Getting WHOIS information on Windows

WHOIS is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. Usually WHOIS queries are performed with a command line client and such a client is almost always a part of an OS’s TCP/IP implementation. Not so with Windows. Neither Windows 7, Vista or XP includes a WHOIS utility. Recently I had some trouble with WHOIS information from one of my domains and that set me searching for utilities to perform this task on the Windows platform. These are what I found:

  • Mark Russinovich has created a WHOIS utility, you can find it on the Sysinternals TechNet Site: http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx
    Mark’s implementation uses the whois-servers.net service to find the correct WHOIS server to use. whois-servers.net does not have records for all TLDs and such cannot find WHOIS info for all queries.
  • GNU-whois for Win32 is available on SourceForge (http://sourceforge.net/projects/whoiswin/)
    This utility uses a TLD list by default, contained in the file tld_serv_list. whois for Win32 is quite flexible and can query for WHOIS info using specific servers, by using the –h parameter.
  • Win32Whois is a graphical client available here: http://www.gena01.com/win32whois/
    It offers basic features as well as some GUI specific ones.

The WHOIS service uses TCP port 43. Some TLDs publish a server referral (SRV record) for the WHOIS protocol in their zone, which identifies their WHOIS server. This SRV record is of the format _nicname._tcp.<tld>. To find the WHOIS server for the TLD .no, use NSLOOKUP:

nslookup -type=srv _nicname._tcp.no
Server:  server1.domain.com
Address:  1.2.3.4

Non-authoritative answer:
_nicname._tcp.no        SRV service location:
priority       = 0
weight         = 0
port           = 43
svr hostname   = whois.norid.no

whois.norid.no  internet address = 128.39.8.42

So the server whois.norid.no with address 128.39.8.42 provides WHOIS info for the .no TLD.

Some thoughts on Active Directory OU structure design

Over the years I have been involved in quite a few Active Directory deployments and restructures. On these projects much time is always spent, or should be spent, on designing the OU structure.
The main thing about OU structure desing is to keep thing simple. Some organizations like to take the organizational chars and copy that in AD. Chances are that that structure will not be very useful for the people whose job it is to manage the network. They need an OU structure that reflects groupings of users, computers, groups and servers which have the same management and configuration needs.
There are many approaches to the design process. Eg. geographical where your OUs reflect the geographical locations of your company or users and computers. Functional; which organizes users by the function they have in the company, for example Sales users etc. A much used variant is one where some or all of the regular approaches are combined, for example geographical and functional.
Now, let’s consider an example. You have been charged with designing the OU structure for a large school or university. You decide that you want to use the functional approach and decided to create two main OUs to hold all your user accounts. The OUs will be called Students and Teachers. Upon first inspection this would seem to work well. You would be able to manage all your student users easily, same for teachers. But what if you have a user who works at the school as a teacher but would also like to attend courses or classes? (I assume here that we want to honour the principle of one user, one account.) That user should be treated as a student at one point, but as a teacher the next. Clearly our OU structure is not cut out for this. You could try to classify the user further and determine that he or she is mostly a teacher or mostly a student, but you probably do a lot of stuff based on which OU the user resides in, so you will eventually run into trouble. Not all your users will fit neatly into your two categories.
The problem here is that OUs are exclusive. You can only be located in one at any give time. So our desing here does not fit users that have dual identities. We have to come up with something that caters to this need. Back to the drawing board.
On our next try we start out with just one OU called Users. (Yes, I know there is already an object in Active Directory called Users, but that object is a container and we are creating an OU so that is not a problem.) In this OU we put all users regardless of their role or function. We now create groups to identify the needed roles. One group for students and one for teachers for example. We add all students to the Students group, all teachers to the Teachers group and users who are both to both groups. We now use Group Policy filtering to apply our GPOs to the correct group. A GPO that configures settings for students is filtered on the Students group, likewise for teachers. The GPO links that give the most access or have the least restrictive settings, should have a higher priority than more restrictive GPOs. That way if a user is a member of two or more groups with different access levels he or she will get the least restrictive settings.
Contrary to OUs, groups are inclusive, you can be a member of more than one. This lets your users assume several identities and get access to information and settings available to both.
I realize this approach is contrary to many accepted “truths” about Active Directory design, such that your should try to never filter your GPOs, but with the tools like GPMC it is very easy to see where your GPOs are linked and how they are filtered.

Not something you generally want to see…

PingGeneralfaulure_thumb_0C11E1CC

“General failure”, that’s helpful. My on-board Atheros L1 Gigabit NIC sucks. There is really no other way to put it. Every Atheros chip, be it wireless or cable, I have had the misfortune to come across has been worthless. You should think that Ethernet and Wi-Fi should be pretty well understood concepts by now. Not so for the driver developers of Atheros. In this case the driver has “lost” (for wont of a better word) the NICs MAC address. So ipconfig.exe displays the hardware address 00-00-00-00-00-00. Needless to say, using that address on the Ethernet is not going to work. The first time this happened I had to open up the computer case and read the MAC address from the motherboard. After that I could use the driver properties to enter it manually. After that connections was restored.

atheros_thumb_0C11E1CC

However, Atheros still had some surprises! Whenever I chanced an upgrade of the driver, I would loose network connectivity again! Even if the MAC address was correctly entered into the device properties. To fix this I had to remove it, close the device properties dialogue, open it again and re-enter it. User-friendly, don’t you think?

So stay away from anything using one of Atheros chips.