ITEM: G9912L

whois is failing with 'unknown host'


Customer is running 3.2.4 and can no longer get whois or name
resolution to work correctly.  The master server for DNS was recently
decommisioned and the service moved to the secondary server.  whois is
uncommented in the /etc/services file.  Why is whois ( and also name
serving in general ) not working?

InfoExplorer documents that the whois command "searches a user name
directory and displays information about the user ID or nickname
specified in the Name parameter.  The whois command tries to reach ARPANET
host where it examines a user-name database to 
obtain information.  The whois command should be used only by users
on  ARPANET.  Refer to RFC 812 for more complete information  and
recent changes to the whois command".

RFC 812 has been updated by RFC 954. RFC 954 describes the NICNAME/WHOIS
protocol as follows:

 " The NICNAME/WHOIS Server is a TCP transaction based query/response
   server, running on the SRI-NIC machine ( or, that
   provides netwide directory service to internet users.  It is one of a
   series of internet name services maintained by the DDN Network
   Information Center (NIC) at SRI International on behalf of the
   Defense Communications Agency (DCA).  The server is accessible across
   the Internet from user programs running on local hosts, and it
   delivers the full name, U.S. mailing address, telephone number, and 
   network mailbox for DDN users who are registered in the NIC database.

   This server, together with the corresponding WHOIS Database can also
   deliver online look-up of individuals or their online mailboxes,
   network organizations, DDN nodes and associated hosts, and TAC
   telephone numbers.  The service is designed to be user-friendly and
   the information is delivered in human-readable format.  DCA strongly
   encourages network hosts to provide their users with access to this
   network service.

Steps Involved in Verifying WHOIS service on AIX:
1. Verify that both the domain and the reverse domain are properly
   registered with the Internet. You can try to resolve this using: 
   whois -h IP-address
   The result should state that the listed name servers are for reverse 
   address lookup. 
2. Review the /etc/named.boot file for discrepancies, ie ip-addresses
   and domain names are correct, no periods in the domain names
3. Review the /usr/namedb/ file for discrepancies, ie domain names,
   fully qualified nameserver hostnames, ip-addresses. A current copy of
   the for the Internet may be obtained via anonymous ftp from 
   "", named root-servers.txt in the "netinfo" subdirectory.
4. Cause a cache dump via: kill -2 `cat /etc/`. This creates a file
5. Search the /var/tmp/named_dump.db file for the "$origin ." part; this will 
   tell you where the system is looking for its 'root' servers.  For example,

$Origin .
.       518363  IN      NS      NS.INTERNIC.NET.
        518363  IN      NS      AOS.ARL.ARMY.MIL.
        518363  IN      NS      KAVA.NISC.SRI.COM.
        518363  IN      NS      C.NYSER.NET.
        518363  IN      NS      TERP.UMD.EDU.
        518363  IN      NS      NS.NASA.GOV.
        518363  IN      NS      NIC.NORDU.NET.
        518363  IN      NS      NS.NIC.DDN.MIL. 

6.  If this fails, re-read the /etc/named.boot file for any instance of 
    the nameserver host entries that do not look correct, especially
    if this is a sub-domain name server within the company. 
7.  Comment out the above entries in the /etc/named.boot file and stop
    the named process via stopsrc -s named.
8.  Re-start the named process via startsrc -s named and immediately cause 
    a cache dump: kill -2 `cat /etc/`.  This will create another 
    dump file in /var/tmp/named_dump.db (you may wish to save the previous 
    one in /var/tmp/named_dump.db.old).

Support Line: whois is failing with 'unknown host' ITEM: G9912L
Dated: March 1994 Category: N/A
This HTML file was generated 99/06/24~13:30:49
Comments or suggestions? Contact us