[arin-tech-discuss] matching ip addresses to owners of a domain

David Huberman dhuberma at arin.net
Tue Mar 13 16:23:02 EDT 2012 

Hi Karl,

Two things:

1) It turns out you can eliminate the false positives issue: just add the
@ sign to the matrix parameter search:

https://www.arin.net/rest/pocs;domain=@arin.net


2) One of the most common ways to represent an IP address range in a
database is to have two columns: one for the start address, and one for
the end address. Finding an address in the range is then simply a matter
of formulating a query looking for an address greater than the start
addresses and smaller than the end addresses. Care should be taken if the
data types for the columns are strings, as the addresses need to be
zero-padded for proper comparison to work. While this is simple to
engineer, in most databases it does not scale well.

Good luck with your project, and if you have any other REST-related
questions, feel free to ask the list!

Regards,
David

---
David R Huberman
Principal Technical Analyst, ARIN
703-227-9866







On 3/13/12 11:04 AM, "Karl Baum" <karl.baum at gmail.com> wrote:

Whoah.. good point!  I wouldn't have realized that.

Not sure if this is off topic, but is there a recommended approach to
storing these ip ranges locally within your database.  I am using postgres
on heroku and i noticed that it has first class support for ip addresses
but not ip ranges unfortunately.  Was thinking of just adding a rough for
each element within the range, but that's not exactly ideal.

Thanks again!


On Mar 13, 2012, at 10:31 AM, David Huberman wrote:

> Hi Karl,
> 
> You're welcome; glad we could help!  A quick helpful hint:  when using
>the matrix parameter search for domain names, you want to be careful of
>false positives.  If we ask:
> 
> https://www.arin.net/rest/pocs;domain=arin.net
> 
> ... we'll get a bunch of arin.net POCs, but we'll also get a false
>positive:  mandarin.net
> 
> Best,
> David
> 
> ---
> David R Huberman
> Principal Technical Analyst, ARIN
> 703-227-9866
> 
> ________________________________________
> From: Karl Baum [karl.baum at gmail.com]
> Sent: Monday, March 12, 2012 10:41 PM
> To: David Huberman
> Cc: arin-tech-discuss at arin.net
> Subject: Re: [arin-tech-discuss] matching ip addresses to owners of a
>domain
> 
> This is exactly what i needed.  Thanks David!
> 
> Sent from my iPad
> 
> On Mar 12, 2012, at 5:14 PM, David Huberman <dhuberma at arin.net> wrote:
> 
>> Karl,
>> 
>> If you have a domain name, you can use our API to discover IP address
>> registrations ("NETs") associated with POCs who have registered email
>> addresses in that domain name. There are probably a number of ways to
>>get
>> from here to there, but here's one solution I came up with:
>> 
>> 1) Paragraph 4.4.2 of the document:
>> 
>> https://www.arin.net/resources/whoisrws/whois_api.html#whoisrws
>> 
>> ... describes the use of matrix parameters. What we're interested in
>>this
>> first step is to discover a list of POCs who have email addresses in the
>> given domain name. If our domain name is washgas.com, for example, we
>>can
>> query:
>> 
>> http://whois.arin.net/rest/pocs;domain=washgas.com
>> 
>> We get one match, an Ed Rudy from Washington Gas, and it shows us his
>>POC
>> handle is ERU10-ARIN.
>> 
>> 2a) From there, we can search up the hierarchy and ask the API: show me
>> all organization records ("ORGs") associated with these POCs, so that I
>> can find NETs that are registered to the ORGs. Why do we ask this?
>>Because
>> ARIN's Whois is a relational database. NETs are registered to ORGs. ORGs
>> have POCs who serve various roles (admin, tech, abuse, NOC). So to get
>>to
>> the NET from the POCs, we have to go via the ORG.
>> 
>> Paragraph 4.4.1 of the documentation shows us how to search for
>> referential data.  Using our example, we take ERU10-ARIN and ask for all
>> ORGs it's associated with:
>> 
>> http://whois.arin.net/rest/poc/ERU10-ARIN/orgs
>> 
>> The resulting list has 4 matches, but only 1 unique match: WGL-23, the
>>ORG
>> defining Washington Gas.
>> 
>> 
>> 2b) Now we can search for the NETs associated with each of the unique
>> matches. Using the same methodology, we search for NET data referencing
>> the ORG. Witness:
>> 
>> http://whois.arin.net/rest/org/WGL-23/nets
>> 
>> The resulting list has 1 IP address registration: NET-208-76-232-0-1
>> 
>> So we can take that and GET:
>> 
>> http://whois.arin.net/rest/net/NET-208-76-232-0-1
>> 
>> .. to programatically discover the starting and ending addresses and/or
>> the CIDR.
>> 
>> 
>> 3) Finally, to be complete in our queries, we should search for all NETs
>> directly associated with these POCs.  That way we capture any NETs that
>> the POC is a contact on, but for which the POC is not a contact on the
>> ORG. Using our example one more time:
>> 
>> http://whois.arin.net/rest/poc/ERU10-ARIN/nets
>> 
>> There aren't any matches for ERU10-ARIN, and for most POCs, this result
>> set will be empty.  But to get a complete picture, you would want to
>> perform this search anyway.
>> 
>> Hope this answer is helpful for you!
>> 
>> Regards,
>> David
>> 
>> ---
>> David R Huberman
>> Principal Technical Analyst, ARIN
>> 703-227-9866
>> 
>> 
>> 
>> On 3/12/12 3:39 PM, "Karl Baum" <karl.baum at gmail.com> wrote:
>> 
>> I am trying to use the arin api to match ip addresses of our users to
>> certain companies within our database.  For each company I only have a
>> name and domain.  Can i use Arin to associate an ip address with one of
>> the company domains stored within our database?
>> 
>> thx
>> 
>> -karl
>> _______________________________________________
>> arin-tech-discuss mailing list
>> arin-tech-discuss at arin.net
>> http://lists.arin.net/mailman/listinfo/arin-tech-discuss
>> 
>> 
>> 
>>

More information about the arin-tech-discuss mailing list