Re: Self-referential whois queries

[Rubens Kuhl <rubensk () gmail com>]

> > I'm noticing an increase in getting "query rate exceeded" at whois
> > services that might be connected to a symptom described by ARIN at
> > NANOG 48/ARIN XXV and ARIN XXVI where machines ask for the whois
> > record of their own IP address.
> >
> > Are there any clues of what is causing this ?
>
> Some spam bots do these automated self-referential queries, but if you
> are seeing those rate exceeded messages when you perform queries from
> your client, you may simply be probably bumping up against a limit for
> the source host or network in question.

The ceil seems to be at the joint whois chain, where a RIR can ask
another RIR or NIR about an IP.

RIRs/NIRs answering such queries with "It's you!" or "Self-referential
queries not allowed" would be too harsh or a reasonable approach ?


Rubens