Net-Whois-IP-0.35 returning incorrect responses?

[Sylvain Robitaille]

I'm trying to write a Perl script which will (among other things) look
up the Whois information, based on an IP address it encounters, but the
responses I'm getting from Net-Whois-IP-0.35 are not what I'm expecting,
(though I suppose they're technically correct).

Please consider the following test case:

cat -n src/whois_test.pl
1 #!/local/pkg/perl/root-perl-5.8.0/bin/perl -wT
2 #
3 # For looking up Whois info:
4 use Net::Whois::IP qw(whoisip_query);
5
6 my $whois_response = whoisip_query("132.205.7.51", "true");
7 foreach (keys(%{$whois_response}) ) {
8 print "$_:";
9 foreach ( @{$whois_response->{$_}} ) {
10 print " $_\n";
11 }
12 }
13

Now I run the test program:
src/whois_test.pl
OrgID: VR-ARIN
NetName: NET132
PostalCode: 20151
NetType: Early Registrations, Maintained by ARIN
NetHandle: NET-132-0-0-0-0
Address: 3635 Concord Parkway, Suite 200
RegDate: 1993-05-01
Comment:
City: Chantilly
CIDR: 132.0.0.0/8
StateProv: VA
Updated: 2002-08-23
Parent:
OrgName: Various Registries (Maintained by ARIN)
Country: US
NameServer: ARROWROOT.ARIN.NET
BUCHU.ARIN.NET
CHIA.ARIN.NET
DILL.ARIN.NET
EPAZOTE.ARIN.NET
FIGWORT.ARIN.NET
GINSENG.ARIN.NET
HENNA.ARIN.NET
INDIGO.ARIN.NET
NetRange: 132.0.0.0 - 132.255.255.255

However, if I run whois (whois-4.5.29) at the command line, to look up
the same IP address, I get the following response (which is what I
expect to see):

whois 132.205.7.51

OrgName: Concordia University
OrgID: CONCOR-15
Address: 1455 de Maisonneuve ouest
City: Montreal
StateProv: QC
PostalCode: H3G 1M8
Country: CA

NetRange: 132.205.0.0 - 132.205.255.255
CIDR: 132.205.0.0/16
NetName: CONCORDIA
NetHandle: NET-132-205-0-0-1
Parent: NET-132-0-0-0-0
NetType: Direct Assignment
NameServer: CLYDE.CONCORDIA.CA
NameServer: ALCOR.CONCORDIA.CA
NameServer: ZAURAK.CC.UMANITOBA.CA
NameServer: NS4.SRV.CIS.PITT.EDU
Comment:
RegDate: 1989-06-14
Updated: 2003-03-04

AbuseHandle: ABUSE217-ARIN
AbuseName: Abuse
AbusePhone: +1-514-848-7600
AbuseEmail: (e-mail address removed)

# ARIN WHOIS database, last updated 2003-08-05 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

Does anyone know how to get Net::Whois::IP to send back the response I'm
expecting, or should I simply call my command-line whois from the script
I'm writing? (it would of course be much cleaner to use a Perl module
for this ...)

--
----------------------------------------------------------------------
Sylvain Robitaille (e-mail address removed)

Systems analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------

 

[Peter Scott]

I'm trying to write a Perl script which will (among other things) look
up the Whois information, based on an IP address it encounters, but the
responses I'm getting from Net-Whois-IP-0.35 are not what I'm expecting,
(though I suppose they're technically correct).

Please consider the following test case:

[snip program; can be replaced by
perl -MData:umper -MNet::Whois::IP=whoisip_query \
-e 'print Dumper whoisip_query("132.205.7.51")'
]

Now I run the test program:
src/whois_test.pl

[snip result for NET-132-0-0-0-0]

However, if I run whois (whois-4.5.29) at the command line, to look up
the same IP address, I get the following response (which is what I
expect to see):

[snip result for NET-132-205-0-0-1]

First let me thank you for posing a perfectly formed question; all the
information needed (most of which I cut out and a clear question.

I ran this under the debugger and found that the problem is a bug in
Net::Whois::IP. It thinks that if the result does not include a
TechPhone or an OrgTechPhone attribute then it should try a whois
query for the parent handle. This is at odds with its documentation
which says it keeps going until it gets an OrgName or CustName. I
have submitted a bug report. (The NET-132-0-0-0-0 result doesn't
have a *TechPhone attribute either, but its Parent is blank, so the
module gives up there.)

Does anyone know how to get Net::Whois::IP to send back the response I'm
expecting, or should I simply call my command-line whois from the script
I'm writing? (it would of course be much cleaner to use a Perl module
for this ...)

Unless and until the module is improved, you'll need to make a copy of
it to go somewhere earlier in your @INC and modify it. I suggest you
look for the line

}elsif(/Parent:\s+(\S+)/) {

and on the next (long) line, change TechPhone to NetName and change
OrgTechPhone to OrgName.

 

[Sylvain Robitaille]

[snip program; can be replaced by
perl -MData:umper -MNet::Whois::IP=whoisip_query \
-e 'print Dumper whoisip_query("132.205.7.51")'
]

Yikes! I'm pretty fond of creating one-liners myself, but it just goes
to show that I still have *lots* to learn!

First let me thank you for posing a perfectly formed question; all the
information needed (most of which I cut out and a clear question.

Well, thank you, and J. Gleixner, for taking the time to read it and to
propose a solution. In fact, thanks to anyone who's read my original
post, even if a solution didn't come to mind...

(thanks especially to Peter, for taking the extra time to debug the
Net-Whois-IP module, submit a bug report, and propose a solution that
will likely work -- I'll give it a try and report back if I still have
problems.)

I ran this under the debugger and found that the problem is a bug in
Net::Whois::IP. It thinks that if the result does not include a
TechPhone or an OrgTechPhone attribute then it should try a whois
query for the parent handle.

Bingo! I should have thought to trace it myself!

This is at odds with its documentation which says it keeps going until
it gets an OrgName or CustName.

Right. I would have expected to stop on those as well.

Perhaps I need to have our Whois info modified to include a Tech phone
number, though (it would be the same as the listed AbusePhone number
anyway...)

I have submitted a bug report.

Wow! Thank you, both for fing the problem, and for going the extra
distance to submit the bug-report.

Unless and until the module is improved, you'll need to make a copy of
it to go somewhere earlier in your @INC and modify it.

Or, I can just patch and re-install the module itself, but the idea is
the same ...

I suggest you look for the line

}elsif(/Parent:\s+(\S+)/) {

and on the next (long) line, change TechPhone to NetName and change
OrgTechPhone to OrgName.

Will do. Thanks a whole bunch!

--
----------------------------------------------------------------------
Sylvain Robitaille (e-mail address removed)

Systems analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------

 

[Sylvain Robitaille]

Try Net::Whois::Raw

Thanks. I appreciate the response. If I can't get Peter Scott's solution
to work, I'll give that a try.

--
----------------------------------------------------------------------
Sylvain Robitaille (e-mail address removed)

Systems analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------