[137278] in North American Network Operators' Group
Re: Self-referential whois queries
daemon@ATHENA.MIT.EDU (Rubens Kuhl)
Thu Feb 10 15:39:35 2011
In-Reply-To: <20110210141759.46f7dd5c@t61p>
Date: Thu, 10 Feb 2011 18:38:47 -0200
From: Rubens Kuhl <rubensk@gmail.com>
To: John Kristoff <jtk@cymru.com>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>> I'm noticing an increase in getting "query rate exceeded" at whois
>> services that might be connected to a symptom described by ARIN at
>> NANOG 48/ARIN XXV and ARIN XXVI where machines ask for the whois
>> record of their own IP address.
>>
>> Are there any clues of what is causing this ?
>
> Some spam bots do these automated self-referential queries, but if you
> are seeing those rate exceeded messages when you perform queries from
> your client, you may simply be probably bumping up against a limit for
> the source host or network in question.
The ceil seems to be at the joint whois chain, where a RIR can ask
another RIR or NIR about an IP.
RIRs/NIRs answering such queries with "It's you!" or "Self-referential
queries not allowed" would be too harsh or a reasonable approach ?
Rubens
