8

I've tried googling this, but I can't get anywhere near an answer, and this is the only place I can imagine getting one.

If I do whois twitter.com, then I get a really odd response. If it's advertising, then it's the oddest place I've ever seen for an advert.

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Server Name: TWITTER.COM.ZEN.THE.BEST.WEBHOSTING.AT.WWW.FATUCH.COM
   IP Address: 209.126.190.70
   Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.PublicDomainRegistry.com

   Server Name: TWITTER.COM.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM
   IP Address: 209.126.190.71
   Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.PublicDomainRegistry.com

Does anyone have a clue what is going on here, and why on earth unimundi.com and fatuch.com are running adverts in twitter's whois?

Richard Gadsden
  • 3,696
  • 4
  • 28
  • 58
  • The key point to understand in respect to whois records, is that records are stored at two levels. I've provided a script example for how to do this here automatically for any domain here: http://serverfault.com/questions/766424/domain-renewal-expiration-date-for-european-domains-whois/812009#812009 – mikkokotila Nov 05 '16 at 05:59

1 Answers1

13

This is just a trick employed by some registrants leveraging the fact that whois defaults to include both host and domain entries. The extra matches are from host (nameserver) entries. You can explicitly ask for a domain entry to avoid the host matches:

$ whois domain twitter.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: TWITTER.COM
   Registrar: NETWORK SOLUTIONS, LLC.
   Whois Server: whois.networksolutions.com
   Referral URL: http://www.networksolutions.com
   Name Server: NS1.P34.DYNECT.NET
   Name Server: NS2.P34.DYNECT.NET
   Name Server: NS3.P34.DYNECT.NET
   Name Server: NS4.P34.DYNECT.NET
   Status: clientTransferProhibited
   Updated Date: 10-mar-2011
   Creation Date: 21-jan-2000
   Expiration Date: 21-jan-2018

>>> Last update of whois database: Tue, 03 May 2011 09:47:54 UTC <<<

...etc...

EDIT: BTW, you can also force a partial match using three dots (...) at the end of the query. This confuses the linux whois client because it can't determine the domain automatically, so you have to explicitly tell it which whois server to use:

$ whois -h whois.verisign-grs.com "nameserver twitter.com..."

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

TWITTER.COM.ZEN.THE.BEST.WEBHOSTING.AT.WWW.FATUCH.COM
TWITTER.COM.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM

To single out one record, look it up with "xxx", where xxx is one of the
of the records displayed above. If the records are the same, look them up
with "=xxx" to receive a full display for each record.

>>> Last update of whois database: Tue, 03 May 2011 10:20:07 UTC <<<
Cakemox
  • 24,141
  • 6
  • 41
  • 67