Just now, when you clicked on a link to take you here, a nifty little program inside your computer sent out a query to the Internet's Domain Name System asking for the Internet Protocol address of www.packet.com. Within a few hundred milliseconds, the response came back: There are three addresses, it turns out, at 204.62.129.1, 204.62.129.129, and 204.62.131.129, one of which brought you here.

IP addresses are like phone numbers, and the DNS is the great white pages in the sky. But you can do much more with it than just look up IP addresses. That's because quite a few organizations that use the Internet reveal a lot about themselves by the way they name their hosts.

Consider Sprintlink, Sprint's Internet service. Every interface on every single router in Sprintlink's TCP/IP backbone has its own unique IP address and name. And Sprint, in the interest of making its network easier to manage, has given those interfaces easy-to-understand names like "sl-fw-13-S1/0-T1" (a T1 interface on port0 of serial card 1) "sl-francom-1-S0-512k" (a fractional T1 interface running at 512K) and "fddi-pen-1" (a FDDI ring in Pennsylvania). Using this information, you can literally map out Sprint's entire network. That's pretty interesting if you happen to be offering competitive services - or are thinking of doing so.

The big network companies aren't the only companies that I caught with their breeches down. Computer giant Hewlett Packard's nameserver will happily send its DNS table if you ask. So will a bunch of other companies that I looked into, including the august InterNIC, part of the government contractor that actually runs nameservers for the Internet's top level .com, .gov, .edu, .org, .net, and .mil domains. But they've also got an interesting internal DNS table. InterNIC has a firewall that appears to block incoming TCP/IP connections to most of these machines, but you can still learn their names.

So what's wrong with giving out the names of your computers? Isn't that just like making your company's internal telephone directory publicly available? Sure, most companies try to prevent their phone books from falling into the hands of competitors, headhunters, and industrial spies, but that sort of thing happens all the time. Right? What's the real harm?

The answer to that question depends on a given company's practices. Most high-tech companies put a computer on everybody's desk. Thus, downloading their DNS tables gives you an easy way to get a head count. A lot of companies name their servers after projects.

"You can do statistical demographic stuff," says Cricket Liu, co-author of the O'Reilly book DNS & Bind. "You might be interested in seeing how many hosts there are [in a group or on a subnet] and then draw a rough idea of how many engineers there are on [a] project."

The Unix program that runs the Domain Name System is called bind. The way you get bind to pour out its guts is by doing a zone transfer. Click the "Geek This" icon in the next paragraph to learn how.

Zone transfers have an important function on the Internet: They're how a domain's primary DNS server downloads information to the domain's secondaries. Modern versions of the bind command allow you to restrict zone transfers to a small number of hosts using the xfernets command. All others hosts get Query refused. That's the message I got from some companies' DNS servers when I tried to learn about all of their hosts.

I wasn't stymied for long. Remember: Information wants to be free. It turns out that at least one of these companies' secondary DNS server hasn't enabled the xfernets command in its DNS server. So if you wanted to, you could just download the company's entire host table from there.

Meanwhile, there's another big source of internal company information out there: The InterNIC's WHOIS server, which will happily report to you the name, title, email address, and phone number for a company's network coordinator, administrative contact, or billing contact. A number of firms have been downloading the entire WHOIS database and using it as a targeted mailing list for new products and other advertisements.

"Everybody here who has had his name listed on any DNS registration has started getting automated personalized email," says David Pollak, chief technology officer at NetGuide Live. "The targeted mailing lists are apparently fairly accurate. The stuff that gets sent to our site admins is technically related. The stuff that gets sent to our admin people is marketing related."

I called up Dave Graves, the InterNIC's head of operations, and asked him if this was an abuse of the WHOIS database. No, he said, there are absolutely no restrictions on the use of this information. "We don't think that there is anything wrong with making that information available. There's nothing really private about it."