Very Computer

Internic Whois displays records from previous updates occasionally...this is
bizarre...and I even cleared the cache and tried different domains that I'd
never pulled up before. And when I press reload it sometimes display the
current record and sometimes the old record. Anyone else experience this??

Here's an example of what I mean:
(and yes I tried other domains too with similar results)

Registrant:
Hi-Q Products Inc. (YOT-DOM)
   506 North Garfield Avenue
   Alhambra, CA 91801
   US
   Domain Name: YOT.COM

   Administrative Contact:

      818-308-4400 (FAX) 818-308-4407
   Technical Contact, Zone Contact:

      817/332-5661
   Billing Contact:

      818-308-4400 (FAX) 818-308-4407

   Record last updated on 24-Dec-98.
   Record created on 01-Jan-97.
   Database last updated on 1-Jan-99 03:27:16 EST.

   Domain servers in listed order:

   NS.SPINDLE.NET               204.251.22.1
   NS1.NKN.NET                  204.0.159.30

The InterNIC Registration Services database contains ONLY
non-military and non-US Government Domains and contacts.
Other associated whois servers:
   American Registry for Internet Numbers - whois.arin.net
   European IP Address Allocations        - whois.ripe.net
   Asia Pacific IP Address Allocations    - whois.apnic.net
   US Military                            - whois.nic.mil
   US Government                          - whois.nic.gov

Press reload and the current database record is shown:

Registrant:
Hi-Q Products Inc. (YOT-DOM)
   506 North Garfield Avenue
   Alhambra, CA 91801
   US

   Domain Name: YOT.COM

   Administrative Contact:

      818-308-4400 (FAX) 818-308-4407
   Technical Contact, Zone Contact:

      817/332-5661
   Billing Contact:

      818-308-4400 (FAX) 818-308-4407

   Record last updated on 24-Dec-98.
   Record created on 01-Jan-97.
   Database last updated on 3-Jan-99 17:57:14 EST.

   Domain servers in listed order:

   NS.SPINDLE.NET               204.251.22.1
   NS1.NKN.NET                  204.0.159.30

The InterNIC Registration Services database contains ONLY
non-military and non-US Government Domains and contacts.
Other associated whois servers:
   American Registry for Internet Numbers - whois.arin.net
   European IP Address Allocations        - whois.ripe.net
   Asia Pacific IP Address Allocations    - whois.apnic.net
   US Military                            - whois.nic.mil
   US Government                          - whois.nic.gov

Press reload again and guess what comes up...the OLD RECORD!!!

I also notice the Whois updates the last two days have been quite late in the
day. Is there something wrong with Internic???

Ron Bennett

I believe whois.internic.net is actually multiple machines.  It used to
resolve to 4-5 addresses, depending on round-robin DNS for load balancing.
Now it resolves to a single address, so I suspect they're using something
like a LocalDirector to share the load.  So I suspect the differences
you're seeing may be due to the servers getting out of sync.

--

GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Don't bother cc'ing followups to me.

And yes accuracy does matter...imagine if a record changed status and the
owner didn't realize it due to old database information being displayed...umm?

Lastly, the server load problems of last week and this weeks database sync
problems may be a sign that Internic either upgrading equipment (and getting
the bugs out) or more frightening they're experiencing major problems with
their systems...frightening considering how dependent people are on domain
names.

Ron Bennett

says...

  WHOIS isn't really vital as a real-time service (unless it's being abused,
as in the above example). The root servers (most of which are still volun-
teer-based) are far more important, and they appear to be in good shape.

        Terry Kennedy             Operations Manager, Academic Computing

        +1 201 915 9381 (voice)   +1 201 435-3662 (FAX)

I sent off a (client's) registration request to the Internic yesterday
afternoon, and it took 3 hrs to get an acknowledgement E-mail and no
confirmation as of 9am this morning. this is way slower than a few
months ago when I got both within minutes.  (IIRC, I actually got a
confirmation on the request before I got the E-mail acknowledgement !)

This should be interesting, because for the registration request filed
yesterday, I can still bring up both the Jan 4 record for the domain
being on hold, and the undated response that there's "no match"
indicating the domain being up for grabs.

To use an old restaurant expression, I'm beginning to think the
Internic is..... "In the Weeds".

----------  
"I hate quotations"- Ralph Waldo Emerson

Quote:> Well, I'm sure you're right about the servers being out of sync. but
> it's getting worse not better.  As of 9am Eastern this Jan 6, I'm
> getting responses with Jan 4th,  5th, and  6th as the update time+date
> stamp.  

-mark

--
|||| mark jeftovic    (MJ177)   ====  http://www.shmooze.net/~markjr     ||||
|||| easyDNS Technologies Inc.  ====  http://www.easyDNS.com             ||||
------------------------------------------------------------------------------
 dns hosting / domain registrations / web forwarding / mail forwarding / etc
------------------------------------------------------------------------------

The internic whois is indeed acting strange.

I registered a domain on 1/07/99 and received
email confirmation from internic that the request
had been completed on 1/08/99

The whois record for the domain appeared in
the whois database after the whois database was
updated on 1/08/99 at 5:02am EST

But there was no billing contact listed!

And when a whois was done on the domain,
sometimes the record would appear and
sometimes it would say "No Match".

Not good.

Upon this mornings whois database update
at  9-Jan-99 04:29:47 EST, the billing contact
appeared on the record.

But currently, if you whois the domain, sometimes
the record appears and sometimes it says, "No Match"

Still not good...

This issue needs to be addressed. It would be very
easy to lose a domain that you previously registered.

The whois servers are not hold up well to attack by
clods mining the database.

Quote:

>The internic whois is indeed acting strange.

>I registered a domain on 1/07/99 and received
>email confirmation from internic that the request
>had been completed on 1/08/99

>The whois record for the domain appeared in
>the whois database after the whois database was
>updated on 1/08/99 at 5:02am EST

>But there was no billing contact listed!

>And when a whois was done on the domain,
>sometimes the record would appear and
>sometimes it would say "No Match".

Who are these clods mining the database?  What do they hope
to gain?  What are they doing, just alphabetically scanning
through domain-name space?

Tim.

Quote:

> Who are these clods mining the database?

Quote:> What do they hope to gain?

Hackers/crackers are looking for UNIX systems to hack.  Since UNIX is
still pre* as the DNS server of choice, where else in the world can
you find a database full of systems just waiting to be probed?  Since
mid-November, our InterNIC-registered primary and secondary DNS servers
have been probed daily for various known security bugs, while our main
mail/web/news servers haven't been touched.  Most of the time, the source
is a root-compromised UNIX system, itself being hacked in the plague of
attacks.  I posted a warning here about a month ago, and will reiterate it
again.  If your DNS servers are not blocking every well-known port with
tcp_wrappers, you are asking for trouble.  In addition, if your system is
running a web server (that you might not even know it is), there are real
bugs in various /cgi-bin programs that can give anyone with a web browser
root access on your system just by asking for a web page.  Clamp down now,
or be waiting for the e-mail to come pouring in from other sites letting
you know you've been compromised.

Quote:> What are they doing, just alphabetically scanning through domain-name space?