On 2013-02-25 at 18:19 +0000, Edward Ned Harvey (lopser) wrote: > > On Behalf Of Andrew Hume > > > > she needs to get whois type information for approx 1M ip addresses in teh > > US. > > Could you clarify that? Because that part of the question doesn't make > sense.
Actually, it does. All IP addresses that aren't special-use come from allocations or assignments via, minimally, one of the Regional Internet Registries (or have been grandfathered in to make it look like they have). They're allocated in blocks. In the USA, the RIR is ARIN. In Europe it's RIPE, etc. (There's more, involving LIRs, etc, but this is enough detail for now). So www.nedharvey.com resolves to [107.22.254.64] and running: $ whois -h whois.arin.net -- 107.22.254.64 we see that this is part of 107.20.0.0/14, aka AMAZON-EC2-8. We also get information such as abuse reporting details. Moreover, you can also look this information up in the routing databases, eg whois.radb.net. From there, we see that this IP address is part of a /16, 107.22.0.0/16, described as "Amazon EC2 IAD prefix". Since network engineers like to use IATA codes of the nearest airports, I can hazard an informed guess that you're in Amazon US-East. How up-to-date the routing registries are varies depending upon local customs in peering agreements. In Europe, it's common for peers to demand up-to-date information as a requisite for settlement-free peering, so that filters can be automatically constructed. In the USA, this has historically not been the case, but the situation has been improving, and the advent of secure routing (RPKI) is helping nudge things along: no bureaucracy, no proof of ownership, no ability to get your scarce IPv4 addresses routed when you buy them. Fortunately, each successful whois query will tell you which block the IP is part of, so if you track that and use actual netblock matching, the 1M IP addresses should turn into significantly fewer than 1M whois queries. After all, having queried for 107.22.254.64 we get an answer for a /14 which matches 2^18 IP addresses, so we have an answer for 262143 other IPs and some fraction of the 1M are likely to match. -Phil _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
