IS.A.TEST.INETLIBRARY.NET
  MICROSOFT.COM.SOFTWARE.IS.NOT.USED.AT.REG.RU
  MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM
  MICROSOFT.COM.RAWKZ.MUH.WERLD.MENTALFLOSS.CA
  MICROSOFT.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
  MICROSOFT.COM.MATCHES.THIS.STRING.AT.KEYSIGNERS.COM
  MICROSOFT.COM.MAKES.RICKARD.DRINK.SAMBUCA.0800CARRENTAL.COM
  MICROSOFT.COM.LOVES.ME.KOSMAL.NET
  MICROSOFT.COM.LIVES.AT.SHAUNEWING.COM
  MICROSOFT.COM.KNOWS.THAT.THE.BEST.WEB.HOSTING.IS.NASHHOST.NET
  MICROSOFT.COM.IS.POWERED.BY.MIKROTIKA.V.OBSHTEJITIETO.OT.IBEKYAROV.UNIX-BG.COM
  MICROSOFT.COM.IS.NOT.YEPPA.ORG
  MICROSOFT.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
  MICROSOFT.COM.IS.IN.BED.WITH.CURTYV.COM
  MICROSOFT.COM.IS.HOSTED.ON.PROFITHOSTING.NET
  MICROSOFT.COM.IS.A.STEAMING.HEAP.OF.FUCKING-BULLSHIT.NET
  MICROSOFT.COM.IS.A.MESS.TIMPORTER.CO.UK
  MICROSOFT.COM.HAS.A.PRESENT.COMING.FROM.HUGHESMISSILES.COM
  MICROSOFT.COM.FILLS.ME.WITH.BELLIGERENCE.NET
  MICROSOFT.COM.CAN.GO.FUCK.ITSELF.AT.SECZY.COM
  MICROSOFT.COM.ARE.GODDAMN.PIGFUCKERS.NET.NS-NOT-IN-SERVICE.COM
  MICROSOFT.COM
  
  To single out one record, look it up with "xxx", where xxx is one of the
  of the records displayed above. If the records are the same, look them up
  with "=xxx" to receive a full display for each record.


Weird... MICROSOFT.COM.IS.A.STEAMING.HEAP.OF.FUCKING-BULLSHIT.NET, A.STEAMING.HEAP.OF.FUCKING-BULLSHIT.NET won't resolve. The rest of it does fine.. com.a.steaming.heap.of.fucking-bullshit.net included.

How is it jumping from steaming. to com.a.steaming. ??


This is because under the Verisign GRS, name servers for second level domains also get entries created. So, you can create a Whois entry for an arbitrarily named server, like ycombinator.com.paulgraham.have.mychildren.com, and it will show up.

I haven't been involved in Whois and tld stuff in a while, but back in the day, these host Whois records were allowed because the gtld servers needed glue for domain names - after all, if your domain name is ycombinator.com and your name server is ns1.ycombinator.com, how can a resolver recurse to find that, unless te gtld servers also have an A record for that label/object?

So, you could just go create arbitrary A records at the gtld level, which would cause a corresponding Whois entry to be created. Hilarity for all involved.


Interesting. Can someone explain what is happening here?


I believe that whois does a wildcard search for all domains known to start with microsoft.com, and some funny people registered subdomains under their own domains that start with microsoft.com. But maybe I'm wrong :-)


OK. Next question - why does the verisign whois server know about arbitarily nested subdomains, instead of only top-level registrations?


Take a look at my response upthread - basically, they're not sub domains, they're arbitrarily registered name server entries to provide glue to other lookups. The Whois record is just the side effect


Correct, you can do an exact match using whois 'domain microsoft.com'


Ah yes, same applies to facebook.com and many others.


These are glue records. If a nameserver is under the domain name he is authoritative for, it has to be declared to the registry with its IP address as to avoid circular dependency, ie:

* Q: What is the nameserver for bleh.blih ? * A: ns.bleh.blih * Q: Thank you fine sir. What is the ip for ns.bleh.blih ? * A: Ask nameserver of bleh.blih. * Q: But I just...

And so on. Such declared hostname/ip nameservers are called glue records.

Whois databases search glue records too (and only return a limited number), and this is what you see here.


If you just want microsoft's whois, do this

whois microsoft.com.

The . at the end tells the whois server, relative to root, no wildcard matching.


    % whois microsoft.com.
    No whois server is known for this kind of object.


    whois 'domain microsoft.com'


Depends on the software you're using. Try:

    % whois \=microsoft.com


Alternatively telnet whois.verisign-grs.com 43, then type microsoft.com[enter].

If you want a wildcard match, simply do =microsoft.com[enter].

You get similar results for google.com too :)


IBM's is quite funny too:

IBM.COM.X.SERIES.SERVER.SUCKS.A.LOT.BAOZUITUN.NET IBM.COM.IS.TOLL.JUKE-CLUB.COM IBM.COM.DO.NOT.BUY.IBM.SERVERS.IT.WILL.REBOOT.A.LOT.BAOZUITUN.NET IBM.COM.CN IBM.COM


  APPLE.COM.ZON.COM
  APPLE.COM.WWW.ZON.COM
  APPLE.COM.WWW.BEYONDWHOIS.COM
  APPLE.COM.WAS.PWNED.BY.M1CROSOFT.COM
  APPLE.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
  APPLE.COM.IS.OWN3D.BY.NAKEDJER.COM
  APPLE.COM.IS.0WN3D.BY.GULLI.COM
  APPLE.COM.DENIS.DA.DOIDE.DA.PIEM.UNIX-BG.COM
  APPLE.COM.BEYONDWHOIS.COM
  APPLE.COM.AT.WWW.BEYONDWHOIS.COM
  APPLE.COM
A lot more sane on the Apple front so far.


Similar stuff can be seen with google.com, apple.com, Facebook.com and no doubt a bunch more of large sites.


welcome to 1995.


In high school I had friends convinced I'd hacked Microsoft using this trick when they saw my IRC handle on a whois.


Now try `whois google.com` :)


^this


whois: connect(): Network is unreachable

- Maybe because I'm in office?




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: