why no domain name returned in Whois query

by JonnyG » Thu Sep 03, 2015 4:10 pm

Hi Guys,

Really nice tool but unless i'm missing something when you query the api for whois data it doesn't actually return the domain it searched for in the whois records.

Lets say i search for test.example.com the returned record is actually for example.com zone not test.example.com it would be handy if this information came back as structured data a present it is buried in the raw data.

J
JonnyG
 
Posts: 3
Joined: Thu Sep 03, 2015 4:04 pm

by Goran Duskic » Fri Sep 04, 2015 8:50 am

Hi Jonny

Not sure how the owner or the whois can be different on test.example.com and testing.example.com? It's still the same domain name "example.com".
Goran Duskic
 
Posts: 16
Joined: Fri Jun 12, 2015 2:42 pm
Location: Planet Earth

by JonnyG » Fri Sep 04, 2015 11:31 am

Hi Goran,

Let me explain my use case a little I'm looking for a way to do some integration with a security system in particular i'm trying to use DNS queries to then track if users are trying to connect to newly created domains say in the last 30 days as these are typically a good sign of compromise as malware may well be using a Domain Generation Algorithm.

Given the above i'm able what i'm trying todo is take the raw DNS query for say eu-west-1.dc.ads.linkedin.com and use a whois service like yours to tell me when the domain was registered it was created. If the api returned the domain linkedin.com as one of it's fields there is much less work for me todo trying to strip back from the DNS record. Given that i can use the api to return the whois record for linkedin.com your system is already doing the heavy lifting for me just not showing it.

hope that makes sense
JonnyG
 
Posts: 3
Joined: Thu Sep 03, 2015 4:04 pm

by Goran Duskic » Sun Sep 06, 2015 8:51 am

Hi Jonny

Domain Generation Algorithm does clarify the problem you are facing.

If I understood correctly (with help of this presentation on the entire process), you are trying to stop any traffic that goes to fraud websites on a DNS level?

And now after reading your comment again, I finally understand. You just need a domain that is being requested inside the API response request?
Goran Duskic
 
Posts: 16
Joined: Fri Jun 12, 2015 2:42 pm
Location: Planet Earth

by JonnyG » Mon Sep 07, 2015 3:23 pm

Hi Goran

That about sums it up yes i need to know the domain whois is returning if i search for an FQDN.
JonnyG
 
Posts: 3
Joined: Thu Sep 03, 2015 4:04 pm


Return to Whois API

cron