[arin-tech-discuss] matching ip addresses to owners of a domain

David Huberman dhuberma at arin.net
Tue Mar 13 10:31:27 EDT 2012


Hi Karl,

You're welcome; glad we could help!  A quick helpful hint:  when using the matrix parameter search for domain names, you want to be careful of false positives.  If we ask:

https://www.arin.net/rest/pocs;domain=arin.net

... we'll get a bunch of arin.net POCs, but we'll also get a false positive:  mandarin.net

Best,
David

---
David R Huberman
Principal Technical Analyst, ARIN
703-227-9866

________________________________________
From: Karl Baum [karl.baum at gmail.com]
Sent: Monday, March 12, 2012 10:41 PM
To: David Huberman
Cc: arin-tech-discuss at arin.net
Subject: Re: [arin-tech-discuss] matching ip addresses to owners of a domain

This is exactly what i needed.  Thanks David!

Sent from my iPad

On Mar 12, 2012, at 5:14 PM, David Huberman <dhuberma at arin.net> wrote:

> Karl,
>
> If you have a domain name, you can use our API to discover IP address
> registrations ("NETs") associated with POCs who have registered email
> addresses in that domain name. There are probably a number of ways to get
> from here to there, but here's one solution I came up with:
>
> 1) Paragraph 4.4.2 of the document:
>
> https://www.arin.net/resources/whoisrws/whois_api.html#whoisrws
>
> ... describes the use of matrix parameters. What we're interested in this
> first step is to discover a list of POCs who have email addresses in the
> given domain name. If our domain name is washgas.com, for example, we can
> query:
>
> http://whois.arin.net/rest/pocs;domain=washgas.com
>
> We get one match, an Ed Rudy from Washington Gas, and it shows us his POC
> handle is ERU10-ARIN.
>
> 2a) From there, we can search up the hierarchy and ask the API: show me
> all organization records ("ORGs") associated with these POCs, so that I
> can find NETs that are registered to the ORGs. Why do we ask this? Because
> ARIN's Whois is a relational database. NETs are registered to ORGs. ORGs
> have POCs who serve various roles (admin, tech, abuse, NOC). So to get to
> the NET from the POCs, we have to go via the ORG.
>
> Paragraph 4.4.1 of the documentation shows us how to search for
> referential data.  Using our example, we take ERU10-ARIN and ask for all
> ORGs it's associated with:
>
> http://whois.arin.net/rest/poc/ERU10-ARIN/orgs
>
> The resulting list has 4 matches, but only 1 unique match: WGL-23, the ORG
> defining Washington Gas.
>
>
> 2b) Now we can search for the NETs associated with each of the unique
> matches. Using the same methodology, we search for NET data referencing
> the ORG. Witness:
>
> http://whois.arin.net/rest/org/WGL-23/nets
>
> The resulting list has 1 IP address registration: NET-208-76-232-0-1
>
> So we can take that and GET:
>
> http://whois.arin.net/rest/net/NET-208-76-232-0-1
>
> .. to programatically discover the starting and ending addresses and/or
> the CIDR.
>
>
> 3) Finally, to be complete in our queries, we should search for all NETs
> directly associated with these POCs.  That way we capture any NETs that
> the POC is a contact on, but for which the POC is not a contact on the
> ORG. Using our example one more time:
>
> http://whois.arin.net/rest/poc/ERU10-ARIN/nets
>
> There aren't any matches for ERU10-ARIN, and for most POCs, this result
> set will be empty.  But to get a complete picture, you would want to
> perform this search anyway.
>
> Hope this answer is helpful for you!
>
> Regards,
> David
>
> ---
> David R Huberman
> Principal Technical Analyst, ARIN
> 703-227-9866
>
>
>
> On 3/12/12 3:39 PM, "Karl Baum" <karl.baum at gmail.com> wrote:
>
> I am trying to use the arin api to match ip addresses of our users to
> certain companies within our database.  For each company I only have a
> name and domain.  Can i use Arin to associate an ip address with one of
> the company domains stored within our database?
>
> thx
>
> -karl
> _______________________________________________
> arin-tech-discuss mailing list
> arin-tech-discuss at arin.net
> http://lists.arin.net/mailman/listinfo/arin-tech-discuss
>
>
>
>
>


More information about the arin-tech-discuss mailing list