Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

ASP - Domain availibility check

Posted on 2007-07-30
63
Medium Priority
?
1,580 Views
Last Modified: 2012-08-13
HI,

A was programming ASP this week end and I found this very nice and popular script for domain availability check. (See below). The problem is, it does not seem to work well with .ca, .us .uk .info .biz .tv etc. Any .com .net or .org is working fine. Why? I just can't find the solution. Is there any other script available for this need or a way to make this one efficient?

Thanks

START SCRIPT
========================
<%
If request.form("domain")<>"" then

 ' Intruduce the url you want to visit
 GotothisURL = "http://www." & request.form("domain")

 ' Create the xml object
 Set GetConnection = CreateObject("Microsoft.XMLHTTP")
 ' Conect to specified URL
 GetConnection.Open "get", GotothisURL, False
on error resume next
 GetConnection.Send

 ' ResponsePage is the response, then print it out to the page
 ResponsePage = GetConnection.getResponseHeader("Date")

' Write response
if ResponsePage="" then
Response.write("This domain name may be available")
else
Response.write("This domain name is taken")
end if

Set GetConnection = Nothing

else
%>
<form method=post action=<% =request.servervariables("URL") %>>
<input type=text name=domain size=15 value="domain.com">
<input type=submit value="Find domain name">
</form>
<% end if %>

======================
END SCRIPT
0
Comment
Question by:SirTKC
  • 32
  • 17
  • 14
63 Comments
 
LVL 3

Author Comment

by:SirTKC
ID: 19594978
HI,

I found out that if a domain is redirected this script is not working and return "This domain name may be available" option. So i guess i need ASP script that will look for a "whois" more then availability instead.

Is there a known good example on how to do it ?

Thanks
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19604797
There are 5 regional Internet registries, each of whom has their own whois database.  (http://en.wikipedia.org/wiki/Regional_Internet_Registry)

Were you using a *nix server you could execute a whois look up from the command shell and return the results to your web page.

If you are on a server you control, it is possible to call the wscript shell from ASP to execute a windows cmd shell command and return a status code.  Unfortunatly, whois is not a command in windows.

Your script simply checks if a default web page exists for a given domain, which tells you nothing about domain availability. I personally have a dozen domains which have no default pages and in fact go no where.  e.g. no IP for the domain.

http://www.rodsdot.com/ee/arin_whois.asp

Is an example for using ASP to directly query the ARIN registry.

Using that, you should find it easy to direct queries at other registries.

0
 
LVL 3

Author Comment

by:SirTKC
ID: 19605055
Hi,

Thanks for your suggestion. However, I have tried it with a couple of .ca and .net domain and it is not working. From what I understand, ARIN is the search the North American registry. So why it does not return any result from these top level domain extension?

Another Idea I got si simply ping the domain and If I get an IP for a particular domain, Can I assume that it exist ? And where can I find the ASP Code to do it - Just getting a response without the TTL info.

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19605636
Actually, after posting the first code I remembered you need a bunch of weird swithches to pass for lookup by domain name...the help file is on the site.

Pinging the domain will tell you nothing about the availability of domain name (e.g. if it is registered or not.)

And yes that is only one of five registries, and you need to check each.

Another option in InterNIC.  One stop shopping for whois info, except it times out more than 9 time out of ten.

http://www.rodsdot.com/ee/whois_ajax.asp maybe more to your liking.  However, you will need permission from the person hosting the whois server tool before I can release the entire code.
0
 
LVL 29

Assisted Solution

by:rdivilbiss
rdivilbiss earned 800 total points
ID: 19605715
This list may provide a suitable whois target server for the above script.

OR

You can run PERL on Windows (IIS) and many Windows hosts offer PERL and/or allow cgi-bin files.  So you could use the above with something like:

http://www.cpan.org/authors/id/Q/QO/QOS/Networking/IPLU_v3_0.plx so that you are calling your own server and not using other peoples resources.

OR

There are WHOIS clients for Windows you could install on your IIS machine, however a hosting provider probably would not allow that.

Freeware: http://www.gena01.com/win32whois/

And if you rely on a windows command line WHOIS tool, here is how to
An example of calling a command shell from ASP, but there are potential security roadblocks.

<%
          Dim wshell, intReturn
          set wshell = server.createobject("wscript.shell")
          intReturn = wshell.run("%comspec% /c dir *.* > c:\test.txt", 0, True)
          Response.Write( intReturn )
          set wshell = nothing
%>

The server settings must be loose and this won't work on most shared hosting servers, for obvious reasons.

Another example...calling a ping, pipeing the out put to a file and the reading the results from that file, also requires the same server settings as the above script:

<%
Dim objFSO, objShell, objTempFile, objTextFile

Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
Set objShell = Server.CreateObject("Wscript.Shell")
objName = objFSO.GetTempName
objTempFile = objName
objShell.Run "cmd /c ping -n 3 -w 1000 64.126.4.193 >" & _
    objTempFile, 0, True
Set objTextFile = objFSO.OpenTextFile(objTempFile, 1)
Do While objTextFile.AtEndOfStream <> True
    strText = objTextFile.ReadLine
    If Instr(strText, "Reply") > 0 Then
        response.write "Reply received."
    End If
Loop
objTextFile.Close
objFSO.DeleteFile(objTempFile)
%>

And the permission required is for IUSR_machine to have execute permissions on command.com, which of course could allow a remote user to completely destroy your machine if their is ANY vulnerability that would allow them to inject code on your server.
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19605848
I do have complete control on the server and it is IIS 6.0.  I will explore you suggestion Rod. This is the one that comes close to what I am looking for.

I already downloaded the exe file available on the website. I've tried it and got pretty detailed results out of my search. But what I don't understand is that its not an installer i got but an exe file ?
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19605854
I shall have mentioned that the exe file I've tried is the WIN32WHOIS.
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19605876
Well if IUSR_machine has execute permissions on the exe, and you have windows script host installed on the server, then call your program like the ping example:

objShell.Run "WIN32WHOIS.EXE domain.com > whois.txt", 0, True

or maybe

objShell.Run "cmd /c WIN32WHOIS.EXE domain.com > whois.txt", 0, True

Then use the FileSystemObject to open, read and/or parse the data as needed.
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19605887
This is why I'm running PHP along side ASP on the IIS boxes I control.  This is simple from PHP, and you can get the results in your ASP pages using client side XMLHTTP.
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19605941
FWIW, someone's selling essentially the same code I posted for $10 on one of the script sites to get results from WHOIS.NET, however I'm not seeing anything in WHOIS.NET that allows that use of their server.  If you are doing a few queries, maybe it isn't an issue but if your page would be doing bulk lookups, I'm pretty certain WHOIS.NET is going to block your IP and/or demand you stop using their servers in that way.

I'm just not qualified to say.  Google code search shows people using some of my original code without following the CC attribution, on the other hand many people also ask for commercial licenses. I'm generally not in the mood to bother the ones I found without attribution, but if for example people query my example for above from a form on their server, I'll ban their IP.

It gets touch when you use someone else's resources and bandwith without asking.

So I'm glad your going to try to do this on your server.  You may have to open a new question re: windows scripting in the Windows Server area to get your proper permissions set up.  
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 19606556
> I found out that if a domain is redirected this script is not working and return "This domain name may be available" option.
if you get a redirect, then the domain is used for sure

> .. ARIN .. So why it does not return any result from these top level domain extension?
'cause the registry is *mainly* responsible for that region but also may or may not hold the information of a specific domain for historical reason

> .. simply ping the domain and If I get an IP for a particular domain, Can I assume that it exist ?
depends on the system where you issue the ping command *and* the implementation of ping. I'd argue that anything on windoze is unreliable for your purpose while most *x systems will work as you expect ;-)

> Pinging the domain will tell you nothing about the availability of domain name (e.g. if it is registered or not.)
sorry, that's not really true. If ping resolves names (see my previous comment) reliable, then you know that it must be registered.


According your problem/question: "whois"
I agree with previous suggestions that you have to query the all (5) well known registrars for your domain. Then parse the result and check if any returned if it is registrated. As most whois services deny multiple queries (for good reason:) this will be a tricky program.
I'd go another way and simply use nslookup (probably not on windoze, for obvious reason see above) or better dig and query the DNS. Any registered domain should be found this way in a very short time (< 1sec).

KISS - keep it simple stupid


BTW, you're using the domain value from your form totally unchecked, I guess that you're aware that this will open your form for countless web application attacks such as XSS, website spoofing and much more ...
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19641898
ahoffman,

I find your comment very interesting. I am myself an adept of the KISS rule. What do you suggest me to use (please refer to a URL for a detailed documentation) that would fit in a windozer environment.

I might NOT KISS you for that but certainly be very grateful !! :-)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 19641958
get a version of dig for your system, then we can provide a simple command line for you, best you also get grep or egrep too
If you want to have all in one script, I'd use perl for that ... .
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19642950
All right, I did my home work !

I got myself a copy of DIG, installed it, did what they say at
http://members.shaw.ca/nicholas.fong/dig/

Tried it using CMD prompt just to make sure and it worked beautifully.
I have to mention that it worked very well also with .ca domains.

What's next sir ?

I am anxious to see how this is going to work with all these different domain extensions ! TIME TO LEARN :-)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 19643642
ok, we need to parse dig's output
Do you prefer windoze standard tool (will become cumbersome), I'd suggest that you install gawk also.
As I don't have any windoze, please post output of a dig command for an existing domain, and for a non-existing domain, the I'll give the proper command line to make the checks.
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19656579
Hi,

Sorry for the delay in my response. But here is the information you requested.

What is gawk?

DIG'S OUTPUT
==========================================================
[EXISTING DOMAIN]

C:\DIG>dig google.com

; <<>> DiG 9.3.2 <<>> google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 773
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             241     IN      A       64.233.167.99
google.com.             241     IN      A       72.14.207.99
google.com.             241     IN      A       64.233.187.99

;; Query time: 78 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Wed Aug 08 14:04:37 2007
;; MSG SIZE  rcvd: 76

===========================================================
[NON EXISTING DOMAIN]

C:\DIG>DIG nonexistingdomainblablabla.com

; <<>> DiG 9.3.2 <<>> nonexistingdomainblablabla.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1188
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;nonexistingdomainblablabla.com.        IN      A

;; AUTHORITY SECTION:
com.                    900     IN      SOA     a.gtld-servers.net. nstld.verisi
gn-grs.com. 1186596452 1800 900 604800 900

;; Query time: 156 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Wed Aug 08 14:07:45 2007
;; MSG SIZE  rcvd: 121


0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 19657267
dig whatever.tld | gawk '((NF==5)&&($3=="IN")&&($4=="A")){print $1" exists"}'
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19658361
I am sorry but... what is it ?

1. Do I need to install gawk on our server in order to execute this line of code ?
2. Where do i put this code ? on my ASP page?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 19660027
oops, lost the focus on this thread, it be should ASP, sorry.
Is ASP the requirement, or could it be anything else?
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19661590
Actually, a solution remains a solution. For sure I will seek for a solution in a language I am familiar with. But down the road, if nothings suite our needs I will certainly listen to any other solution that will be compatible with our Win SBS 2003 with IIS 6.0. Any IT manager will try to avoid - as much as they can - to install all bunch of scripting languages on the same web site - this is really cumbersome ;-) But I am always willing to learn and discover new frontiers ! If not, I wouldn't be doing that job ;-)

The DIG you made me install (on my workstation for testing purposes) is just great, but in CMD. If you have a method to make this usable via our website, you'll be our genius of the day !

Keep your focus ! hahaha !!

Many thanks for your patience and help !!!!!!!!
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 19662131
ok, lets wait for ASP gurus first ;-)
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19662315
Well they don't show up...
If you know a trick to call them, let me know ! ;-)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 19663231
meanwhile, 'til gurus join, you may install gawk http://gnuwin32.sourceforge.net/packages/gawk.htm and test if my suggestion is worth to be improved ..
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19664160
Okay, Gawk is installed and where do i plug this line of code you provided ?
I still have no clue what gawk is...
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19664326
I have tried this line of code in CMD and i got the following result;

){PRINT WAS UNEXPECTED AT THIS TIME.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 19666079
damn, forgot that it is windoze ... please try following in cmd.exe:
dig whatever.tld | gawk "((NF==5)&&($3=='IN')&&($4=='A')){print $1' exists'}"
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19666269
I,ve tried it and it returns that:

"gawk" is not a recognized as a program or batch file... some sort of message...
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19666701
Would be easier I think to simply pipe the output from dig to a file and open that file in your ASP page using the File System Object.

e.g. dig google.com > did.txt

You're still going to need to execute a wscript shell from you ASP page to execute dig and following that with a FSO to open and parse the file isn't going to be difficult.

Even with gawk, you still need to call the script shell to execute the line and won't have returned the results to your ASP page.  So either way you'll need FSO.

FWIW.
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19666705
Would be easier I think to simply pipe the output from dig to a file and open that file in your ASP page using the File System Object.

e.g. dig google.com > did.txt

You're still going to need to execute a wscript shell from you ASP page to execute dig and following that with a FSO to open and parse the file isn't going to be difficult.

Even with gawk, you still need to call the script shell to execute the line and won't have returned the results to your ASP page.  So either way you'll need FSO.

FWIW.
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19666923
I read your point.
How would I pipe this output through an  ASP page?
And grab the TXT file content back into the result page?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 19667928
> .. "gawk" is not a recognized as a program or batch file ..
you either need to use
   x:\full\path\to\gawk.exe
or add
  x:\full\path\to\
to your PATH environment variable

> Would be easier I think to simply pipe the output from dig to a file and open that file in your ASP page using the File System Object.
could ASP no start dig itself?
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19669523
>could ASP no[t] start dig itself?

Yes...see the post http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/ASP/Q_22729632.html#a19605715 above.  But I don't think you are going to get any results from the command passed back to the ASP page.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 19669725
> But I don't think you are going to get any results from the command passed back to the ASP page.
LOL, someone told me that this is a modern language/tool, I guess I'll stick on 42+ year-old pipes :-]]
*SCNR*
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19670465
When we assist, powerless, to the collision of two philosophies... :-)

BUT ! We may run DIG using ASP, this I can understand this one.
Can we parse the parameters (query like: DIG mydomain.tld) to DIG thru ASP and THEN, output the results to a TXT file that ASP will read afterward and bring the results to the web page?
In order to make more functional, we could give RWD rights in order to use always the same file (meaning same parameters in ASP).

Is this possible, or I do have hallucinations ?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1200 total points
ID: 19671544
don't know the syntax of ASP, but if there is something like:

  Set ex = Server.CreateObject("ASPExec.Execute")
      ex.Application = "dig.exe"
      ex.Parameters = ">%TEMP%\dig.txt"
  Response.Write ex.ExecuteDosApp

you should be fine (just to show the exec call).
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19674002
>BUT ! We may run DIG using ASP, this I can understand this one.


>Can we parse the parameters (query like: DIG mydomain.tld) to DIG thru ASP
>and THEN, output the results to a TXT file that ASP will read afterward
>and bring the results to the web page?

When you execute the command, the command writes its results to a text file...no need for ASP to do that.  Then ASP reads the newly created file.  You could use gawk to parse the return from dig and pipe its results to a file, or you could simply pipe the results of the dig to a file and use ASP to parse the results.  I don't see the need for GAWK, but that is simply a matter of taste.

>In order to make more functional, we could give RWD rights in order to use always the same file (meaning same parameters in ASP).

Exactly.

Without a helper DLL you have the WSCRIPT host object to execute you command and pipe the results to a TXT file.

Then you read and parse the file with the File System Object.

The ASPExec object mentioned by ahoffmann was a dll file made available by the Server Objects company, and could be easier to setup and use than the WSCRIPT shell.  Unfortunately, I no longer see that product listed on their web site.  Below is a link to an article using that object to execute a command script and then using the File System Object to verify the date of the file created from the command script.

http://www.4guysfromrolla.com/webtech/072199-2.shtml

0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19680617
>LOL, someone told me that this is a modern language/tool, I guess I'll stick on 42+ year-old pipes :-]]

ASP is orphaned, and MS intended it to be used with ActiveX (which opened up a big can of worms.)  Without those OCX or DLL objects it had little built in server side interaction.
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19712482
Hi guys,

Sorry for my late reponse, I've been away from my desk for a while.


Let me recap this all,

I can install DIG on the server where the website is running.

1- Using ASP, I can run DIG by sending a request containing my whois search.
2- Dig in return will return the results to the same TXT file (write or overwrite the existing one)
3- Then ASP will grab this information and pipe the results to the web page at the great satisfaction of the visitor and the web master (of course).

If the  ASPExec is no longer available, is there another path to do that?

A piece of code as example will help for sure !

Thanks !
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19713265
<%
          Dim wshell, intReturn
          set wshell = server.createobject("wscript.shell")
          intReturn = wshell.run("%comspec% /c dig whatever.tld > c:\Inetpub\wwwroot\yourpath\digresults.txt", 0, True)
          Response.Write( intReturn )
          set wshell = nothing
%>

intReturn should be zero (if I recall correctly) upon successful execution.

You'll need dig to have execute permissions for the IUSR_machinename account, and the path to dig should be in the PATH environment variable or specified when you execute the command.

Similarly IUSR_xxxxxxxx needs read, write on the text file, and I would not put that file in the root web.
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19713886
Hi,

I've never felt so close to the goal...

I did deployed and tested DIG on our server 2003. It worked A1.
DIG is installed on the C drive in the DIG folder
IUSR account has been granted read and execute to the DIG folder and its content
I have created a txt file in the path       C:\Inetpub\wwwroot\FSO with the RW permission to IUSR

I have created an ASP page with this code.
=========================================================
<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>

<%
          Dim wshell, intReturn
          set wshell = server.createobject("wscript.shell")
          intReturn = wshell.run("%comspec% /c dig google.com >                                                                                                                   C:\Inetpub\wwwroot\FSO\dig.txt", 0, True)
          Response.Write( intReturn )
          set wshell = nothing
%>


</body>
</html>
=========================================================
And it returned ;

Microsoft VBScript runtime  error '800a0046'

Permission denied

/dig.asp, line 14


With the appropriate permissions settled, Is this related to IIS 6.0 tighter permissions ? What the googa am i doing wrong?
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19714024
>Permission denied

Then either one of two things happened. Either the interactive user (whether IUSR_MachineName or an authenticated user) does not have permissions to the file or folder being executed; or, the interactive user does not have permissions to one or more of the commands being called within the file. Don't get caught up in the common assumption that IUSR_machineName is included in the "Everyone" group... and don't just give "Everyone" full access to this folder, or put IUSR in the Administrators group. You have to explicitly give IUSR permissions to file, folder, and anything else that the command has to touch.

See http://support.microsoft.com/default.aspx/kb/311481 if you are running IIS 6
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19714045
Make sure IUSR_xxxxxxxxx has permisions to read/execute on cmd.exe and wscript.exe as well.  If that doesn't get it then you can try www.sysinternals.com
to get their file monitoring program for free that will give you access denied reports.  
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19714132
I gaved permission to these two exe files. Matter of fact now I don't get any error. I just "1" on my asp page in response to this


          Dim wshell, intReturn
          set wshell = server.createobject("wscript.shell")
          intReturn = wshell.run("%comspec% /c dig microsoft.com > C:\Inetpub\wwwroot\FSO\dig.txt", 0, True)
          Response.Write( intReturn )
          set wshell = nothing


I already installed FileMon because it lead me to this track an hour ago.
I get these

9:40:15 PM      w3wp.exe:8048      QUERY INFORMATION      C:\inetpub\wwwroot\dig.asp      BUFFER OVERFLOW      FileAllInformation
9:40:15 PM      cmd.exe:1256      DIRECTORY      C:\windows\system32\inetsrv\      NO SUCH FILE      FileBothDirectoryInformation: dig"*      
9:40:15 PM      cmd.exe:1256      DIRECTORY      C:\windows\system32\inetsrv\      NO SUCH FILE      FileBothDirectoryInformation: dig      
9:40:15 PM      cmd.exe:1256      DIRECTORY      C:\WINDOWS\system32\      NO SUCH FILE      FileBothDirectoryInformation: dig"*      
9:40:15 PM      cmd.exe:1256      DIRECTORY      C:\WINDOWS\system32\      NO SUCH FILE      FileBothDirectoryInformation: dig      
9:40:15 PM      cmd.exe:1256      DIRECTORY      C:\WINDOWS\      NO SUCH FILE      FileBothDirectoryInformation: dig"*      
9:40:15 PM      cmd.exe:1256      DIRECTORY      C:\WINDOWS\      NO SUCH FILE      FileBothDirectoryInformation: dig      
9:40:15 PM      cmd.exe:1256      DIRECTORY      C:\WINDOWS\System32\Wbem\      NO SUCH FILE      FileBothDirectoryInformation: dig"*      
9:40:15 PM      cmd.exe:1256      DIRECTORY      C:\WINDOWS\System32\Wbem\      NO SUCH FILE      FileBothDirectoryInformation: dig      
9:40:15 PM      cmd.exe:1256      DIRECTORY      C:\Program Files\Microsoft SQL Server\80\Tools\Binn\      NO SUCH FILE      FileBothDirectoryInformation: dig"*      
9:40:15 PM      cmd.exe:1256      DIRECTORY      C:\Program Files\Microsoft SQL Server\80\Tools\Binn\      NO SUCH FILE      FileBothDirectoryInformation: dig      


0
 
LVL 3

Author Comment

by:SirTKC
ID: 19714136
You can check it out here

http://art-systems.net/dig.asp
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19714204
This link does not apply
http://support.microsoft.com/default.aspx/kb/311481

It is application mapping for file extension settings
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19714214
I think you are almost there.  Is dig writing the text file?

If not, is dig in your path and have IUSR_xxxxxx read/write permissions?
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19714462
No dig is not writing the TXT file.
It have the IUSR_xxxxx read/write permissions?

But I miss the "dig in your path" part.

Is this should be ;

1. on the c drive directly ?
2. in the windows\system32 folder ?
3. at the same location as the txt file ?

When I type in the command window the exact same string as you provided, it write the TXT file. But in ASP it won't.

I know I feel this solution at my grasp !!
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19714510
I want to add this observation.

The TXT file is cleared by the ASP Script !

If there is any content on this file, it'll be erased by the script execution, but in return, it does not write the query response in this TXT file.

In fact it should replace what's already there instead of erasing it ... (???)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 19714962
if you can run dig using wshell and parse the result in ASP, I'd do it with wshell completely and let ASP only display the result

Response.Write(wshell.run("%comspec% /c dig microsoft.com | gawk \"((NF==5)&&($3=='IN')&&($4=='A')){print $1' exists'}\"", 0, True))

' Note1: don't know how to escape " inside wshell.run, I assumed \"
' Note2: you probably need to use full paths to dig.exe and gawk.exe

In the end I don't see what ASP should be good for in this scenario ...
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19716989
I don't plan to Response.Write all the information to the web page but give instead a positive answer only if the domain is available and then offer the the option to request the registration process OR if it's unavailable then ask to make a new search.

I have seen many registrars using scripts that suggest alternatives with slight variances of the targeted domain search. I don't plan to go as far. I found these script on the NET but they were all products you need to purchase (and wayyyyy to expensive).

ON another hand, I read so much on this possibility of running a .exe or .bat using ASP and then parse the results over a web page that I believe DIG should do the job without the need of adding another process such GAWK. ( I am a purist - the less the better on Windows).

However, I went as far as making DIG reaching that TXT file. It erase its content but it does not write to it the results of the domain check. In return on my ASP page I get  the number "1" displayed but this number doesn't even exist on the TXT file... I am quit lost...

NOTE: I don't know how to edit the wshell.run string. I don't even know what's the "0" and the "True" stands for :-/ and I have read that playing with it may drop your server into a infinite loop that will end into a crash. Scary...

On my next steps will be to try another EXE (any that will parse information back to my web page) and see. It might be related to this BUFFER OVERFLOW I get in FileMon (see above) I don't know but something is sure - I WONT QUIT !

Thanks :-)

0
 
LVL 3

Author Comment

by:SirTKC
ID: 19717115
10:24:16 AM      w3wp.exe:5836      OPEN      C:\inetpub\wwwroot\dig.asp      SUCCESS      Options: Open  Access: Read      
10:24:16 AM      w3wp.exe:5836      QUERY INFORMATION      C:\inetpub\wwwroot\dig.asp      SUCCESS      FileFsVolumeInformation      
10:24:16 AM      w3wp.exe:5836      QUERY INFORMATION      C:\inetpub\wwwroot\dig.asp      BUFFER OVERFLOW      FileAllInformation      
10:24:16 AM      w3wp.exe:5836      CLOSE      C:\inetpub\wwwroot\dig.asp      SUCCESS            
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19717140
Here is what I've tried

          Dim wshell
          set wshell = server.createobject("wscript.shell")
          Response.Write(wshell.run("%comspec% /g dig microsoft.com", 0, True))
          set wshell = nothing

Response = "1"

          Dim wshell
          set wshell = server.createobject("wscript.shell")
          Response.Write(wshell.run("%comspec% /g dig microsoft.com", 0, False))
          set wshell = nothing

Response = "0"
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19717145
NOTE: I have moved the DIG.EXE to the "G" drive.
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19717976
Here is now the test I made

    set wshell = CreateObject("WScript.Shell")
    wshell.run "%COMSPEC% /C dir c:\ > C:\Inetpub\wwwroot\FSO\dig.txt", 0, TRUE
    set wshell = nothing
 
    set fso = CreateObject("Scripting.FileSystemObject")
    set fs = fso.openTextFile("C:\Inetpub\wwwroot\FSO\dig.txt", 1, TRUE)
    response.write replace(replace(fs.readall,"<","<"),vbCrLf,"<br>")
    fs.close: set fs = nothing: set fso = nothing

++ it work beautifuly ++

NOW THIS

    set wshell = CreateObject("WScript.Shell")
    wshell.run "%COMSPEC% /C dig microsoft.com c:\ > C:\Inetpub\wwwroot\FSO\dig.txt", 0, TRUE
    set wshell = nothing
 
    set fso = CreateObject("Scripting.FileSystemObject")
    set fs = fso.openTextFile("C:\Inetpub\wwwroot\FSO\dig.txt", 1, TRUE)
    response.write replace(replace(fs.readall,"<","<"),vbCrLf,"<br>")
    fs.close: set fs = nothing: set fso = nothing

++ GIVES ME :
Microsoft VBScript runtime  error '800a003e'

Input past end of file

/dig.asp, line 26  

wHICH line 26 is  response.write replace(replace(fs.readall,"<","<"),vbCrLf,"<br>")

So it can write the TXT file. It's just not parsing the results to the text file.

I also tried WHOIS, TRACERT, PING and they failed.
WHOIS the same error (800a003e)
TRACERT AND PING = "Bad parameters response"
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19721372
Bingo !!

Description of solution is provided here
http://art-systems.net/domaincheck.html
Try it and see the results.

Now I just need to script it in order to catch the answer and display a conditionnal message. (I dont't want to display the whole junk information on my page but a nice something depending on the result).


I guess this is something else for the EE ? :-)

Many thanks to ahoffmann & rdivilbiss !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19721566
Sorry, I wasn't able to respond as much as I would like, but business has me tied up many hours of the day.
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19721609
Don't be sorry biss ! We all have our businesses running ! If I could have to, I would have gave you both 500 & ++ !

Now that I got this thing workin, I now need to treat that information into something readable for common mortals, if you know what I mean.

Lets close this thread and start another one !

0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 19721613
I'm so glad you got it working,
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19721732
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 19722115
according your link, is this (part of) your code?
--------------
<%
''Dim objExecutor, sResult
'Create the server-side object
''Set objExecutor = Server.CreateObject("ASPExec.Execute")
''Set the application name 'For NT systems, it's "cmd.exe"
'If you're running something else then I think you know
'what it is :)
''objExecutor.Application = "cmd.exe"
'Now set the parameters, very important!
'You want your DOS prompt to call your batch file
 ....

Dim Executor, strResult
Set Executor = Server.CreateObject("ASPExec.Execute")
Executor.Application = "cmd /c dig > c:\inetpub\wwwroot\FSO\dig.txt"
Executor.Parameters = request.Form("mydomain")
strResult = Executor.ExecuteDosApp
Response.Write "<pre>" & strResult & "</pre>"

Dim fso, fs
set fso = CreateObject("Scripting.FileSystemObject")
set fs = fso.openTextFile("C:\Inetpub\wwwroot\FSO\dig.txt", 1, TRUE)
response.write replace(replace(fs.readall,"<","<"),vbCrLf,"<br>")
fs.close: set fs = nothing: set fso = nothing
%>
--------------

and that is the serial number of the C: disk where you store dig.asp and dig.txttxt
  68B1-6A84

If so, I guess you need to disable the script immediately and make some data validation in your script before you put it online again.
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19722950
Yes this is part of the code I used
and NO this is not the serial of the HD where these files are stored.

I guess you're trying to raise a security issue ? If yes, can you be more specific ?

Thanks
0
 
LVL 3

Author Comment

by:SirTKC
ID: 19723240
dear ahoffmann,

If you go back to this web page, I think you'll be very proud of me. ;-)
I didn't wait and added a server side validation.

http://art-systems.net/domaincheck.html


I hope there is no other security hole !! :-O
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 19724927
looks much better, but still some issues ;-)
Id simply add a regex which rejects any input not matching   /[a-zA-Z0-9.-]+/
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question