whois.afrinic.net down or in maint mode (refuses all connections)
FYI: whois.afrinic.net is down or is in maintenance mode as it refuses all connections # geoiplookup 196.25.223.93 GeoIP Country Edition: ZA, South Africa GeoIP City Edition, Rev 1: ZA, 11, Bellville, N/A, -33.900200, 18.628500, 0, 0 GeoIP City Edition, Rev 0: ZA, 11, Bellville, N/A, -33.900200, 18.628500 GeoIP ASNum Edition: AS5713 SAIX-NET # whois -h whois.afrinic.net 196.25.223.93 connect: Connection refused # telnet whois.afrinic.net 43 Trying 196.216.2.130... telnet: Unable to connect to remote host: Connection refused
U.Mutlu wrote:
FYI: whois.afrinic.net is down or is in maintenance mode as it refuses all connections
Thanks for letting us know! Out of curiosity - did you check with them whether it was planned or is it just an outage? -W
Wilfried Woeber wrote, On 10/21/2012 12:58 PM:
U.Mutlu wrote:
FYI: whois.afrinic.net is down or is in maintenance mode as it refuses all connections
Thanks for letting us know!
Out of curiosity - did you check with them whether it was planned or is it just an outage?
Unfortunately I haven't contacted them - I should have done it. In their mailing list archives on the web the last announcement for a planned maintenance was back in Feb 2012 (s.b.), so the recent outage could be a network problem (DoS attack etc). BTW, ARIN is best prepared for whois server attacks as they operate multiple whois servers under the same hostname (whois.arin.net), all the other RIR's seem to operate each just one whois server. I would suggest RIPE to add at least a second whois server. # nslookup whois.arin.net Name: whois.arin.net Address: 199.71.0.48 Address: 199.71.0.46 Address: 199.212.0.48 Address: 199.212.0.46 Address: 199.212.0.47 Address: 199.71.0.47 # nslookup whois.ripe.net Name: whois.ripe.net Address: 193.0.6.135 # nslookup whois.apnic.net Name: whois.apnic.net Address: 202.12.29.220 # nslookup whois.lacnic.net whois.lacnic.net canonical name = lacnic.net. Name: lacnic.net Address: 200.3.14.10 # nslookup whois.afrinic.net Name: whois.afrinic.net Address: 196.216.2.130 ######################## https://lists.afrinic.net/pipermail/announce/2012/000823.html " Dear Colleagues, Starting Friday 17 Feb at 1400UTC, we shall be doing maintenance works on the whois and MyAfriNIC services to take care of some key upgrades. This may continue through the entire weekend, during which time, there could be intermittent lack of access to these services - which should be fully restored by Sunday 19 Feb 2000 UTC. Should you notice any issues, or if you have any concerns or comments, please feel free to contact helpdesk at afrinic.net " ########################
On Oct 21, 2012, at 3:31 PM, U.Mutlu <security@mutluit.com> wrote:
all the other RIR's seem to operate each just one whois server. I would suggest RIPE to add at least a second whois server.
Hello, At RIPE NCC, we run multiple instances of whois query servers and they are all behind a (redundant) load balancer. The one IP Address you are referring to is the address of the active load balancer. Kind Regards, Kaveh. --- Kaveh Ranjbar, RIPE NCC Database Group Manager
It's hard to guess the # of servers just by looking at the number of different IP addresses in the DNS. Carlos Sent from a mobile device On Oct 21, 2012, at 11:31 AM, "U.Mutlu" <security@mutluit.com> wrote:
Wilfried Woeber wrote, On 10/21/2012 12:58 PM:
U.Mutlu wrote:
FYI: whois.afrinic.net is down or is in maintenance mode as it refuses all connections
Thanks for letting us know!
Out of curiosity - did you check with them whether it was planned or is it just an outage?
Unfortunately I haven't contacted them - I should have done it. In their mailing list archives on the web the last announcement for a planned maintenance was back in Feb 2012 (s.b.), so the recent outage could be a network problem (DoS attack etc).
BTW, ARIN is best prepared for whois server attacks as they operate multiple whois servers under the same hostname (whois.arin.net), all the other RIR's seem to operate each just one whois server. I would suggest RIPE to add at least a second whois server.
# nslookup whois.arin.net Name: whois.arin.net Address: 199.71.0.48 Address: 199.71.0.46 Address: 199.212.0.48 Address: 199.212.0.46 Address: 199.212.0.47 Address: 199.71.0.47
# nslookup whois.ripe.net Name: whois.ripe.net Address: 193.0.6.135
# nslookup whois.apnic.net Name: whois.apnic.net Address: 202.12.29.220
# nslookup whois.lacnic.net whois.lacnic.net canonical name = lacnic.net. Name: lacnic.net Address: 200.3.14.10
# nslookup whois.afrinic.net Name: whois.afrinic.net Address: 196.216.2.130
######################## https://lists.afrinic.net/pipermail/announce/2012/000823.html " Dear Colleagues,
Starting Friday 17 Feb at 1400UTC, we shall be doing maintenance works on the whois and MyAfriNIC services to take care of some key upgrades.
This may continue through the entire weekend, during which time, there could be intermittent lack of access to these services - which should be fully restored by Sunday 19 Feb 2000 UTC.
Should you notice any issues, or if you have any concerns or comments, please feel free to contact helpdesk at afrinic.net " ########################
participants (4)
-
Carlos Martinez -
Kaveh Ranjbar -
U.Mutlu -
Wilfried Woeber