Alexis Wilke asked:
I get spam all the time (what a surprise!) and once in a while I check the IP address to see where it comes from (i.e. .cn, .cz, .pl, etc.)
Today I was surprised as I found the output of dig to be:
promtp# dig -x 22.214.171.124 126.96.36.199.in-addr.arpa. 3600 IN PTR user186.mbenzforums.net.
and then the output of whois to be:
prompt# whois mbenzforums.net No match for "MBENZFORUMS.NET".
How is that possible? Is it because the mbenzforums.net domain was attached to that IP and then did not get renewed, but still assigned to the IP?
I thought that such would very quickly disappear (within a day or so) and am not thinking that I’d catch that “just in time”…
Anyone can set the PTR record to whatever they want. It doesn’t have to be valid, or it could be valid and later become invalid.
If you really want to know about an IP address, use whois on it. (This example uses GNU jwhois, which most Linux distributions ship.)
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.