Re: [weirds] Questions about suffix matches in domain and nameserver searches

Andrew Newton <> Sat, 31 October 2015 21:29 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 0532F1AC3F5 for <>; Sat, 31 Oct 2015 14:29:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id emRMw3lhKzuS for <>; Sat, 31 Oct 2015 14:29:54 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CC67C1AC3E9 for <>; Sat, 31 Oct 2015 14:29:53 -0700 (PDT)
Received: by wijp11 with SMTP id p11so30502311wij.0 for <>; Sat, 31 Oct 2015 14:29:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ggnNOjQSF84IwBZa310VlD3kaegFysiIgXLC8nBqGTY=; b=YF8CnwByh2L9hkXxVV5g9dZorPZ9BXPXJ9Sac8hgR4IWnUl7JkSvsjQwrqbTb1r2aV 2Xc7lEgWBShGVRSAwlCR0rDBCon4LcWX9BwDetjTQzDtkie5yCNyCrjRp2+pXgfHmUYB B2+9tohCIHejlGonLHKyUFAwAV49nN5x254FrNcfAR9aENcc0newAYWTQlMhTOxtAEp2 HXU00Poyc2nREL7eLFd3DX4IwHux0efManfrs6tCZrxdob45xoYMutoTrk+xXNQOKcFQ OLaQO2wji+kXY/THvOJbyMprvEcbYKk7c1Z9t9fa5jayk9EPVQrl4g9vgA1z+PrQJFIP EQkg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ggnNOjQSF84IwBZa310VlD3kaegFysiIgXLC8nBqGTY=; b=Af0yzYu+fI3W5TC1lvsV5ZC3u10EoPhxQGQhy9dXx6MHRlIcDBqB04mPnfoK9D13Tf t1xnhqbwR3OtmwPGeznHecn9vXg8FGiHMKwNh2eyxhFScOIFBaiEWdNtH1FHdgnVK84t PkUvPvWZv39hMhmgorjCbX6vpiB9E7mLhb14lvVqWHdEbfmNYTlHEjoNjvXoxL3mXNuF zLfFfkqOUN2z0cPJd+EBEWDbiT0Cy8zDBIlT/IRIZW/iwaqLqcctQBJBC1UHdguLi4s/ oGY6V5xDhS+sosqae/nA+IHccVT6jw3WQgExiZ/XLkQQLm14wOJpwcwqyvLbxLPmf6MV VNDw==
X-Gm-Message-State: ALoCoQkqqLveT8l0u8Avum0VDczRDB994CToBqI3r7CgBdkIW/58xOHFr8A1GV6meELgLya7h5GB
MIME-Version: 1.0
X-Received: by with SMTP id eh2mr15704326wjd.59.1446326992341; Sat, 31 Oct 2015 14:29:52 -0700 (PDT)
Received: by with HTTP; Sat, 31 Oct 2015 14:29:52 -0700 (PDT)
X-Originating-IP: []
In-Reply-To: <>
References: <>
Date: Sat, 31 Oct 2015 17:29:52 -0400
Message-ID: <>
From: Andrew Newton <>
To: Brian Mountford <>
Content-Type: text/plain; charset=UTF-8
Archived-At: <>
Cc: "" <>
Subject: Re: [weirds] Questions about suffix matches in domain and nameserver searches
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "WHOIS-based Extensible Internet Registration Data Service \(WEIRDS\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 31 Oct 2015 21:29:55 -0000

On Fri, Oct 30, 2015 at 1:40 PM, Brian Mountford <> wrote:
> But then I'm not sure how one would efficiently
> implement the domain label suffixes.

I'm sure if I thought about it for awhile, I could figure something
out. But you are correct that standard SQL 'like' matching won't do
the trick. Perhaps somebody from a domain registry could provide some

> I am tempted to think
> that the authors figured that queries too complicated for a given system
> would just get rejected as per the wiggle room in the RFC.

That is the answer you have been looking for. :)

> But if that's the
> case, why is only one wildcard allowed? Why not define a generic syntax with
> asterisk as the wildcard, and let implementors decide where to draw the
> line. I'm unclear on the thought process behind the spec.

Two reasons:
1) The working group felt that for any given query there had to be
some expectation of what would be returned, and more than one asterisk
could lead to all sorts of interpretation and lack of agreement. If
you want to define an extension to do this, feel free.
2) It didn't appear to be a feature of today's Whois servers, nor was
there a compelling need to cover this case.

> In a tangentially related question, it looked to me like IP address lookups
> of nameservers and domains did not need to support a wildcard asterisk,
> because the syntax was never defined. Is that true? Or does the RDAP spec
> envision wildcard IP address lookups as well? If so, what is the syntax for
> that?

I've often wondered about the use case for wildcard IP address
queries. IP address hierarchies follow a mathematical model that does
not perfectly align with the lexical notation (unless the notation is
binary). So by themselves they are problematic.

With respect to finding name servers by an IP address, the use case of
name servers by CIDR never came up. And I'm not sure it would be
useful. Do people really assign entire /24s (or whatever) to their
name servers?