[dns-operations] Denying Whois DB by GeoIP

Doug Barton dougb at dougbarton.email
Sat Jun 10 01:51:26 UTC 2017 

Daniel,

So kind of you to reply to the list on this. However I think there may 
be a larger problem. I wrote to y'all recently and received a similar 
answer to yours below. However I tried from 4 different networks, 
including the enterprise network for a major corporation, and got the 
same result, on the first query, every time.

Makes me wonder if there might be a flaw in your algorithm somewhere.

You might also consider the decades of research that has gone into 
demonstrating that spammers don't bother harvesting e-mail address from 
whois data. They have so many more cheap and easy sources that it's 
simply not worth it to them. Absent that as a motivation, one wonders 
what the benefit of rate-limiting whois data is in the first place.

Doug


On 06/08/2017 05:20 PM, Daniel Griggs wrote:
> Hi Kaio,
> 
> First off, we aren't specifically blocking Brazil. So sorry that you're 
> seeing that.
> 
> What we do, have is rate limiting to prevent abuse, or at least to 
> discourage abuse. We have two different levels of enforcement to try and 
> prevent contact detail harvesting from individuals and botnets. The 
> first is a per IP address rate limit, the second is per country rate 
> limiting (using geo-ip lookups). Its just unfortunate that recently our 
> whois service has been hit pretty hard with queries originating from Brazil.
> 
> There is a process which you can follow to get an exemption, so feel 
> free to contact me offlist to organise that.
> 
> --
> Daniel Griggs
> daniel at nzrs.net.nz <mailto:daniel at nzrs.net.nz>
> 
> 
> 
> 
> 
>> On 9/06/2017, at 9:18 AM, Kaio Rafael <kaiorafael at dcc.ufam.edu.br 
>> <mailto:kaiorafael at dcc.ufam.edu.br>> wrote:
>>
>> Hello,
>>
>> I have been investigating Fast-Flux service for a while, and sometimes 
>> I need to retrieve WHOIS data from different TLDs.
>>
>> Today, I was looking for .CO.NZ <http://co.nz/> data, however every 
>> query I sent, I got permission denied. I am not sure if this block is 
>> based on my IP current geolocation (Brazil), but when I ask from 
>> different locations such as US and UK, I can have this data.
>>
>> I tried different sources in Brazil, São Paulo and Rio de Janeiro, for 
>> instance.
>>
>> Is there any RFC or other documentation that says that a TLD (whois in 
>> this case) can deny requests based on IP Geolocation?

More information about the dns-operations mailing list