Port 80 and 443 Blocked By ISP - How to authenticate domain?


#1

Port 80 and 443 are blocked for my webhost (Amazon AWS Beijing) and it is not possible to have them unblocked.

How can I get letsencrypt to authenticate on a different port. Note that the only ports that are blocked are 80, 8080 and 443. All other ports are available.

Note: I do not have access to change DNS settings.

EDIT / UPDATE:
It is easier for hackers to get control over ports other than 443 or 80 so it is a necessary requirement that the authentication can only be done on these ports.

The Solution: Delegate the applications subdomain’s DNS and use LetsEncrypts domain validation option.


Domain validation on 80 and 443 but no override?
#2

Since those ports are blocked, how will you be able to expose HTTPS support to clients? In other words, what do you want the certificate for?


#3

Amazon AWS has blocked ports 80 and 443 on Beijing? This sounds pretty weird, probably what is happening is that AWS is blocked on China or maybe the China servers are not accessible from the outside. Then how do you think you will be able to serve a website?

Anyways, you can use an unofficial client to use the DNS-01 challenge. I recommend you letsencrypt.sh


#4

Without the ability to change DNS settings it would not be possible to use the DNS-01 challenge


#5

I would like to run SSL on a non-standard port. e.g. port 9000


#6

It’s just the way it works in China. To be able to unblock port 80 / 443 / 8080 you have to apply for an ICP license which is a very difficult and long process. Until you have received an ICP license which is bound to your server’s IP address port 80 / 443 / 8080 remain blocked.

I do not have access to the DNS configuration as the application is hosted on a subdomain.


#7

Then that’s the problem, you can’t proof authorship of something that you don’t really own, subdomains that web services like AWS or Google Cloud give to you are not really yours, they are just used to serve your website. To really own a domain you need to either purchase one or use a free domain service like Freenom.

And if you want to use that domain for your website you need to be able to register a custom domain on the hosting, and configure the DNS appropriately, either by using CNAME records or configuring the domain provider DNSs to point to the web hosting DNSs (That’s called DNS delegation).

For AWS here is the documentation to set up a custom domain on Amazon.

PD: I forgot something important, there is another requirement to set up SSL on your site, you need to be able to upload your certificate to the server and configure it. Luckily it seems AWS let you do it. http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html#create-certificate-acm


#8

Then that’s the problem, you can’t proof authorship of something that you don’t really own, subdomains that web services like AWS or Google Cloud give to you are not really yours, they are just used to serve your website. To really own a domain you need to either purchase one or use a free domain service like Freenom.

We don’t really need/want custom domains. I’ll try and explain the situation.

The customer owns website.com.
The customer has pointed application.website.com at our servers ip-address which is bound to an EC2 instance at Amazon AWS.

The customer’s IT department controls the DNS, they only have manual control. i.e. Through a series of emails we should be able to set a DNS records once.

And if you want to use that domain for your website you need to be able to register a custom domain on the hosting, and configure the DNS appropriately, either by using CNAME records or configuring the domain provider DNSs to point to the web hosting DNSs (That’s called DNS delegation).

We don’t really need a custom domain as the domain we would like to use is a subdomain of the clients main website. We are trying to just ensure that the subdomain is encrypted.

Any port (as far as I understand) can have an SSL certificate configured on it and by default it is 443. We would just like to specify the authentication option on a port other than 443.

I’ve now found quite a number of other posts requesting for the same thing. It’s very common in China to host services on ports other than 80/443 due to the complexities of receiving an ICP license


#9

Unfortunately, solving a challenge on a port other than 80 and 443 is not enough to demonstrate proof of ownership for a domain name. Depending on an organization’s security procedures, it can be fairly easy to get firewall rules in place that allow users to listen on a port other than 80 and 443 (or any other reserved port) and then solve a challenge and get a certificate for a domain they don’t actually own.

That’s where dns-01 comes in, but since that’s not an option in your specific case, I’m afraid there’s no way for you to request a certificate from Let’s Encrypt at this time.


#10

but for way too many CAs it seems so, and it makes me sick. in my opinion the only way to properly check domain control should be via email to the whois address.


#11

There are CAs that offer HTTP verification on non-standard ports? Can you give some examples?


#12

damn. i overread the “other than” part.

but even 80/443 should be easy enough to manipulate depending on the structure of their firewalls.

but I dont like host-based validation at all.


#13

Both verification mechanisms share a similar class of potential vulnerabilities. Email-based validation is vulnerable if your mail server is owned, HTTP-based validation if your web server or web app is owned, DNS-based validation if your DNS server is owned. I see no big differences.


#14

well but HTTP servers are in my opinion a bit more “open” inside the structure than DNS or mail servers.


#15

For resolve this kind of troubles, It would be handy to see a new challenge that read some SRV records.
For instance:

_acme-verify._tcp.example.com            IN SRV 0 0 49152 acme.example.com

would allow to issue certs for example.com by listening on acme.example.com:49152

This have been prososed in https://github.com/letsencrypt/boulder/issues/1309#issuecomment-194494886


#16

I agree with other people that in this situation you can’t use Let’s Encrypt domain validation at all, because none of Let’s Encrypt’s notions of verifying domain control apply to you.

If you could temporarily host the site outside of China, you could get a cert using validation to a different host and then use that same cert on your server in China (but presumably temporarily hosting the site outside of China would entail being able to make DNS changes or get someone to make them, and you would have to be able to make the change again every 90 days in order to renew the cert).


#17

Thankyou for the detailed replies and information.

I’m going to try and get the subdomain delegated to our control via Amazon Route53 and then hopefully i can configure the LetsEncrypt by the DNS authentication method.


#18

I am a registrar. Please explain how Let’s Encrypt would validate my ownership of the domain JohnCook.UK using WHOIS details.

If you own a domain you almost certainly have control over the ports 80 and 443, and you’d almost certainly notice if someone has hijacked either port if you host a Website on that domain’s A record. Likewise for a DNS TXT record for a domain if you run a mail server and occasionally double-check your SPF records.

WHOIS details do not prove ownership of a domain. If anything adding WHOIS as an option would make things less secure as any registrar or WHOIS privacy service could suddenly prove ownership of a domain without making any modification to their customer’s nameserver records.


#19

well for a website an internal attacker could do it without leaving much, especially since you dont need it for long,.
esecially since the standard http-01 is used with plaintext HTTP an MITM could just edit the 404 reply the webserver should usually give to whatever he wants, and tls-sni-01 could also be MMITM’ed because it doesnt need a valid cert.
also for a DNS unless there is a log an attacker can also solve that without leavinf much traces because, you know DNS records can be deleted.

okay I just checked that domain but I am pretty sure that the registrant has to put in an email address (at least I had to do that with my 2 domains)

but basically what I mean using the whois to validate domain ownership goes the following.

well if the whois has an email address set in the whois (which is used to contact the registrant as directly as possible)
and I have an address in there that is completely disconnected from said domains, aka my GMail (well sure it does get spam occasionally but they have a great spam filter) and unless they hack my GMail they cant get a cert based on my email account and well I WILL get the email.

also why do you say that whois does NOT prove ownership of a domain then what ELSE does it prove?


#20

The email or whois can also be MITM. Encryption on smtp is best effort and whois is plaintext.
And anyway, it classic to not have any owner email address in the whois. I don’t known from where you came with email in whois. Some examples from different registries:

 $ whois genua.fr 
%%
%% This is the AFNIC Whois server.
%%
%% complete date format : DD/MM/YYYY
%% short date format    : DD/MM
%% version              : FRNIC-2.5
%%
%% Rights restricted by copyright.
%% See http://www.afnic.fr/afnic/web/mentions-legales-whois_en
%%
%% Use '-h' option to obtain more information about this service.
%%
%% [82.227.130.15 REQUEST] >> -V Md5.2 genua.fr
%%
%% RL Net [##########] - RL IP [#########.]
%%

domain:      genua.fr
status:      ACTIVE
hold:        NO
holder-c:    ANO00-FRNIC
admin-c:     ANO00-FRNIC
tech-c:      OVH5-FRNIC
zone-c:      NFC1-FRNIC
nsl-id:      NSL131528-FRNIC
dsl-id:      SIGN538487-FRNIC
registrar:   OVH
Expiry Date: 29/06/2016
created:     29/06/2009
last-update: 10/11/2015
source:      FRNIC

ns-list:     NSL131528-FRNIC
nserver:     ns1.genua.fr [188.165.207.160]
nserver:     ns2.genua.fr [5.51.42.50]
nserver:     ns.kimsufi.com
source:      FRNIC

ds-list:     SIGN538487-FRNIC
key1-tag:    6079
key1-algo:   8 [RSASHA256]
key1-dgst-t: 2 [SHA-256]
key1-dgst:   0438F3D623D110A2AF2BDA49067098386B0469EE6C4C85036BBE4CA59E7088B7
source:      FRNIC

registrar:   OVH
type:        Isp Option 1
address:     2 Rue Kellermann
address:     ROUBAIX
country:     FR
phone:       +33 8 99 70 17 61
fax-no:      +33 3 20 20 09 58
e-mail:      support@ovh.net
website:     http://www.ovh.com
anonymous:   NO
registered:  21/10/1999
source:      FRNIC

nic-hdl:     ANO00-FRNIC
type:        PERSON
contact:     Ano Nymous
remarks:     -------------- WARNING --------------
remarks:     While the registrar knows him/her,
remarks:     this person chose to restrict access
remarks:     to his/her personal data. So PLEASE,
remarks:     don't send emails to Ano Nymous. This
remarks:     address is bogus and there is no hope
remarks:     of a reply.
remarks:     -------------- WARNING --------------
registrar:   OVH
changed:     29/06/2009 anonymous@anonymous
anonymous:   YES
obsoleted:   NO
eligstatus:  ok
source:      FRNIC

nic-hdl:     OVH5-FRNIC
type:        ROLE
contact:     OVH NET
address:     OVH
address:     140, quai du Sartel
address:     59100 Roubaix
country:     FR
phone:       +33 8 99 70 17 61
e-mail:      tech@ovh.net
trouble:     Information: http://www.ovh.fr
trouble:     Questions:  mailto:tech@ovh.net
trouble:     Spam: mailto:abuse@ovh.net
admin-c:     OK217-FRNIC
tech-c:      OK217-FRNIC
notify:      tech@ovh.net
registrar:   OVH
changed:     11/10/2006 tech@ovh.net
anonymous:   NO
obsoleted:   NO
source:      FRNIC

.

$ whois shli.tk
   
   Domain name:
      SHLI.TK

   Organisation:
      BV Dot TK
      Dot TK administrator
      P.O. Box 11774
      1001 GT  Amsterdam
      Netherlands
      Phone: +31 20 5315725
      Fax: +31 20 5315721
      E-mail: abuse: abuse@freenom.com, copyright infringement: copyright@freenom.com

   Domain Nameservers:
      NS1.GENUA.FR
      NS2.GENUA.FR


   Your selected domain name is a Free Domain. That means that,
   according to the terms and conditions of Free Domain domain names
   the registrant is BV Dot TK

   Due to restrictions in Dot TK 's Privacy Statement personal information
   about the user of the domain name cannot be released.

   ABUSE OF A DOMAIN NAME
   If you want to report abuse of this domain name, please send a
   detailed email with your complaint to abuse@freenom.com.
   In most cases Dot TK responds to abuse complaints within one business day.

   COPYRIGHT INFRINGEMENT
   If you want to report a case of copyright infringement, please send
   an email to copyright@freenom.com, and include the full name and address of
   your organization. Within 5 business days copyright infringement notices
   will be investigated.

   Record maintained by: Dot TK Domain Registry

.

$ whois crans.eu
% The WHOIS service offered by EURid and the access to the records
% in the EURid WHOIS database are provided for information purposes
% only. It allows persons to check whether a specific domain name
% is still available or not and to obtain information related to
% the registration records of existing domain names.
%
% EURid cannot, under any circumstances, be held liable in case the
% stored information would prove to be wrong, incomplete or not
% accurate in any sense.
%
% By submitting a query you agree not to use the information made
% available to:
%
% - allow, enable or otherwise support the transmission of unsolicited,
%   commercial advertising or other solicitations whether via email or
%   otherwise;
% - target advertising in any possible way;
%
% - to cause nuisance in any possible way to the registrants by sending
%   (whether by automated, electronic processes capable of enabling
%   high volumes or other possible means) messages to them.
%
% Without prejudice to the above, it is explicitly forbidden to extract,
% copy and/or use or re-utilise in any form and by any means
% (electronically or not) the whole or a quantitatively or qualitatively
% substantial part of the contents of the WHOIS database without prior
% and explicit permission by EURid, nor in any attempt hereof, to apply
% automated, electronic processes to EURid (or its systems).
%
% You agree that any reproduction and/or transmission of data for
% commercial purposes will always be considered as the extraction of a
% substantial part of the content of the WHOIS database.
%
% By submitting the query you agree to abide by this policy and accept
% that EURid can take measures to limit the use of its WHOIS services
% in order to protect the privacy of its registrants or the integrity
% of the database.
%
% The EURid WHOIS service on port 43 (textual whois) never
% discloses any information concerning the registrant.
% Registrant and onsite contact information can be obtained through use of the
% webbased whois service available from the EURid website www.eurid.eu
%
% WHOIS crans.eu
Domain: crans.eu

Registrant:
        NOT DISCLOSED!
        Visit www.eurid.eu for webbased whois.

Onsite(s):
        NOT DISCLOSED!
        Visit www.eurid.eu for webbased whois.

Technical:
        Name: Klaba Octave
        Organisation: OVH
        Language: fr
        Phone: +33.899701761
        Fax: +33.320200958
        Email: support@ovh.com

Registrar:
        Name: OVH SAS
        Website: www.ovh.com/

Name servers:
        soyouz.crans.org
        freebox.crans.org
        sable.crans.org

Keys:
        flags:KSK protocol:3 algorithm:RSA_SHA256 pubKey:AwEAAebtOzZZpSDgb7nPqX3t0uLBUr3hTXTfu/YK0yVB+OJDoCuSX6erg5HWH6jy0T5fJka+7JPh4KsPbkJjhyKsNYYvtUQyJ1t8waNq7apzjH5bTTefg3kit3/aoe1esgBu4agvpC5ZSh9RSkcXH85SHaO9YpQBvzlsI3R8D6TdlxfG/F26c8cj6uueJyRk9KU3KYRvYCbWs5ha/QOrcMJShHez225O5dJFQ1sG8011i7oYiaH/i4bqS0vQdBhJEnMJw9Q6nr7ozoGotNuVySdGitrNk8cfo46J7y3qfy+UPcYmly38JZP9lfnXZnqWaBEpdhMD9op1qRtMc4PAvV4FtUyhmuTBqzYTZAXypXowN6BNn5KpDuo9GAk+hRDkr46P5sdF6wtaCs6CPdG/SUY6XKqvgvIgEGxkL93/fps8t531YAOFyqUvRg3P0pi9J6Q7XvUGdCfFi9X6BjOVipXNa3BPHCWZrQomwDuuy5s0SlJw6B7VRRZCNaWuomiGxWCxUNgLFCfpWtu+YZo686cR4ZdgJ9LVncpy/eNat89TuUqZp+W3iWcxAzD5eBaOlOcLP952X3ziKOkPeAYviHua2hlDKFkMV/MRbMvpGG4fUXL/sQTI84V8VSEMVZczx2SoXSWw4iBTqz8kp2x25qq+4Wk/Cp4Iy0GFLZTxnTZjMESR
        flags:KSK protocol:3 algorithm:RSA_SHA256 pubKey:AwEAAdkckarSFEznxLc+KC/7brc6Z8zys4AwXj5UJJ/ZOncKX12GcTTUIYrQEGDpfwBAJ2S2PyWpNHOL/IYAUySlA2p1F4zfvR/LaBy/+D1xQjv1A1mWsW8Rq+5VaYM4xaxNu4HzHou3PdzqmhavUkEV15/3t/tcoV25Eu8w0FdepLdQ926qiN+H4unIwp6ZVF6g0UqVzeKOwDzv3fKbZ9dJwS384lizz+rE/Y0Qx2jBNy70/IHCXg6QehYnKLRBBan9ZvnC7JwtgHERi+a3fJbx4a7u+ASnioMrU36E1RAUVBpYi+BpTqne0AS4Sz8B6v3VmwQwka1gp6RBG4jD9B/TMCEja+tu9LNtCqGRQl4GFxxB6aHXp82VbvZGskJ2mud4WOjy48A+8Uycoq0804jv6g62x8CDR42Hoz3x2rwu0NwShkTnyZUSBkyB682AXVTuurfvrnCiwKAC8toM8j8geDbOEdBtOJQpU+1DFyadYFXRgvRcBThYKYKYxjFpNX3GnqP83Y1p9Q+do+MU+W+bFMHn4rIKePUUlulohFWPgiT0olQAjCGwmyYFP23Whe6JffNf610i0p80anrqP77Y+VE1oRXtzLg4fF12qG6X887k4lFOoswa6NYPebyqkDhJJQjedqb3WXcpkDEjJgDx/YEt/qse3GgrqHYq98DizEsp

Please visit www.eurid.eu for more info.

.

$ whois google.com 

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Aborting search 50 records found .....
   Server Name: GOOGLE.COM.AFRICANBATS.ORG
   Registrar: TUCOWS DOMAINS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://www.tucowsdomains.com


   Server Name: GOOGLE.COM.ANGRYPIRATES.COM
   IP Address: 8.8.8.8
   Registrar: NAME.COM, INC.
   Whois Server: whois.name.com
   Referral URL: http://www.name.com


   Server Name: GOOGLE.COM.AR
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com


   Server Name: GOOGLE.COM.AU
   Registrar: PLANETDOMAIN PTY LTD.
   Whois Server: whois.planetdomain.com
   Referral URL: http://www.planetdomain.com


   Server Name: GOOGLE.COM.BAISAD.COM
   IP Address: 91.218.229.20
   IP Address: 92.53.96.24
   Registrar: REGISTRAR OF DOMAIN NAMES REG.RU LLC
   Whois Server: whois.reg.com
   Referral URL: http://www.reg.ru


   Server Name: GOOGLE.COM.BEYONDWHOIS.COM
   IP Address: 203.36.226.2
   Registrar: INSTRA CORPORATION PTY, LTD.
   Whois Server: whois.instra.net
   Referral URL: http://www.instra.com


   Server Name: GOOGLE.COM.BR
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com


   Server Name: GOOGLE.COM.CN
   Registrar: XIN NET TECHNOLOGY CORPORATION
   Whois Server: whois.paycenter.com.cn
   Referral URL: http://www.xinnet.com


   Server Name: GOOGLE.COM.CO
   Registrar: NAMESECURE.COM
   Whois Server: whois.namesecure.com
   Referral URL: http://www.namesecure.com


   Server Name: GOOGLE.COM.DGJTEST028-PP-QM-STG.COM
   IP Address: 8.8.8.8
   Registrar: JAPAN REGISTRY SERVICES CO., LTD.
   Whois Server: whois2016.jprs.jp
   Referral URL: http://https://jprs.jp/registrar/


   Server Name: GOOGLE.COM.DO
   Registrar: GODADDY.COM, LLC
   Whois Server: whois.godaddy.com
   Referral URL: http://www.godaddy.com


   Server Name: GOOGLE.COM.FORSALE
   Registrar: NAMESILO, LLC
   Whois Server: whois.namesilo.com
   Referral URL: http://www.namesilo.com


   Server Name: GOOGLE.COM.HACKED.BY.JAPTRON.ES
   Registrar: GODADDY.COM, LLC
   Whois Server: whois.godaddy.com
   Referral URL: http://www.godaddy.com


   Server Name: GOOGLE.COM.HANNAHJESSICA.COM
   IP Address: 216.239.32.10
   Registrar: VITALWERKS INTERNET SOLUTIONS LLC DBA NO-IP
   Whois Server: whois.no-ip.com
   Referral URL: http://www.no-ip.com


   Server Name: GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM
   IP Address: 209.187.114.130
   Registrar: TUCOWS DOMAINS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://www.tucowsdomains.com


   Server Name: GOOGLE.COM.HK
   Registrar: UK-2 LIMITED
   Whois Server: whois.hostingservicesinc.net
   Referral URL: http://www.uk2group.com/


   Server Name: GOOGLE.COM.HOUDA.DO.YOU.WANT.TO.MARRY.ME.JEN.RE
   Registrar: OVH
   Whois Server: whois.ovh.com
   Referral URL: http://www.ovh.com


   Server Name: GOOGLE.COM.IS.APPROVED.BY.NUMEA.COM
   IP Address: 213.228.0.43
   Registrar: GANDI SAS
   Whois Server: whois.gandi.net
   Referral URL: http://www.gandi.net


   Server Name: GOOGLE.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
   IP Address: 217.148.161.5
   Registrar: HOSTING CONCEPTS B.V. D/B/A OPENPROVIDER
   Whois Server: whois.registrar.eu
   Referral URL: http://www.openprovider.com


   Server Name: GOOGLE.COM.LASERPIPE.COM.DOMAINPENDINGDELETE.COM
   IP Address: 209.85.227.106
   Registrar: REALTIME REGISTER BV
   Whois Server: whois.yoursrs.com
   Referral URL: http://www.realtimeregister.com


   Server Name: GOOGLE.COM.LOLOLOLOLOL.SHTHEAD.COM
   IP Address: 123.123.123.123
   Registrar: CRAZY DOMAINS FZ-LLC
   Whois Server: whois.crazydomains.com
   Referral URL: http://www.crazydomains.com


   Server Name: GOOGLE.COM.MAIKO.BE
   Registrar: OVH
   Whois Server: whois.ovh.com
   Referral URL: http://www.ovh.com


   Server Name: GOOGLE.COM.MX
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.MY
   Registrar: WILD WEST DOMAINS, LLC
   Whois Server: whois.wildwestdomains.com
   Referral URL: http://www.wildwestdomains.com


   Server Name: GOOGLE.COM.NOHAREKART.COM
   IP Address: 116.203.75.233
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.NS1.CHALESHGAR.COM
   IP Address: 8.8.8.8
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com


   Server Name: GOOGLE.COM.NS2.CHALESHGAR.COM
   IP Address: 8.8.8.8
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com


   Server Name: GOOGLE.COM.PE
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.PK
   Registrar: BIGROCK SOLUTIONS LIMITED
   Whois Server: Whois.bigrock.com
   Referral URL: http://www.bigrock.com


   Server Name: GOOGLE.COM.SA
   Registrar: OMNIS NETWORK, LLC
   Whois Server: whois.omnis.com
   Referral URL: http://www.omnis.com


   Server Name: GOOGLE.COM.SHQIPERIA.COM
   IP Address: 70.84.145.107
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com


   Server Name: GOOGLE.COM.SOUTHBEACHNEEDLEARTISTRY.COM
   IP Address: 74.125.229.52
   Registrar: GODADDY.COM, LLC
   Whois Server: whois.godaddy.com
   Referral URL: http://www.godaddy.com


   Server Name: GOOGLE.COM.SPAMMING.IS.UNETHICAL.PLEASE.STOP.THEM.HUAXUEERBAN.COM
   IP Address: 211.64.175.67
   IP Address: 211.64.175.66
   Registrar: GOOGLE INC.
   Whois Server: whois.rrpproxy.net
   Referral URL: http://domains.google.com


   Server Name: GOOGLE.COM.SPROSIUYANDEKSA.RU
   Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
   Whois Server: whois.melbourneit.com
   Referral URL: http://www.melbourneit.com.au


   Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
   IP Address: 80.190.192.24
   Registrar: COREHUB, S.R.L.
   Whois Server: whois.corehub.net
   Referral URL: http://corehub.net


   Server Name: GOOGLE.COM.TESTZZZZ.3000-RI.COM.DELETE-DNS.COM
   IP Address: 8.8.8.8
   Registrar: MEGAZONE CORP. DBA HOSTING.KR
   Whois Server: whois.hosting.kr
   Referral URL: http://www.hosting.kr


   Server Name: GOOGLE.COM.TR
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.TW
   Registrar: WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC
   Whois Server: whois.webnic.cc
   Referral URL: http://www.webnic.cc


   Server Name: GOOGLE.COM.UA
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.UK
   Registrar: 123-REG LIMITED
   Whois Server: whois.123-reg.co.uk
   Referral URL: http://www.meshdigital.com


   Server Name: GOOGLE.COM.UY
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.VABDAYOFF.COM
   IP Address: 8.8.8.8
   Registrar: DOMAIN.COM, LLC
   Whois Server: whois.domain.com
   Referral URL: http://www.domain.com


   Server Name: GOOGLE.COM.VN
   Registrar: ONLINENIC, INC.
   Whois Server: whois.onlinenic.com
   Referral URL: http://www.onlinenic.com


   Server Name: GOOGLE.COM.WORDT.DOOR.VEEL.WHTERS.GEBRUIKT.SERVERTJE.NET
   IP Address: 62.41.27.144
   Registrar: KEY-SYSTEMS GMBH
   Whois Server: whois.rrpproxy.net
   Referral URL: http://www.key-systems.net


   Server Name: GOOGLE.COM.YUCEHOCA.COM
   IP Address: 88.246.115.134
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.YUCEKIRBAC.COM
   IP Address: 88.246.115.134
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.ZNAET.PRODOMEN.COM
   IP Address: 62.149.23.126
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Server Name: GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
   IP Address: 69.41.185.195
   Registrar: TUCOWS DOMAINS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://www.tucowsdomains.com


   Server Name: GOOGLE.COM.ZZZZZZZZZZZZZ.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM
   IP Address: 209.126.190.70
   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.publicdomainregistry.com


   Domain Name: GOOGLE.COM
   Registrar: MARKMONITOR INC.
   Sponsoring Registrar IANA ID: 292
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
   Status: clientDeleteProhibited https://www.icann.org/epp#clientDeleteProhibited
   Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
   Status: clientUpdateProhibited https://www.icann.org/epp#clientUpdateProhibited
   Status: serverDeleteProhibited https://www.icann.org/epp#serverDeleteProhibited
   Status: serverTransferProhibited https://www.icann.org/epp#serverTransferProhibited
   Status: serverUpdateProhibited https://www.icann.org/epp#serverUpdateProhibited
   Updated Date: 20-jul-2011
   Creation Date: 15-sep-1997
   Expiration Date: 14-sep-2020

>>> Last update of whois database: Sat, 26 Mar 2016 09:17:55 GMT <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

.

$ whois keybase.io

Domain : keybase.io
Status : Live
Expiry : 2020-09-06

NS 1   : ns-1016.awsdns-63.net
NS 2   : ns-1722.awsdns-23.co.uk
NS 3   : ns-1095.awsdns-08.org
NS 4   : ns-337.awsdns-42.com

Owner  : Maxwell Krohn
Owner  : Keybase, Inc
Owner  : 85 Broad St!Floor 18
Owner  : New York
Owner  : NY
Owner  : US

Check for 'keybase.ac' --- http://www.nic.ac/go/whois/keybase.ac
Check for 'keybase.sh' --- http://www.nic.sh/go/whois/keybase.sh

I could keep doing that for many many domains…