Page MenuHomePhabricator

Unable to interpret or filter out response by whois.tonic.to server
Open, HighPublic

Description

Mani opened ticket to report WhoIs queries for non-existing subdomains in the .TO top-level domain were not reporting correctly.

I verified this (below) ... probably they're using a modern system willing to return some multiple-byte characters instead of plain old telnet-compatible ASCII.

WhoIs Lookup performed by Karen's WhoIs v2.7
Visit https://www.karenware.com/
Query [testnameinvalid.yp.to] whois://whois.tonic.to

Tonic whoisd V1.1
yp uz5jmyqz3gz2bhnuzg0rr0cml9u8pntyhn2jhtqn04yt3sm5h235c1.yp.to
yp uz5jmyqz3gz2bhnuzg0rr0cml9u8pntyhn2jhtqn04yt3sm5h235c1.ns.yp.to

Proper response:

joe@host:~$ whois testnameinvalid.yp.to
Tonic whoisd V1.1
No match for testnameinvalid.yp

Windows response from telnet whois.tonic.to 43

Event Timeline

Joe created this task.Mar 31 2019, 9:54 AM
Joe created this object in space S5 Public.
Joe triaged this task as High priority.
Joe created this object with visibility "Public (No Login Required)".
Joe added a comment.EditedApr 3 2019, 11:57 AM

The bytes returned are exactly what was displayed. This isn't a character set problem.

WhoIs Lookup performed by Karen's WhoIs v2.7
Visit https://www.karenware.com/
Query [testnameinvalid.yp.to] whois://whois.tonic.to

54 6F 6E 69 63 20 77 68 6F 69 73 64 20 56 31 2E 31 0A 79 70 20 75 7A 35 6A 6D 79 71 7A 33 67 7A 

32 62 68 6E 75 7A 67 30 72 72 30 63 6D 6C 39 75 38 70 6E 74 79 68 6E 32 6A 68 74 71 6E 30 34 79 

74 33 73 6D 35 68 32 33 35 63 31 2E 79 70 2E 74 6F 0A 79 70 20 75 7A 35 6A 6D 79 71 7A 33 67 7A 

32 62 68 6E 75 7A 67 30 72 72 30 63 6D 6C 39 75 38 70 6E 74 79 68 6E 32 6A 68 74 71 6E 30 34 79 

74 33 73 6D 35 68 32 33 35 63 31 2E 6E 73 2E 79 70 2E 74 6F 0A 0A
Joe added a comment.Apr 3 2019, 12:08 PM

This is just a matter of WhoIs stripping off the host part of the query and only sending the "yp.to" part. Tonic WhoIs returns for that:

joe@debbie:~$ whois yp.to
Tonic whoisd V1.1
yp uz5jmyqz3gz2bhnuzg0rr0cml9u8pntyhn2jhtqn04yt3sm5h235c1.yp.to
yp uz5jmyqz3gz2bhnuzg0rr0cml9u8pntyhn2jhtqn04yt3sm5h235c1.ns.yp.to