2

I'm writing a short script to query domain names from their respective whois servers - while in most cases, while the TCP connection via port 43 seems to be working for most whois servers, the queries to whois.markmonitor.com seems to be failing with an odd error that says Invalid query.

Here's the barebones of what I'm using:

#!/usr/bin/perl

#whois.pl

use strict;
use IO::Socket;

my $domain_name = "google.com";
my $query_socket = new IO::Socket::INET(
        PeerAddr => 'whois.iana.org',
        PeerPort => 43,
        Proto => 'tcp');
print $query_socket "$domain_name ";
print $query_socket "\n\r";
while(my $this_line = <$query_socket>) {
        print $this_line;
}
close($query_socket);

As seen above, the whois server used is whois.iana.org; this also works as expected with whois.internic.net as well. Only in the case of whois.markmonitor.com, the following error is seen:

$ perl whois.pl 
Invalid query

Could someone help shed more light on how can I perhaps get a more verbose output to check if there are any errors in the query that is being made to the server?

As an added test, a normal connection via telnet seems to be working as expected as seen below:

$ telnet whois.markmonitor.com 43
Trying 64.124.14.21...
Connected to whois.markmonitor.com.
Escape character is '^]'.
google.com
Domain Name: google.com
Registry Domain ID: 2138514_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2015-06-12T10:38:52-0700
Creation Date: 1997-09-15T00:00:00-0700
......<output truncated>......

which leads me to believe that the actual connections to the server via port 43 are being accepted on the server's side.

rahuL
  • 3,330
  • 11
  • 54
  • 79

2 Answers2

1

As artistoex notes - it's because there's a space in your domain name. Change your print line to:

print {$query_socket} "$domain_name\n";

(Note - the curly braces are for style reasons and can be omitted - I prefer them to make clear this is a file handle)

Community
  • 1
  • 1
Sobrique
  • 52,974
  • 7
  • 60
  • 101
0

Per RFC3912 the client is expected to communicate like that in whois protocol: "All requests are terminated with ASCII CR and then ASCII LF"

So in your code, instead of "\n\r" please use "\r\n". And remove the extra space like written in other replies.

Note however that whoisis not a well defined structured protocol: do not expect all whois servers to work in the same way nor to adhere to some kind of standards. You will find a lot of strange cases...

Patrick Mevzek
  • 10,995
  • 16
  • 38
  • 54