Can anyone explain why whois on a Debian server gets a rejection as if
through a proxy server?

Does the Debian command "whois" not connect directly to the various
databases?


$whois 191.96.36.56
% IP Client: 64.25x.xx.xx
 % This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://docs.db.ripe.net/terms-conditions.html

%ERROR:201: access denied for 190.112.52.13
%
% Sorry, access from your host has been permanently
% denied because of a repeated excessive querying.
% For more information, see
% https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-denied

% This query was served by the RIPE Database Query Service version 1.114 (SHETLAND)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tuesday, 26 November 2024 17:52:51 -03 [email protected] wrote:

Can anyone explain why whois on a Debian server gets a rejection as if through a proxy server?

Does the Debian command "whois" not connect directly to the various databases?

$whois 191.96.36.56
% IP Client: 64.25x.xx.xx
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://docs.db.ripe.net/terms-conditions.html

%ERROR:201: access denied for 190.112.52.13

%
% Sorry, access from your host has been permanently
% denied because of a repeated excessive querying.
% For more information, see
%
https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-d
enied

% This query was served by the RIPE Database Query Service version
1.114 (SHETLAND)

Same here with OpenBSD 7.6

not a Debian problem

apu2c4$ whois 191.96.36.56


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2024, American Registry for Internet Numbers, Ltd.
#




#
# Query terms are ambiguous. The query is assumed to be:
# "n 191.96.36.56"
#
# Use "?" to get help.
#


NetRange: 191.0.0.0 - 191.255.255.255
CIDR: 191.0.0.0/8
NetName: NET191
NetHandle: NET-191-0-0-0-0
Parent: ()
NetType: Allocated to LACNIC
OriginAS:
Organization: Latin American and Caribbean IP address Regional
Registry (LACNIC)
RegDate: 1993-05-01
Updated: 2010-07-21
Ref: https://rdap.arin.net/registry/ip/191.0.0.0


ResourceLink: http://lacnic.net/cgi-bin/lacnic/whois
ResourceLink: whois.lacnic.net




OrgName: Latin American and Caribbean IP address Regional
Registry
OrgId: LACNIC
Address: Rambla Republica de Mexico 6125
City: Montevideo
StateProv:
PostalCode: 11400
Country: UY
RegDate: 2002-07-27
Updated: 2018-03-15
Ref: https://rdap.arin.net/registry/entity/LACNIC


ReferralServer: whois://whois.lacnic.net
ResourceLink: http://lacnic.net/cgi-bin/lacnic/whois


OrgAbuseHandle: LWI100-ARIN
OrgAbuseName: LACNIC Whois Info
OrgAbusePhone: +598-2604-2222
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/LWI100-ARIN


OrgTechHandle: LACNIC-ARIN
OrgTechName: LACNIC Whois Info
OrgTechPhone: +598-2604-2222
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/LACNIC-ARIN




#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2024, American Registry for Internet Numbers, Ltd.
#


% IP Client: 181.nnn.nnn.nnn
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://docs.db.ripe.net/terms-conditions.html


%ERROR:201: access denied for 168.121.184.16

%
% Sorry, access from your host has been permanently
% denied because of a repeated excessive querying.
% For more information, see
% https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-denied


% This query was served by the RIPE Database Query Service version 1.114
(BUSA)

--
Eike Lantzsch KY4PZ / ZP5CGE

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Curiosity got the better of me, so I installed "whois" and gave it
a try.


Below are the responses I get, for "$whois 191.96.36.56"  and I tried
a whois on the ip in "%ERROR:201: access denied for 190.112.52.14"


I wonder what this information might mean to anyone? How would this
information be useful?


My guess is that Timothy's whois request was sent to lacnic.net
(Internet Directorate Registry for Latin America and the Caribbean)
which rejected the request with "%ERROR:201: access denied for 190.112.52.14".  Is my explanation plausible?  I could not determine
which Registry served my whois request.


George.




https://www.lacnic.net/
LACNIC
The Internet Directorate Registry for Latin America and the Caribbean
is a non-profit organization that seeks to ensure the stability of the
Internet in our region and promote its expansion as a tool for social,
cultural and productive development on the basis of a neutral, open, transparent and participatory management system.





==================================================



$ whois 191.96.36.56
% IP Client: 2001:44b8:1120:2400:efb6:3ccd:6ddb:4be8
 % This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://docs.db.ripe.net/terms-conditions.html

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B"
flag.

% Information related to '191.96.0.0 - 191.96.127.255'

% Abuse contact for '191.96.0.0 - 191.96.127.255' is '[email protected]'

inetnum:        191.96.0.0 - 191.96.127.255
netname:        IPXO
country:        US
org:            ORG-IL687-RIPE
admin-c:        NOC834
tech-c:         NOC834
abuse-c:        IPXO834
status:         SUB-ALLOCATED PA
mnt-by:         IPXO-MNT
mnt-by:         netutils-mnt
created:        2022-07-07T06:48:39Z
last-modified:  2024-11-26T12:25:09Z
source:         RIPE

organisation:   ORG-IL687-RIPE
org-name:       Internet Utilities Europe and Asia Limited org-type:       LIR
address:        Regent street 207
address:        W1B 3HH
address:        London
address:        UNITED KINGDOM
country:        GB
phone:          +370 699 08833
admin-c:        NOC834
tech-c:         NOC834
abuse-c:        IPXO834
mnt-ref:        IPXO-MNT
mnt-by:         RIPE-NCC-HM-MNT
mnt-by:         IPXO-MNT
created:        2021-04-28T09:11:24Z
last-modified:  2024-07-23T13:36:03Z
source:         RIPE # Filtered

role:           IPXO Admin/Tech Contact
address:        Ground Floor, 4 Victoria Square, St Albans, Hertfordshire, AL1 3TF, UK
nic-hdl:        NOC834
mnt-by:         IPXO-MNT
created:        2021-07-27T09:53:47Z
last-modified:  2021-07-29T08:24:01Z
source:         RIPE # Filtered

% Information related to '191.96.36.0/24AS174'

route:          191.96.36.0/24
origin:         AS174
mnt-by:         IPXO-MNT
mnt-by:         netutils-mnt
created:        2022-11-14T08:48:03Z
last-modified:  2024-11-26T13:00:16Z
source:         RIPE

% This query was served by the RIPE Database Query Service version
1.114 (ABERDEEN)




==========================================================


$ whois 190.112.52.14
% IP Client: 2001:44b8:1120:2400:efb6:3ccd:6ddb:4be8
 
% Joint Whois - whois.lacnic.net
%  This server accepts single ASN, IPv4 or IPv6 queries

% LACNIC resource: whois.lacnic.net


% Copyright LACNIC lacnic.net
%  The data below is provided for information purposes
%  and to assist persons in obtaining information about or
%  related to AS and IP numbers registrations
%  By submitting a whois query, you agree to use this data
%  only for lawful purposes.
%  2024-11-27 04:12:26 (-03 -03:00)

inetnum:     190.112.52.0/22
status:      assigned
aut-num:     AS7777
aut-num:     AS264845
owner:       LACNIC - Latin American and Caribbean IP address ownerid:     UY-LACN-LACNIC
responsible: Ernesto Majó
address:     Rambla República de México, 6125, Esq. 6 de Abril address:     11400 - Montevideo - Montevideo
country:     UY
phone:       +598  26042222 [4401]
owner-c:     AIL
tech-c:      AIL
abuse-c:     AIL
inetrev:     190.112.52.0/22
nserver:     NS.LACNIC.NET.UY
nsstat:      20241124 AA
nslastaa:    20241124
nserver:     NS2.LACNIC.NET.UY
nsstat:      20241124 AA
nslastaa:    20241124
created:     20131024
changed:     20131024

nic-hdl:     AIL
person:      Carlos M Martínez
e-mail:      [email protected]
address:     Rambla Rep. Mexico, 6125, Casa de Internet
address:     11400 - Montevideo - Montevideo
country:     UY
phone:       +598  26042222 [4401]
created:     20080125
changed:     20240208

% whois.lacnic.net accepts only direct match queries.
% Types of queries are: POCs, ownerid, CIDR blocks, IP
% and AS numbers.










On Wednesday, 27-11-2024 at 17:51 Timothy M Butterworth wrote:





On Tue, Nov 26, 2024 at 4:02 PM [email protected] wrote:



Can anyone explain why whois on a Debian server gets a rejection as if

through a proxy server?

Does the Debian command "whois" not connect directly to the various
databases?


$whois 191.96.36.56
% IP Client: 64.25x.xx.xx
  % This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://docs.db.ripe.net/terms-conditions.html

%ERROR:201: access denied for 190.112.52.13
%
% Sorry, access from your host has been permanently
% denied because of a repeated excessive querying.
% For more information, see
%
https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-denied

% This query was served by the RIPE Database Query Service version
1.114
(SHETLAND)




I get a similar but slightly different error message.


tmb@hp-debian:~$ whois 191.96.36.56
% IP Client: 2607:fb90:db98:991c:6b9d:c93f:73d:7514
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://docs.db.ripe.net/terms-conditions.html

%ERROR:201: access denied for 190.112.52.14
%
% Queries from your IP address have passed the daily limit of
controlled objects.
% Access from your host has been temporarily denied.
% For more information, see
%
https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-denied


% This query was served by the RIPE Database Query Service version
1.114 (ABERDEEN)

 Show my ip address says my public IPv4 address is 172.59.137.156. I
do not know where 190.112.52.14 is coming from.





--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

<html>
<head>
<style type="text/css">
body,p,td,div,span{
font-size:13px; font-family:Arial, Helvetica, sans-serif;
};
body p{
margin:0px;
}
</style>
</head>
<body><div>Curiosity got the better of me, so I installed "whois" and gave it a try.</div><div><br></div><div>Below are the responses I get, for "$whois 191.96.36.56"&nbsp; and I tried a whois on the ip in "<span style="font-family:monospace">%ERROR:201:
access denied for 190.112.52.14</span>"</div><div><br></div><div>I wonder what this information might mean to anyone? How would this information be useful?</div><div><br></div><div>My guess is that Timothy's whois request was sent to lacnic.net (Internet
Directorate Registry for Latin America and the Caribbean) which rejected the request with "<span style="font-family:monospace">%ERROR:201: access denied for 190.112.52.14</span>".&n

It isn't Debian. It's that netblock. Try 191.97.36.54.

Also try
whois -r 191.96.36.54

--
John Hasler
[email protected]
Elmwood, WI USA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is a multi-part message in MIME format.
On 2024/11/27 01:57 AM, Timothy M Butterworth wrote:

On Wed, Nov 27, 2024 at 1:51 AM Timothy M Butterworth <[email protected]
<mailto:[email protected]>> wrote:

On Tue, Nov 26, 2024 at 4:02 PM [email protected]
<mailto:[email protected]> <[email protected] <mailto:[email protected]>>
wrote:

Can anyone explain why whois on a Debian server gets a
rejection as if
through a proxy server?
Does the Debian command "whois" not connect directly to the
various
databases:

$whois 191.96.36.56
% IP Client: 64.25x.xx.xx
  % This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://docs.db.ripe.net/terms-conditions.html

%ERROR:201: access denied for 190.112.52.13
%
% Sorry, access from your host has been permanently
% denied because of a repeated excessive querying.
% For more information, see
%
https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-denied

% This query was served by the RIPE Database Query Service
version 1.114
(SHETLAND)

I get a similar but slightly different error message.

tmb@hp-debian:~$ whois 191.96.36.56
% IP Client: 2607:fb90:db98:991c:6b9d:c93f:73d:7514
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://docs.db.ripe.net/terms-conditions.html

%ERROR:201: access denied for 190.112.52.14
%
% Queries from your IP address have passed the daily limit of
controlled objects.
% Access from your host has been temporarily denied.
% For more information, see
%
https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-denied

% This query was served by the RIPE Database Query Service version
1.114 (ABERDEEN)

 Show my ip address says my public IPv4 address is 172.59.137.156.
I do not know where 190.112.52.14 is coming from.

This lookup tool works. https://lookup.icann.org/en/lookup

The point is that the Debian default WHOIS does not work.    ...and
appears to be directed through a PROXY that is being blocked by RIPE.

Why is a Debian command default setup blocked by RIPE?


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
On 2024/11/27 01:57 AM, Timothy M Butterworth wrote:<br>
<blockquote type="cite" cite="mid:CAO6YxPy6wiiZDJKNEHQyKuk2ZE_V_dh_JJNekPE2quY=[email protected]">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div dir="ltr">On Wed, Nov 27, 2024 at 1:51 AM Timothy M
Butterworth &lt;<a href="mailto:[email protected]"
moz-do-not-send="true">[email protected]</a>&gt;
wrote:<br>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">On Tue, Nov 26, 2024 at 4:02 PM <a
href="mailto:[email protected]" target="_blank"
moz-do-not-send="true">[email protected]</a> &lt;<a
href="mailto:[email protected]" target="_blank"
moz-do-not-send="true">[email protected]</a>&gt; wrote:<br>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Can anyone explain
why whois on a Debian server gets a rejection as if <br>
through a proxy server?<br>
Does the Debian command "whois" not connect directly
to the various <br>
databases:<br>
<br>
$whois 191.96.36.56<br>
% IP Client: 64.25x.xx.xx<br>
  % This is the RIPE Database query service.<br>
% The objects are in RPSL format.<br>
%<br>
% The RIPE Database is subject to Terms and
Conditions.<br>
% See <a
href="https://docs.db.ripe.net/terms-conditions.html"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://docs.db.ripe.net/terms-conditions.html</a><br>
<br>
%ERROR:201: access denied for 190.112.52.13<br>
%<br>
% Sorry, access from your host has been permanently<br>
% denied because of a repeated excessive querying.<br>
% For more information, see<br>
% <a href="https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-denied"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-denied</a><br>
<br>
% This query was served by the RIPE Database Query
Service version 1.114 <br>
(SHETLAND)<br>
</blockquote>
<div><br>
</div>
<div>I get a similar but slightly different error
message.</div>
<div><br>
</div>
<span style="font-family:monospace"><span
style="font-weight:bold;color:rgb(84,255,84)">tmb@hp-debian</span><span
style="color:rgb(0,0,0)">:</span><span
style="font-weight:bold;color:rgb(84,84,255)">~</span><span
style="color:rgb(0,0,0)">$ whois 191.96.36.56
</span><br>
% IP Client: 2607:fb90:db98:991c:6b9d:c93f:73d:7514
<br>
% This is the RIPE Database query service.
<br>
% The objects are in RPSL format.
<br>
%
<br>
% The RIPE Database is subject to Terms and
Conditions.
<br>
% See <a
href="https://docs.db.ripe.net/terms-conditions.html"
target="_blank" moz-do-not-send="true">https://docs.db.ripe.net/terms-conditions.html</a>
<br>
<br>
%ERROR:201: access denied for 190.112.52.14
<br>
%
<br>
% Queries from your IP address have passed the daily
limit of controlled objects.
<br>
% Access from your host has been temporarily denied.
<br>
% For more information, see
<br>
% <a href="https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-denied"
target="_blank" moz-do-not-send="true">https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-denied</a>
<br>
<br>
% This query was served by the RIPE Database Query
Service version 1.114 (ABERDEEN)<br>
<br>
</span>
<div> Show my ip address says my public IPv4 address
is 172.59.137.156. I do not know where <span
style="font-family:monospace">190.112.52.14 is
coming from.</span></div>
</div>
<div><br clear="all">
</div>
</div>
</blockquote>
<div>This lookup tool works. <a
href="https://lookup.icann.org/en/lookup"
moz-do-not-send="true">https://lookup.icann.org/en/lookup</a></div>
<div><br>
</div>
</div>
</div>
</blockquote>
The point is that the Debian default WHOIS does not work.    ...and
appears to be directed through a PROXY that is being blocked by
RIPE.<br>
<br>
Why is a Debian command default setup blocked by RIPE?<br>
<br>
</body>
</html>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On Mon, Dec 02, 2024 at 10:50:26AM -0600, John Hasler wrote:

It isn't Debian. It's that netblock. Try 191.97.36.54.

I suspect that works because you are asking a LACNIC whois server for an
IP in its own database, so it's not having to contact RIPE's whois,
where the rejection seems to be coming from.

whois -r 191.96.36.54

That works for me on Debian 11, I assume because by disabling recursive
lookups the LACNIC server is not doing as many queries to RIPE.

I don't need -r on Debian 12 whois for that query.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On Mon, Dec 02, 2024 at 11:34:52AM -0500, [email protected] wrote:

On 2024/11/27 01:57 AM, Timothy M Butterworth wrote:

I get a similar but slightly different error message.

tmb@hp-debian:~$ whois 191.96.36.56
% IP Client: 2607:fb90:db98:991c:6b9d:c93f:73d:7514
% This is the RIPE Database query service.

[…]

%ERROR:201: access denied for 190.112.52.14
%
% Queries from your IP address have passed the daily limit of
controlled objects.
% Access from your host has been temporarily denied.
% For more information, see
%
https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-denied

% This query was served by the RIPE Database Query Service version
1.114 (ABERDEEN)

 Show my ip address says my public IPv4 address is 172.59.137.156.
I do not know where 190.112.52.14 is coming from.

(Worth noting that Tim's query came from
2607:fb90:db98:991c:6b9d:c93f:73d:7514 so not even the same address
family as 190.112.52.14. I get the same result and my queries are over
IPv6 to RIPE as well.)

Why is a Debian command default setup blocked by RIPE?

I imagine the proxy is at the RIPE end, i.e. it's a reverse proxy.

Perhaps someone should report this to RIPE.

Interestingly so far I can only replicate it with "whois" in Debian 11,
not Debian 12.

When I do:

$ whois 191.96.36.56

on Debian 11, it consistently contacts 2001:13c7:7020:210::16 (whois-pdo.lacnic.net) which I assume internally contacts RIPE.

When I do same on Debian 12 it consistently contacts
2001:13c7:7002:4128::150 (whois-gru-s2.whois.lacnic.net).

On Debian 11 I can make it work by forcing it to try whois-gru-s2.whois.lacnic.net first:

$ whois -h whois-gru-s2.whois.lacnic.net 191.96.36.56

I don't know if this outdated config of Debian's "whois", or some misconfiguration at RIPE/lacnic. Obviously whois does have a config file
which it uses to choose whois servers to try, and those servers can
become out of date or break.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024/12/02 12:02 PM, Andy Smith wrote:

Hi,

On Mon, Dec 02, 2024 at 11:34:52AM -0500, [email protected] wrote:

On 2024/11/27 01:57 AM, Timothy M Butterworth wrote:

I get a similar but slightly different error message.

tmb@hp-debian:~$ whois 191.96.36.56
% IP Client: 2607:fb90:db98:991c:6b9d:c93f:73d:7514
% This is the RIPE Database query service.

[…]

%ERROR:201: access denied for 190.112.52.14
%
% Queries from your IP address have passed the daily limit of
controlled objects.
% Access from your host has been temporarily denied.
% For more information, see
%
https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-denied


% This query was served by the RIPE Database Query Service version
1.114 (ABERDEEN)

 Show my ip address says my public IPv4 address is 172.59.137.156. >>> I do not know where 190.112.52.14 is coming from.

(Worth noting that Tim's query came from 2607:fb90:db98:991c:6b9d:c93f:73d:7514 so not even the same address
family as 190.112.52.14. I get the same result and my queries are over
IPv6 to RIPE as well.)

Why is a Debian command default setup blocked by RIPE?

I imagine the proxy is at the RIPE end, i.e. it's a reverse proxy.

Perhaps someone should report this to RIPE.

Interestingly so far I can only replicate it with "whois" in Debian 11,
not Debian 12.

When I do:

$ whois 191.96.36.56

on Debian 11, it consistently contacts 2001:13c7:7020:210::16 (whois-pdo.lacnic.net) which I assume internally contacts RIPE.

When I do same on Debian 12 it consistently contacts
2001:13c7:7002:4128::150 (whois-gru-s2.whois.lacnic.net).

On Debian 11 I can make it work by forcing it to try whois-gru-s2.whois.lacnic.net first:

$ whois -h whois-gru-s2.whois.lacnic.net 191.96.36.56

I don't know if this outdated config of Debian's "whois", or some misconfiguration at RIPE/lacnic. Obviously whois does have a config file which it uses to choose whois servers to try, and those servers can
become out of date or break.

Thanks,
Andy

Hmm.   Interesting point.  No idea how to troubleshoot that one.
Would that not be subject of a Debian update?

So with that unresolved,
here's a new one of the same problem:

$ whois 191.96.36.52
% IP Client: 64.253.x.x
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://docs.db.ripe.net/terms-conditions.html

%ERROR:201: access denied for 168.121.184.15
%
% Sorry, access from your host has been permanently
% denied because of a repeated excessive querying.
% For more information, see
% https://docs.db.ripe.net/FAQ/#why-did-i-receive-an-error-201-access-denied

% This query was served by the RIPE Database Query Service version 1.114 (SHETLAND)

I have nothing to do with 168.121.184.15.

Short of packet capture and analysis, Is there such a thing as a
traceroute following a command like whois?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

[email protected] writes:

here's a new one of the same problem:

$ whois 191.96.36.52

It's anything in 191.96.

190.112.52.14 seems to belong to LACNIC. Seems unlikely but it looks
like RIPE is blocking them. I don't know why the query goes first to
LACNIC and then to RIPE.

I don't think it's a Debian problem. Have you tested using a different
OS?
--
John Hasler
[email protected]
Elmwood, WI USA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On Mon, Dec 02, 2024 at 12:38:23PM -0500, [email protected] wrote:

No idea how to troubleshoot that one.

What specifically do you want to troubleshoot?

My question would be:

whois in Debian 11 seems to consistently receive the blocked query
error showing a LACNIC IP while whois in Debian 12 doesn't, yet both
of them do contact LACNIC servers initially. So is this difference
due to different behaviour in Debian's whois, pure chance or
something else?

I'm not very motivated to do it personally but if you are you might want
to ask something like that to the Debian whois package maintainers (in a
bug report).

Some have said it's not a Debian issue, and that might be the case
since all error messages show RIPE blocking LACNIC, but I can't make it
happen with Debian 12.

It could also be worth asking RIPE about the block. They might just say
that it's due to client behaviour though.

For example, it was pointed out that using -r avoids the problem. It
could be that -r became a default with a later version. Reasons like
that are why I might ask Debian first (in a bug report).

here's a new one of the same problem:

Is there any value in reporting more of these here? You're replying to a message where I point out that:

- (some versions of) Debian's whois contact a LACNIC server that proxies
queries to RIPE servers which then block the LACNIC server, returning
an error message

you then post another example of this error message. What more have we
learned?

%ERROR:201: access denied for 168.121.184.15

I have nothing to do with 168.121.184.15.

Like I said, these things will be reverse proxies inside the
infrastructure of LACNIC or RIPE.

inetnum: 168.121.184.0/22
owner: LACNIC - Latin American and Caribbean IP address

It's pretty clear to me that (some versions of) whois contact a LACNIC
server which then contacts RIPE and is blocked.

Short of packet capture and analysis, Is there such a thing as a traceroute following a command like whois?

You don't need one since the RIPE server helpfully told you which IP
address it is blocking.

I guess there could be multiple other steps within, but apparently none
of those steps are giving us a problem.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)