October 13, 2005
By Karen Kenworthy
IN THIS ISSUE
Did you miss me?
The last time we talked, it was early August. That means we've been apart for two months! That's way too long.
They were a hectic two months. One of my brilliant and talented nephews, Daniel, married the equally brilliant and talented love of his life, a beautiful young lady named Jennifer. My "baby" brother, Kevin, found time to visit, as he passed through town on his way to an important law conference.
Here at the secluded Power Tools workshop, I spent time helping my private detective buddy, serving as a consultant on one case, and doing a bit of research for another. I also built a new computer for a dear friend, and performed minor upgrades on the workshop's computer hardware.
Putting aside my electric screwdriver, and picking up my bit fiddler, I made progress on a couple of new programs that should debut soon. And I found time to update a two of the more popular Power Tools, Karen's WhoIs and Karen's Replicator!
It sure was an exciting few weeks. But it sure is good to see you again.
Long-time readers will remember my WhoIs program. It discovers who owns those domain names found in web site and e-mail addresses. And it tracks down the owners of most IP addresses -- those odd-looking unique numbers assigned to every computer connected to the Internet.
For example, ask the program about "microsoft.com", and you'll find the domain name belongs to Microsoft Corporation, One Microsoft Way, Redmond Washington, 98052. They have owned the name since the 2nd of May, 1991, and have already paid for its use through May 3rd, 2014. If you have questions about the domain, you can contact the responsible person by sending e-mail to firstname.lastname@example.org. Or, if you prefer, call them at +1 425-882-8080.
Next, ask my WhoIs program about the IP address 184.108.40.206. Among other things, you'll find it's part of a large block of IP addresses (220.127.116.11 through 18.104.22.168) controlled by Microsoft Corporation. You'll learn they obtained this block on the 31st of March, 1997. To contact Microsoft about the use of these addresses, send e-mail to email@example.com (to report suspected misuse) or firstname.lastname@example.org (for other correspondence).
Domain Name Data
Gathering domain name information is a bit tricky. Their details are spread around the world, residing in more than 100 different databases running on more than 100 different computers. A program like Karen's WhoIs needs to know how to talk to each of these databases and computers. And, just as importantly, it needs to know which database should be asked which question.
In most cases, there's one database for each "top-level domain" (or TLD -- the right-most portion of a computer's full name). Want to learn who owns the domain name KarenWare.com (or any other domain name that ends with ".com")? Consult a database stored on a computer named rs.internic.net. If you're interested in whitehouse.gov (or any domain name that ends with ".gov"), ask the database stored on the computer named whois.nic.gov instead.
Those examples are pretty straightforward. But all TLDs aren't so simple.
For example, there are three databases that hold information about domain names that end with ".uk". One, at the computer whois.ja.net, only knows about domain names used by UK colleges and most UK government agencies (those that end with .ac.uk, .gov.uk, .mod.uk or police.uk).
Data about domain names belonging to the UK National Health Service is stored on a database running on a computer named whois.ripe.net. All other .uk domain names, including those that end with .school.uk, .com.uk, and .org.uk, are tracked by a computer named whois.nic.uk.
Even if all the information about a group of domains is stored on a single computer, there can be complications. Consider Polish domain names (those that end with .pl). Data about every one of those names is stored in a single database, running on a computer named whois.nask.pl.
Unfortunately, before you can ask this database a question, you must determine whether the domain name belongs to one of Poland's standard "second-level domains" (or SLDs). And there are more than 170 of those, representing different types of organizations, industries, regions, and even cities!
These aren't the only quirks and oddities you'll encounter when hunting domain name information. There are dozens of other examples I could mention. I guess it just shows human ingenuity knows no bounds.
Still, you'd think after devising such a complex system, the controllers of the Internet would be satisfied with their labors. Unfortunately, they never rest on their laurels.
As you've probably guessed, the locations of domain name databases change from time to time. And new databases come, while older ones disappear. All these changes mean Karen's WhoIs must change too.
Some recent additions to my WhoIs program include support for the new domains that end with .aero, .biz, .coop, and .info. Domains names that end with .museum, .name, and .int (International Treaty Organizations) are now supported too
I've also added support for domain names that end with eu.com. But I must say, I'm not completely happy with this decision.
You see, the domain name "eu.com" is just an ordinary domain name owned by a private company called Central Nic Ltd. The owner of .eu.com has decided to sell "third-level" domain names (those that end with .eu.com) to others.
Fortunately, the owner of .eu.com has created a public database containing information about their customers -- the owners of domain names that end with .eu.com. And the newest version of my WhoIs program now knows how, and when, to consult this database.
So why am I concerned? As far as I know, there's nothing improper with this arrangement. But the selling of domain names by private parties complicates the already-complex domain name system. And, in the future, not all sellers may be so cooperative, providing access to their records.
IP Address Info
Information about IP addresses is much more concentrated than the widely- dispersed domain name data. Currently, IP address owner records are maintained by only five organizations, distributed among five databases, and stored on just five computers located around the world:
An organization called AfriNIC (African Network Information Centre) assigns IP addresses to computers in Africa. They store details of these assignments in a database running on a computer named whois.afrinic.net.
The Asia Pacific Network Information Centre (APNIC) allocates IP addresses to computers in the Asia/Pacific region. Their data is kept in a computer named whois.apnic.net.
At one time, the American Registry for Internet Numbers (ARIN) assigned IP addresses to computers throughout North America, Latin America, and even parts of Africa. Today, it's mostly limited to North America. You can find the details in a computer named whois.arin.net.
Computers located in Latin America and the Caribbean obtain their IP addresses from LACNIC (Latin-American and Caribbean Network Information Center). These assignments are stored in a computer named whois.lacnic.net.
Finally, there's RIPE (Réseaux IP Européens). This organization distributes IP addresses throughout Europe, the Middle East, and Central Asia. Their records are stored in a computer named whois.ripe.net.
Dealing with only five computers and databases is a welcome relief, after dealing with more than 100 for domain names. But there's one catch. How do you know which database holds the information for a particular IP address?
After all, there's nothing in a number, such as 22.214.171.124, that reveals whether its computer lives in North America, Africa, Europe, Asia, the Caribbean, or elsewhere. And if you don't know where the computer resides, you don't know which database to ask for the IP address's information.
Fortunately, there is a solution. Each of the five organizations (the Regional Internet Registries, or RIRs) publishes a file listing all the IP addresses they've assigned. With a little work, anyone can download all five files, combine and compact them, and produce a single master file that shows the origin of every IP address in use on the Internet.
And that's what I've done. The most recent master file contains a total of 25,184 entries, each representing a different block of allocated IP addresses. It's stored in the same folder where the WhoIs program is installed, in a file named RirInfo2.txt.
My WhoIs program doesn't use the RirInfo2.txt file directly. Instead, the first time it runs, WhoIs copies that file to a more compact form, storing the denser data in a file named RirInfo2.dat. That file, loaded into our computer's memory each time the program starts, is consulted whenever WhoIs is asked questions about an IP address.
Whew! It's time for me to go. And we didn't even get to talk about changes to the Replicator program! Guess we'll have to get together again soon.
In the meantime, if you'd like to download copies of the latest WhoIs or Replicator programs, drop by their home pages at:
As always, the program is free for personal/home use. If you're a programmer, you can download its complete Visual Basic source code too!
You can also get the latest version of every Power Tool, including the new WhoIs and Replicator, on a shiny CD. These include three bonus Power Tools, not available anywhere else. The source code of every Power Tool, every issue of my newsletter, and some articles I wrote for Windows Magazine, are also on the CD. And owning the CD grants you a license to use all my Power Tools at work.
Best of all, buying a CD is the easiest way to support the KarenWare.com web site, Karen's Power Tools, and this newsletter. To find out more, visit:
Keep a light burning in the window. I promise I'll be back soon! Until then, if you see me on the 'net, be sure to wave and say "Hi!"