0

I get spam all the time (what a surprise!) and once in a while I check the IP address to see where it comes from (i.e. .cn, .cz, .pl, etc.)

Today I was surprised as I found the output of dig to be:

promtp# dig -x 94.102.52.186
186.52.102.94.in-addr.arpa. 3600 IN PTR user186.mbenzforums.net.

and then the output of whois to be:

prompt# whois mbenzforums.net
No match for "MBENZFORUMS.NET".

How is that possible? Is it because the mbenzforums.net domain was attached to that IP and then did not get renewed, but still assigned to the IP?

I thought that such would very quickly disappear (within a day or so) and am not thinking that I'd catch that "just in time"...

Alexis Wilke
  • 2,057
  • 1
  • 18
  • 33
  • Maybe you could explain why you did a -1 here? – Alexis Wilke Nov 02 '13 at 23:53
  • Alexis, it wasn't my downvote, but if you mouseover the down arrrowhead you'll see a popup that says "*This question does not show any research effort; it is unclear or not useful*". Downvotes without comment may be assumed to be for one or more of those reasons. – MadHatter Nov 04 '13 at 13:06
  • Well, I see now that it is considered off topic, even though I got a perfect answer that worked... I guess I don't understand this "server" "fault" site... – Alexis Wilke Nov 06 '13 at 06:36
  • Fortunately, there is a handy set of documents just a mouse click away, written to help you understand that very thing. They're at the "help" link, at the top of the screen. http://serverfault.com/help/on-topic may be of particular help. – MadHatter Nov 06 '13 at 07:24
  • I feels like a network related question to me. But maybe it would be better adapted to the Super User platform? – Alexis Wilke Nov 06 '13 at 22:09
  • That is certainly possible; I'm no expert on SU and wouldn't presume to speak for them. – MadHatter Nov 06 '13 at 22:17

1 Answers1

3

Anyone can set the PTR record to whatever they want. It doesn't have to be valid, or it could be valid and later become invalid.

If you really want to know about an IP address, use whois on it. (This example uses GNU jwhois, which most Linux distributions ship.)

whois 94.102.52.186
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • Oh! I did not even know that you could use an IP with whois! ECATEL co-location... Well, I guess it could have been one of their customers. – Alexis Wilke Nov 02 '13 at 23:04
  • 1
    It gives enough information to send an abuse complaint or to contact the company's NOC. Beyond that, they can deal with their own customers :) – Michael Hampton Nov 02 '13 at 23:06