[conspire] Public Interest Registry uses rate-limited whois on .org: Grrr!

Rick Moen rick at linuxmafia.com
Mon Jul 2 20:49:56 PDT 2007


At first, I thought this was a script bug:


$ /etc/cron.weekly/domain-check
Processing accu-usa.org...
Processing advogato.org...
Processing anticipationsf.ca...
Processing arlinart.com...
Processing artisticsolutions.org...
Processing asvaro.org...
Processing bafug.org...
Unable to read 'whois' info for bafug.org. Skipping...
Processing balug.org...
Unable to read 'whois' info for balug.org. Skipping...
Processing baycon.org...
Unable to read 'whois' info for baycon.org. Skipping...
Processing baylisa.org...
Unable to read 'whois' info for baylisa.org. Skipping...
Processing baypiggies.net...
Processing buug.org...
[...]

Then, I tried a manual whois.

  $ whois accu-usa.org
  WHOIS LIMIT EXCEEDED - SEE WWW.PIR.ORG/WHOIS FOR DETAILS
  $


At the referenced site, one (eventually) finds this in the FAQ:

 4. Why am I receiving this error message?
 WHOIS LIMIT EXCEEDED  SEE WWW.PIR.ORG/WHOIS FOR DETAILS. PIR has
 introduced rate-limiting logic on the WHOIS Port 43 server and similar
 rate-limiting logic on the PIR Web site.

 PIR monitors all IP addresses accessing the .ORG WHOIS Port 43 server.
 All traffic will be logged, and rate-limit validation logic will be
 applied to limit access by any given IP address to a maximum of four
 queries per minute. If a unique IP address exceeds the limit, the query
 will be stopped, and the error message will be displayed.

 WHOIS queries submitted through the Web-based WHOIS search mechanism are
 limited to 50 queries per minute. 

You know, for my own purposes, I might just slip some "sleep 20" lines
into your script.  Or something.  Maybe rearrange the
/usr/local/share/domains file to make the .org entries be spaced out as
widely as possible.

This is really annoying, anyway:  Six queries a minute (e.g.) is hardly
a DoS attack.






More information about the conspire mailing list