whois failing

floyd

Verified User
Joined
Mar 29, 2005
Messages
6,171
I am running CentOS. When I do a whois lookup from the command line it fails to even look up the ip address of the whois server.

Code:
[root@router ~]# whois google.com
[Querying whois.verisign-grs.com]
[Unable to connect to remote host]
But if I add the ip address to the /etc/hosts file for whois.verisign-grs.com the whois will work just fine.

So I think whois is not able to do dns lookups. What would prevent whois from doing dns lookups?

Other tools work just fine such as ping, traceroute, dig, and host. Why do these work and whois fails?


Thanks.
 
Maybe it can't connect because of a firewall? I believe port 43 is being used for whois queries.

edit: nvm didn't read the /etc/hosts part.
 
Code:
[root@router ~]# whois google.com
[Querying whois.verisign-grs.com]
[Unable to connect to remote host]

[root@router ~]# dig whois.verisign-grs.com

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 <<>> whois.verisign-grs.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16810
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;whois.verisign-grs.com.                IN      A

;; ANSWER SECTION:
whois.verisign-grs.com. 1       IN      A       199.7.48.74

;; Query time: 48 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jun 13 08:43:01 2012
;; MSG SIZE  rcvd: 56

[root@router ~]# echo "199.7.48.74 whois.verisign-grs.com" >> /etc/hosts

[root@router ~]# whois google.com
[Querying whois.verisign-grs.com]
[Redirected to whois.markmonitor.com]
[Querying whois.markmonitor.com]
[whois.markmonitor.com]

MarkMonitor is the Global Leader in Online Brand Protection.

Domain Management ...........
 
This is what I receive:


[root@server ~]# whois google.com
[Querying whois.verisign-grs.com]
[Redirected to whois.markmonitor.com]
[Querying whois.markmonitor.com]
[whois.markmonitor.com: Name or service not known]
[Unable to connect to remote host]



How to fix ?
 
Put the following in your /etc/resolv.conf file:

Code:
nameserver 8.8.8.8
nameserver 8.8.4.4
 
Put the following in your /etc/resolv.conf file:

Code:
nameserver 8.8.8.8
nameserver 8.8.4.4

Yes, I'm already using it since I installed the OS, here's mine.

nameserver 195.60.76.114
nameserver 195.60.76.115
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 156.154.70.1
nameserver 156.154.71.1
nameserver 208.67.222.222
nameserver 208.67.220.220

What else should I do ?
 
Is this result Ok ?


[root@server ~]# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:212121 errors:0 dropped:0 overruns:0 frame:0
TX packets:212121 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17604764 (16.7 MiB) TX bytes:17604764 (16.7 MiB)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:12415488 errors:0 dropped:0 overruns:0 frame:0
TX packets:11922843 errors:0 dropped:185 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1348860694 (1.2 GiB) TX bytes:10356248437 (9.6 GiB)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:31.210.100.76 P-t-P:31.210.100.76 Bcast:31.210.100.76 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
 
Show your

Code:
iptables-save

?


Here it is:

[root@server ~]# iptables-save
# Generated by iptables-save v1.3.5 on Sun Jun 24 02:47:03 2012
*nat
:pREROUTING ACCEPT [1329859:78695122]
:pOSTROUTING ACCEPT [70753:4844684]
:OUTPUT ACCEPT [70753:4844684]
COMMIT
# Completed on Sun Jun 24 02:47:03 2012
# Generated by iptables-save v1.3.5 on Sun Jun 24 02:47:03 2012
*mangle
:pREROUTING ACCEPT [12885391:1404257095]
:INPUT ACCEPT [12885391:1404257095]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [12525253:10907252156]
:pOSTROUTING ACCEPT [12525253:10907252156]
COMMIT
# Completed on Sun Jun 24 02:47:03 2012
# Generated by iptables-save v1.3.5 on Sun Jun 24 02:47:03 2012
*filter
:INPUT ACCEPT [12885391:1404257095]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [12525253:10907252156]
COMMIT
# Completed on Sun Jun 24 02:47:03 2012
[root@server ~]#
 
Code:
ping 64.124.14.21
?

Code:
traceroute -I 64.124.14.21
?

Here it is :rolleyes:



[root@server ~]# ping 64.124.14.21
PING 64.124.14.21 (64.124.14.21) 56(84) bytes of data.
64 bytes from 64.124.14.21: icmp_seq=1 ttl=43 time=211 ms
64 bytes from 64.124.14.21: icmp_seq=2 ttl=43 time=211 ms
^C
--- 64.124.14.21 ping statistics ---
3 packets transmitted, 2 received, 33% packet loss, time 2002ms
rtt min/avg/max/mdev = 211.511/211.691/211.871/0.180 ms

END...


[root@server ~]# traceroute -I 64.124.14.21
traceroute to 64.124.14.21 (64.124.14.21), 30 hops max, 40 byte packets
1 z27-tr14.host.net (31.210.100.2) 0.101 ms 0.034 ms 0.023 ms
2 10.250.0.5 (10.250.0.5) 1.451 ms 1.486 ms 1.545 ms
3 212.156.146.241.static.turktelekom.com.tr (212.156.146.241) 3.085 ms 3.592 ms 212.156.129.149.static.turktelekom.com.tr (212.156.129.149) 3.117 ms
4 81.212.211.211.static.turktelekom.com.tr (81.212.211.211) 1.633 ms 3.033 ms 3.424 ms
5 uls-2-3-gyrttpe-2-3.turktelekom.com.tr (81.212.204.205) 11.337 ms 11.494 ms 11.828 ms
6 so-5-0-0.edge1.Paris1.Level3.net (212.73.206.9) 65.899 ms 65.940 ms 65.973 ms
7 ae-1-51.edge4.Paris1.Level3.net (4.69.139.202) 65.869 ms ae-2-52.edge4.Paris1.Level3.net (4.69.139.234) 65.847 ms 65.837 ms
8 xe-1-2-0.mpr1.cdg11.fr.above.net (64.125.14.41) 65.791 ms 65.806 ms 65.783 ms
9 xe-3-3-0.mpr1.lhr2.uk.above.net (64.125.24.85) 69.431 ms 69.425 ms 69.426 ms
10 so-0-0-0.mpr1.lhr3.uk.above.net (64.125.27.226) 69.777 ms 69.889 ms 69.864 ms
11 ge-3-3-0.mpr1.la5.us.above.net (64.125.26.37) 141.029 ms 140.998 ms 140.972 ms
12 xe-3-3-0.cr1.ord2.us.above.net (64.125.24.38) 170.253 ms 161.686 ms 161.660 ms
13 xe-5-3-0.cr1.sjc2.us.above.net (64.125.26.13) 211.849 ms 211.960 ms 211.920 ms
14 xe-4-3-0.er1.sjc2.us.above.net (64.125.28.53) 211.440 ms 211.513 ms 211.492 ms^C
[root@server ~]#
 
So, I'd guess your DC (or ISP) is blocking port (whois requests), or your IP is blocked at whois.markmonitor.com.

What if you try to

whois directadmin.com

or any other domain?
 
Some whois in other domain works, like da domain.


[root@server etc]# whois directadmin.com
[Querying whois.verisign-grs.com]
[Redirected to whois.godaddy.com]
[Querying whois.godaddy.com]
[whois.godaddy.com]
The data contained in GoDaddy.com, LLC's WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without the prior written
permission of GoDaddy.com, LLC. By submitting an inquiry,
you agree to these terms of usage and limitations of warranty. In particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
and solicitations of any kind, including spam. You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.

Please note: the registrant of the domain name is specified
in the "registrant" field. In most cases, GoDaddy.com, LLC
is not the registrant of domain names listed in this database.


Registrant:
Domains By Proxy, LLC
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States

Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
Domain Name: DIRECTADMIN.COM
Created on: 06-Oct-02
Expires on: 06-Oct-17
Last Updated on: 27-Oct-07

Administrative Contact:
Private, Registration [email protected]
Domains By Proxy, LLC
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2598

Technical Contact:
Private, Registration [email protected]
Domains By Proxy, LLC
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2598

Domain servers in listed order:
NS2.JBMC-SOFTWARE.COM
NS1.JBMC-SOFTWARE.COM
 
So, I'd guess your DC (or ISP) is blocking port (whois requests), or your IP is blocked at whois.markmonitor.com.
Try to contact your DC.
 
I had same issue and in my case it was because of Config Server Firewall. When i added port 43 into allowed outgoing ports (on the top of the /etc/csf/csf.conf) and restarted csf by: csf -r

it then started to work. So check your firewall settings
 
I also had a case with the same symptoms a while back, it was trying to go over ipv6 which wasn't configured correctly.
 
Back
Top