Fidonet Portal






From: Mayayana (1:396/4)
To: All
Date: Tue, 29.12.20 23:28
Re: Searching database for IPv6
From: "Mayayana" <mayayana@invalid.nospam>

"ObiWan" <obiwan@mvps.org> wrote

>
Well, let's say you want to process a list of IPs and retrieve some
informations about each of them, in such a case, using the resolver DLL
it will be easy to run DNS queries for "TXT" type resource records
>

Ah. I see. I didn't know about TXT records. But I
wonder if that's as good as a hostname call and a
location database lookup. Many IPs don't return a
hostname, but I can still do a location lookup. With
a server call for records, in my experience, it's very
undependable.

As I mentioned earlier, I wrote winsock code
when I was working on an email program, to get
MX records for a text IP address or domain, but it
was useless. Many servers don't maintain an MX record.
When they do it's often not usable. For example,
a hosted site AceAndAcme.com might be hosted by
CheapoHost.com. Their MX records might tell me their
SMTP server is at CheapoHost.com, but someone
actually sending mail has to use something like
smtp.AceAndAcme.com.

It TXT universally supprted and always supplying
company, location, etc?


--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: ObiWan (1:396/4)
To: All
Date: Wed, 30.12.20 11:41
Re: Searching database for IPv6
From: ObiWan <obiwan@mvps.org>

:: On Wed, 30 Dec 2020 09:28:44 -0500
:: (microsoft.public.vb.general.discussion)
:: <rsi2r6$rt6$1@dont-email.me>
:: "Mayayana" <mayayana@invalid.nospam> wrote:

> Ah. I see. I didn't know about TXT records.=20

They play quite a part in nowadays internet, for example, SPF records
were born using TXT RRs for their contents, same goes for other infos


> But I wonder if that's as good as a hostname call and a
> location database lookup.=20

I'm at loss... what do you mean ?

> Many IPs don't return a hostname, but I can still do a location
> lookup. With a server call for records, in my experience, it's very
> undependable.

The senderbase doesn't rely on "hostnames", but on netblocks, it tells
you which entity a given IP belongs to
=20
> As I mentioned earlier, I wrote winsock code
> when I was working on an email program, to get
> MX records for a text IP address or domain, but it
> was useless. Many servers don't maintain an MX record.

Uh... what do you mean ? See, a "hostname" doesn't have any kind of
cognition of "MX" or whatever else, to obtain an MX you'll need to dig
out the "MX" records for the domain, then ... ok, some people which
knows zilch about DNS did even use CNAMEs for the MX (VERY BAD IDEA) so
in that case you'll have to go on with resolution, in other cases (but
luckily not too much), a domain may NOT publish MX informations, in
such a case, the MX is assumed (by RFCs) to be the IP pointed by the
domain itself, also notice that the MX is the "Mail eXchanger" which
means that it points to the host(s) which carry on the SMTP traffic,
but the IMAP/POP ones may be totally different and the MX won't give
you ANY infos about them, you may try to use "SRV" records, but then
those aren't widely adopted (at least on the internet)

> It TXT universally supprted and always supplying company, location,
> etc?

It isn't "TXT" it's the DNS service offered by senderbase (by Cisco)
which uses "TXT" records to return those informations... I think you
didn't still understand how it works



--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: ObiWan (1:396/4)
To: All
Date: Wed, 30.12.20 11:53
Re: Searching database for IPv6
From: ObiWan <obiwan@mvps.org>

:: On Wed, 30 Dec 2020 14:57:26 +0100
:: (microsoft.public.vb.general.discussion)
:: <20201230145726.00007bac@mvps.org>
:: ObiWan <obiwan@mvps.org> wrote:

> :: On Wed, 30 Dec 2020 14:47:38 +0100
> :: (microsoft.public.vb.general.discussion)
> :: <20201230144738.00007601@mvps.org>
> :: ObiWan <obiwan@mvps.org> wrote:
>=20
> > Not just for that ;-) as for the accuracy, the data comes from BGP
> > routing and other sources and the whole thing is backed by Cisco, so
> > while I won't use it to aim some missile, I believe that the
> > "coarse" indications should be pretty good
>=20
> also, and since we're at it, check this out
>=20
> https://team-cymru.com/community-services/ip-asn-mapping/

just in case, let's say we have the IP 216.90.108.31 and we want to
gather some infos (mostly routing stuff) about it, we may start with a
query to retrieve the IP origin, that is

nslookup -type=3DTXT 31.108.90.216.origin.asn.cymru.com

"23028 | 216.90.108.0/24 | US | arin | 1998-09-25"


the query returned an AS number (23028), so let's go on and issue a
query for that AS number as follows

nslookup -type=3DTXT as23028.asn.cymru.com

"23028 | US | arin | 2002-01-04 | TEAM-CYMRU, US"

so we now know that the IP belongs to AS23028, the subnet it belongs to
is 216.90.108.0/24 and the AS belongs to the Team CYMRU, this should be
enough for a start, but now let's see who is "peering" (to simplify,
has a direct routing exchange) whith that AS block, to do so we'll run
the following query

nslookup -type=3DTXT 31.108.90.216.peer.asn.cymru.com

"3257 23352 | 216.90.108.0/24 | US | arin | 1998-09-25"

the above tells us that AS23028 has two peers, 3257 and 23352, now
let's see "who they are"

nslookup -type=3DTXT as3257.asn.cymru.com

"3257 | US | ripencc | 1994-09-30 | GTT-BACKBONE GTT, US"

nslookup -type=3DTXT as23352.asn.cymru.com

"23352 | US | arin | 2002-03-05 | SERVERCENTRAL, US"

see it Smile ?



--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: Mayayana (1:396/4)
To: All
Date: Wed, 30.12.20 00:01
Re: Searching database for IPv6
From: "Mayayana" <mayayana@invalid.nospam>

"ObiWan" <obiwan@mvps.org> wrote


It isn't "TXT" it's the DNS service offered by senderbase (by Cisco)
which uses "TXT" records to return those informations... I think you
didn't still understand how it works
>

No. And I don't get how Cisco comes into it. I looked
up TXT records and it's as I feared:

"In practice, services using TXT records often do not follow
this RFC, but instead have their own specific format."

RFC1464, referred to, doesn't even specify anything but
the format. I haven't looked at the code you linked yet.
What I'm familiar with is calling a server for specific
records via winsock. But I've found it to be undependable.
So if you're going to some kind of massive database run by
Cisco then I'm not familiar with how that works....

OK. I just tried the nslookup method with my own IP address.
I think I'm getting what you mean. Senderbase is Cisco and
they host this service? But when I entered my IP I got
this:

"0-0=1|1=DLIVE|2=0.0|3=0.0|4=3208851|7=0|8=832256|45=N|46=17|48=24|50=Gangnam-gu
|51=Seoul|52=06333|53=KR|54=127.063|55=37.4951|56=1|57=1609233358"

Suffice it to say I'm not the CEO of Gangnam-gu and
I don't live in S. Korea. Smile

Why wouldn't I just call the IP address in question for
a TXT record? But even then, if they don't respond with
a hostname I don't expect they're going to respond
with a TXT record..... Am I still missing something?





--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: ObiWan (1:396/4)
To: All
Date: Wed, 30.12.20 12:10
Re: Searching database for IPv6
From: ObiWan <obiwan@mvps.org>

:: On Wed, 30 Dec 2020 10:01:24 -0500
:: (microsoft.public.vb.general.discussion)
:: <rsi4oe$aen$1@dont-email.me>
:: "Mayayana" <mayayana@invalid.nospam> wrote:

> No. And I don't get how Cisco comes into it.=20

Because "senderbase.org" belongs to Cisco

> "In practice, services using TXT records often do not follow
> this RFC, but instead have their own specific format."

TXT records are *free format* text records, there's nothing else to
them, but if you query a given service (like senderbase) which offers
those data, then you will know the format, you CAN'T just query "any
domain", you didn't get the point, I believe
=20
> OK. I just tried the nslookup method with my own IP address.
> I think I'm getting what you mean. Senderbase is Cisco and
> they host this service? But when I entered my IP I got
> this:
>=20
> "0-0=3D1|1=3DDLIVE|2=3D0.0|3=3D0.0|4=3D3208851|7=3D0|8=3D832256|45=3DN|46=
=3D17|48=3D24|50=3DGangnam-gu|51=3DSeoul|52=3D06333|53=3DKR|54=3D127.063|55=
=3D37.4951|56=3D1|57=3D1609233358"

Did you REVERSE the (your) IP ?=20

I mean, if your IP is 1.2.3.4 then your query will be

nslookup -type=3DTXT 4.3.2.1.query.senderbase.org

see it now ? It's like running a query to retrieve a given IP hostname
(assuming it exists), for example, having the IP 173.37.146.11 and
willing to retrieve its reverse mapping (PTR record in DNS parliance)
we'll issue the following query

nslookup -type=3DPTR 11.146.37.173.in-addr.arpa

notice how the IP octets are *reversed*, same goes for the senderbase
query, just a matter of reversing the IP and querying the desired zone

> Why wouldn't I just call the IP address in question=20

Call... what do you mean by "call the IP" ?

Please explain, I'm at loss !


--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: Apd (1:396/4)
To: All
Date: Wed, 30.12.20 10:45
Re: Searching database for IPv6
From: "Apd" <not@all.invalid>

"ObiWan" wrote:
:: "Apd" wrote:
>> has no information on it or the meaning of the record numbers. The
>> list seems to match one I found at Stack Overflow but do you know of
>> any official or other documentation?
>
> I've some infos, but I'm sorry, I can't disclose that

Shame. The comments at SO mentioned the info was not meant to be
publicly available.



--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: Apd (1:396/4)
To: All
Date: Wed, 30.12.20 10:46
Re: Searching database for IPv6
From: "Apd" <not@all.invalid>

"ObiWan" wrote:
>> Not just for that ;-) as for the accuracy, the data comes from BGP
>> routing and other sources and the whole thing is backed by Cisco, so
>> while I won't use it to aim some missile, I believe that the "coarse"
>> indications should be pretty good
>
> also, and since we're at it, check this out
>
> https://team-cymru.com/community-services/ip-asn-mapping/

Yes, I'm aware of Team Cymru. Have you seen Prefix WhoIs?

https://www.pwhois.org/webquery.who

If you have a Windows whois client you can do this:

$> whois -h whois.pwhois.org 24.30.102.5

Results are easier to read but not formatted for computer processing
as the Senderbase ones are. On your example IP it gives Atlanta rather
than Decatur for geo-loc. When I try Pwhois on my own IP, the location
is way off but the Senderbase query is spot on!


--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: ObiWan (1:396/4)
To: All
Date: Wed, 30.12.20 12:52
Re: Searching database for IPv6
From: ObiWan <obiwan@mvps.org>

:: On Wed, 30 Dec 2020 15:46:28 -0000
:: (microsoft.public.vb.general.discussion)
:: <rsi7d4$vge$2@apd.eternal-september.org>
:: "Apd" <not@all.invalid> wrote:

> $> whois -h whois.pwhois.org 24.30.102.5
>=20
> Results are easier to read but not formatted for computer processing
> as the Senderbase ones are. On your example IP it gives Atlanta rather
> than Decatur for geo-loc. When I try Pwhois on my own IP, the location
> is way off but the Senderbase query is spot on!

Yes, I know about whois, but I prefer DNS since it's easier to fetch
the data and process them in that format, as for location, remember
that while the senderbase infos are based on (approx) IP block
allocation, the CYMRU ones refer to the ASN owner location, so they
can't be used for IP geolocation

--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: ObiWan (1:396/4)
To: All
Date: Wed, 30.12.20 12:53
Re: Searching database for IPv6
From: ObiWan <obiwan@mvps.org>

:: On Wed, 30 Dec 2020 15:45:22 -0000
:: (microsoft.public.vb.general.discussion)
:: <rsi7d4$vge$1@apd.eternal-september.org>
:: "Apd" <not@all.invalid> wrote:

> "ObiWan" wrote:
> :: "Apd" wrote:
> >> has no information on it or the meaning of the record numbers. The
> >> list seems to match one I found at Stack Overflow but do you know
> >> of any official or other documentation?
> >
> > I've some infos, but I'm sorry, I can't disclose that
=20
> Shame. The comments at SO mentioned the info was not meant to be
> publicly available.

Well, got the infos from a friend, asked me not to disclose... and I've
ONE word, sorry but can't disclose them

--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: ObiWan (1:396/4)
To: All
Date: Wed, 30.12.20 13:16
Re: Searching database for IPv6
From: ObiWan <obiwan@mvps.org>

:: On Wed, 30 Dec 2020 16:52:23 +0100
:: (microsoft.public.vb.general.discussion)
:: <20201230165223.00007dcb@mvps.org>
:: ObiWan <obiwan@mvps.org> wrote:

> Yes, I know about whois, but I prefer DNS since it's easier to fetch

Forgot... if you're interested, I *wrote* a whois client Smile and I may
upload the whole blurb (a zip with the sources and executable)
somewhere, the client uses some "tricks" to retrieve the infos Smile

--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: Mayayana (1:396/4)
To: All
Date: Wed, 30.12.20 04:39
Re: Searching database for IPv6
From: "Mayayana" <mayayana@invalid.nospam>

"ObiWan" <obiwan@mvps.org> wrote

> you CAN'T just query "any
> domain"

Actually you can. If they maintain a TXT listing you
can ask for it. That's what I was referring to in getting
MX records. I would guess Cisco is doing that themselves.

Here's a sample similar to what I've done to query
MX servers:

https://www.binarytides.com/dns-query-code-in-c-with-winsock/

I assume it would be the same for TXT records, just
asking for Type ID #16 rather than #15, which is MX.
It's more work than hostname, but if it offered dependable
location info that would be very convenient. Still, the
question is whether servers generally offer that data in a
consistent way.

> Did you REVERSE the (your) IP ?

Ah, thanks. That worked. I get the same readout I
get from whatismyip.com



--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: Apd (1:396/4)
To: All
Date: Wed, 30.12.20 19:54
Re: Searching database for IPv6
From: "Apd" <not@all.invalid>

"ObiWan" wrote:
:: "Apd" wrote:
>> $> whois -h whois.pwhois.org 24.30.102.5

> Yes, I know about whois, but I prefer DNS since it's easier to fetch
> the data and process them in that format,

Ok but this is whois using the pwhois server. It may be similar to
Cymru.

$> whois -h whois.pwhois.org help

"Prefix WhoIs displays the origin-as and other interesting information
related to the most specific prefix currently advertised within the
Internet's global routing table that corresponds to the IP address in
your query"...

> as for location, remember
> that while the senderbase infos are based on (approx) IP block
> allocation,

And the most accurate I've found.

> the CYMRU ones refer to the ASN owner location, so they
> can't be used for IP geolocation

Understood.


--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: ObiWan (1:396/4)
To: All
Date: Mon, 04.01.21 06:23
Re: Searching database for IPv6
From: ObiWan <obiwan@mvps.org>

:: On Wed, 30 Dec 2020 14:39:15 -0500
:: (microsoft.public.vb.general.discussion)
:: <rsil1d$bg5$1@dont-email.me>
:: "Mayayana" <mayayana@invalid.nospam> wrote:

> > you CAN'T just query "any domain"
=20
> Actually you can. If they maintain a TXT listing you
> can ask for it.

TXT records are used for "whatever purpose", including SPF and then
some, there's NO limit to what one may put into the TXT records he
inserts in a DNS zone

> That's what I was referring to in getting
> MX records. I would guess Cisco is doing that themselves.

Nope, they come from BGP route informations, those are collected and
inserted into a DNS zone (query.senderbase.org) as TXT records so that
one may request informations about whatever IP by issuing a query to
THAT particular zone, again, it won't work with "whatever zone"

> question is whether servers generally offer that data in a
> consistent way.

senderbase does, as others, again those are *services* using the DNS
protocolo to handle queries/responses and the latter are carried out
using the DNS "TXT" resource record type


--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: ObiWan (1:396/4)
To: All
Date: Mon, 04.01.21 06:38
Re: Searching database for IPv6
From: ObiWan <obiwan@mvps.org>

:: On Mon, 4 Jan 2021 10:23:43 +0100
:: (microsoft.public.vb.general.discussion)
:: <20210104102343.00004f0a@mvps.org>
:: ObiWan <obiwan@mvps.org> wrote:

> senderbase does, as others, again those are *services* using the DNS
> protocolo to handle queries/responses and the latter are carried out
> using the DNS "TXT" resource record type

just to give some other examples; let's pick the IP 72.163.7.166 (which
is one of the Cisco MX), now let's reverse it getting 166.7.163.72 at
this point, willing to retrieve the "abuse" contact for the IP we may
just query another service, that is "abuse-contacts.abusix.org", to do
so, we'll just append that domain name to the reversed IP and issue a
DNS query for a TXT record, that is

nslookup -type=3DTXT 166.7.163.72.abuse-contacts.abusix.org.

the result of the above query will be a TXT record containing the email
address of the abuse contact for the given IP netblock; another DNS
based service is the one listing the "TOR" proxy nodes

https://www.dan.me.uk/dnsbl

by querying those zones (again reversed IP and the zone appended) the
result will be a TXT record containing infos which tell if the given IP
is a TOR node along with some additional informations and flags,
another zone is the one which returns the whois server name for a given
country, that is "whois-servers.net" in this case instead of an IP we
will use a ccTLD, so to retrieve the whois server responsible for "uk"
we may issue the following query

nslookup -type=3DTXT uk.whois-servers.net

and the result will be "whois.nic.uk", again, that's yet another
SERVICE using DNS and TXT records to convey informations, just like the
one used to retrieve the country to which a given IP belongs, so using
the Cisco IP we saw at beginning and reversing it we may issue this
query

nslookup -type=3DTXT 166.7.163.72.zz.countries.nerd.dk

and the result will be "us", that's another SERVICE; hope it's clear now









--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: ObiWan (1:396/4)
To: All
Date: Mon, 04.01.21 06:50
Re: Searching database for IPv6
From: ObiWan <obiwan@mvps.org>

:: On Mon, 4 Jan 2021 10:23:43 +0100
:: (microsoft.public.vb.general.discussion)
:: <20210104102343.00004f0a@mvps.org>
:: ObiWan <obiwan@mvps.org> wrote:

> TXT records are used for "whatever purpose", including SPF and then
> some, there's NO limit to what one may put into the TXT records he
> inserts in a DNS zone

just in case, try these

nslookup -type=3DTXT microsoft.com

nslookup -type=3DTXT google.com

as you see, since those are infos about regular domains and NOT zones
configured to convey a given SERVICE over DNS, you'll get back quite a
number of TXT records carrying a bunch of different informations, so
you can't just query any domain for TXT as you can do with specific
domains/zones used for special SERVICES


--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

ABOUT

This forum contains echomail areas hosted on Nightmare BBS You can browse local echomail areas, italian fidonet areas and a selection of international fidonet areas, reading messages posted by users in Nightmare BBS or even other BBSs all over the world. You can find file areas too (functional to fidonet technology). You can browse echomail areas and download files with no registration, but if you want to write messages in echomail areas, or use fidonet netmail (private messages with fidomet technology), you have to register. Only a minimal set of data is required, functional to echomail and netmail usage (name, password, email); a registration and login with facebook is provided too, to allow easy registration. If you won't follow rules (each echomail areas has its own, regularly posted in the echomail), your account may be suspended;

CONTACT