[arin-tech-discuss] matching ip addresses to owners of a domain

Karl Baum karl.baum at gmail.com
Tue Mar 13 11:04:30 EDT 2012 

Whoah.. good point!  I wouldn't have realized that.

Not sure if this is off topic, but is there a recommended approach to storing these ip ranges locally within your database.  I am using postgres on heroku and i noticed that it has first class support for ip addresses but not ip ranges unfortunately.  Was thinking of just adding a rough for each element within the range, but that's not exactly ideal.

Thanks again!


On Mar 13, 2012, at 10:31 AM, David Huberman wrote:

> Hi Karl,
> 
> You're welcome; glad we could help!  A quick helpful hint:  when using the matrix parameter search for domain names, you want to be careful of false positives.  If we ask:
> 
> https://www.arin.net/rest/pocs;domain=arin.net
> 
> ... we'll get a bunch of arin.net POCs, but we'll also get a false positive:  mandarin.net
> 
> Best,
> David
> 
> ---
> David R Huberman
> Principal Technical Analyst, ARIN
> 703-227-9866
> 
> ________________________________________
> From: Karl Baum [karl.baum at gmail.com]
> Sent: Monday, March 12, 2012 10:41 PM
> To: David Huberman
> Cc: arin-tech-discuss at arin.net
> Subject: Re: [arin-tech-discuss] matching ip addresses to owners of a domain
> 
> This is exactly what i needed.  Thanks David!
> 
> Sent from my iPad
> 
> On Mar 12, 2012, at 5:14 PM, David Huberman <dhuberma at arin.net> wrote:
> 
>> Karl,
>> 
>> If you have a domain name, you can use our API to discover IP address
>> registrations ("NETs") associated with POCs who have registered email
>> addresses in that domain name. There are probably a number of ways to get
>> from here to there, but here's one solution I came up with:
>> 
>> 1) Paragraph 4.4.2 of the document:
>> 
>> https://www.arin.net/resources/whoisrws/whois_api.html#whoisrws
>> 
>> ... describes the use of matrix parameters. What we're interested in this
>> first step is to discover a list of POCs who have email addresses in the
>> given domain name. If our domain name is washgas.com, for example, we can
>> query:
>> 
>> http://whois.arin.net/rest/pocs;domain=washgas.com
>> 
>> We get one match, an Ed Rudy from Washington Gas, and it shows us his POC
>> handle is ERU10-ARIN.
>> 
>> 2a) From there, we can search up the hierarchy and ask the API: show me
>> all organization records ("ORGs") associated with these POCs, so that I
>> can find NETs that are registered to the ORGs. Why do we ask this? Because
>> ARIN's Whois is a relational database. NETs are registered to ORGs. ORGs
>> have POCs who serve various roles (admin, tech, abuse, NOC). So to get to
>> the NET from the POCs, we have to go via the ORG.
>> 
>> Paragraph 4.4.1 of the documentation shows us how to search for
>> referential data.  Using our example, we take ERU10-ARIN and ask for all
>> ORGs it's associated with:
>> 
>> http://whois.arin.net/rest/poc/ERU10-ARIN/orgs
>> 
>> The resulting list has 4 matches, but only 1 unique match: WGL-23, the ORG
>> defining Washington Gas.
>> 
>> 
>> 2b) Now we can search for the NETs associated with each of the unique
>> matches. Using the same methodology, we search for NET data referencing
>> the ORG. Witness:
>> 
>> http://whois.arin.net/rest/org/WGL-23/nets
>> 
>> The resulting list has 1 IP address registration: NET-208-76-232-0-1
>> 
>> So we can take that and GET:
>> 
>> http://whois.arin.net/rest/net/NET-208-76-232-0-1
>> 
>> .. to programatically discover the starting and ending addresses and/or
>> the CIDR.
>> 
>> 
>> 3) Finally, to be complete in our queries, we should search for all NETs
>> directly associated with these POCs.  That way we capture any NETs that
>> the POC is a contact on, but for which the POC is not a contact on the
>> ORG. Using our example one more time:
>> 
>> http://whois.arin.net/rest/poc/ERU10-ARIN/nets
>> 
>> There aren't any matches for ERU10-ARIN, and for most POCs, this result
>> set will be empty.  But to get a complete picture, you would want to
>> perform this search anyway.
>> 
>> Hope this answer is helpful for you!
>> 
>> Regards,
>> David
>> 
>> ---
>> David R Huberman
>> Principal Technical Analyst, ARIN
>> 703-227-9866
>> 
>> 
>> 
>> On 3/12/12 3:39 PM, "Karl Baum" <karl.baum at gmail.com> wrote:
>> 
>> I am trying to use the arin api to match ip addresses of our users to
>> certain companies within our database.  For each company I only have a
>> name and domain.  Can i use Arin to associate an ip address with one of
>> the company domains stored within our database?
>> 
>> thx
>> 
>> -karl
>> _______________________________________________
>> arin-tech-discuss mailing list
>> arin-tech-discuss at arin.net
>> http://lists.arin.net/mailman/listinfo/arin-tech-discuss
>> 
>> 
>> 
>>

More information about the arin-tech-discuss mailing list