whois like functionality on Windows?

[Gerrit Muller]

I am migrating a website from a UNIX based machine to an Windows
machine. In the logfiles I got from the old machine I mostly got domain
names and sometimes only IP addresses. The Windows machine seems to
produce only IP addresses.

Somehow I cannot find a windows solution to translate an IP address back
into a domain-name. Searching with Google shows that more people have
been wrestling with this problem.

I did find working whois scripts, but unfortunately:
- the verbose whois registrar information often forbids automated access
- the information is rather distributed, so you have to somehow access
sufficient servers
- you still have to find the domain name in the sea of details returned

I also found socket based solutions, but these solutions crash with the
message "host not found" :-(

Anyone suggestions?

kind regards, Gerrit

 

[Thomas Heller]

I am migrating a website from a UNIX based machine to an Windows
machine. In the logfiles I got from the old machine I mostly got
domain names and sometimes only IP addresses. The Windows machine
seems to produce only IP addresses.

Somehow I cannot find a windows solution to translate an IP address
back into a domain-name. Searching with Google shows that more people
have been wrestling with this problem.

I did find working whois scripts, but unfortunately:
- the verbose whois registrar information often forbids automated access
- the information is rather distributed, so you have to somehow access
sufficient servers
- you still have to find the domain name in the sea of details returned

I also found socket based solutions, but these solutions crash with
the message "host not found" :-(

Anyone suggestions?

This?

C:\>py23
Python 2.3.5 (#62, Feb 8 2005, 16:23:02) [MSC v.1200 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.

import socket
socket.gethostbyaddr("194.109.137.226") ('fang.python.org', [], ['194.109.137.226'])

Thomas

 

[Peter Hansen]

I am migrating a website from a UNIX based machine to an Windows
machine. In the logfiles I got from the old machine I mostly got domain
names and sometimes only IP addresses. The Windows machine seems to
produce only IP addresses.

Somehow I cannot find a windows solution to translate an IP address back
into a domain-name. Searching with Google shows that more people have
been wrestling with this problem.

I did find working whois scripts, but unfortunately:

[snip]

Part of your problem is looking for the wrong thing. You are looking
for the capability provided by "domain name servers" (DNSes), not
"whois" servers. But Thomas has just given you the solution...

-Peter

 

[Gerrit Muller]

Peter, Thomas,

thanks for your suggestion. I did indeed look broader than whois, and
reverse DNS maybe a better description. Unfortunately I did try the
socket.gethostbyaddr("194.109.137.226"), but the result was a
disappointing "host not found", both at home on an XP machine as well as
at work on a NT machine. Your comments stimulated me too experiment with
this apporach, and I discovered that unresolved IP addresses in my old
logfiles return "host not found". However many IP addresses in my new
logfile can be translated successfully! Apparantly there are IP
addresses that cannot be reversely resolved by the DNS servers. I did
translate these addresses manually so far via the whois service. So you
definitely helped me a lot, but I keep interested in a complementary
whois solution.

kind regards, Gerrit

I am migrating a website from a UNIX based machine to an Windows
machine. In the logfiles I got from the old machine I mostly got
domain names and sometimes only IP addresses. The Windows machine
seems to produce only IP addresses.

Somehow I cannot find a windows solution to translate an IP address
back into a domain-name. Searching with Google shows that more people
have been wrestling with this problem.

I did find working whois scripts, but unfortunately:

[snip]

Part of your problem is looking for the wrong thing. You are looking
for the capability provided by "domain name servers" (DNSes), not
"whois" servers. But Thomas has just given you the solution...

-Peter

 

[Peter Hansen]

thanks for your suggestion. I did indeed look broader than whois, and
reverse DNS maybe a better description. Unfortunately I did try the
socket.gethostbyaddr("194.109.137.226"), but the result was a
disappointing "host not found", both at home on an XP machine as well as
at work on a NT machine. Your comments stimulated me too experiment with
this apporach, and I discovered that unresolved IP addresses in my old
logfiles return "host not found". However many IP addresses in my new
logfile can be translated successfully! Apparantly there are IP
addresses that cannot be reversely resolved by the DNS servers. I did
translate these addresses manually so far via the whois service. So you
definitely helped me a lot, but I keep interested in a complementary
whois solution.

If the address doesn't get mapped to a name by a DNS server, I strongly
suspect you will get nowhere with whois, or much else. Not all IP
addresses have corresponding domain names: many are dynamic addresses
assigned on the fly to arbitrary customers of (for example) cable modem
service providers, and they're often not interested in providing any
reverse mapping for them. Some do (for example, mine is
pc-136-15.scpe.powergate.ca right now), but many don't...

I'm sure there's a way to identify the domain of the owner of a block of
addresses in which a given IP resides. I don't know what it is.

-Peter

 

[Gerrit Muller]

If the address doesn't get mapped to a name by a DNS server, I strongly
suspect you will get nowhere with whois, or much else. Not all IP
addresses have corresponding domain names: many are dynamic addresses
assigned on the fly to arbitrary customers of (for example) cable modem
service providers, and they're often not interested in providing any
reverse mapping for them. Some do (for example, mine is
pc-136-15.scpe.powergate.ca right now), but many don't...

I'm sure there's a way to identify the domain of the owner of a block of
addresses in which a given IP resides. I don't know what it is.

-Peter

In 5 years of logging I did get about 23000 different domains that
accessed my site. For about 1000 IP address ranges I obtained the domain
name manually via whois, mostly via Geektools. Sometimes via more
specific whois servers, such as krnic. These 1000 domain names are a mix
of "real" domain names, for instance from companies, universities or
government, and service providers. It would be nice to automate this
action, although the manual approach is workable.

regards, Gerrit