OUIs identify the vendor for a product; this can be use for finding out who made that NIC or who made that HBA. Why? A product made by Dell is most likely a server, whereas one of the bazillion OUIs from Apple is probably an iPhone, iPad, iWatch, iTouch, iTV, iWhatever. Therein lies the problem: some vendors make multiple things. Most vendors tend to use certain OUIs for certain product lines (ie a different one for my iPad as my Apple Airport Express) so -- unless you're dealing with HP -- you can usually figure out from there what the device is.
The first step, however, is "who makes that device?"
Suppose you have a NIC (b8:c7:5d:12:34:56); the OUI is the first 48 bits, or b8c75d. Alternatively, a WWN of 1000000533123456 has a OUI of 000533 (Brocade). If you don't know how to determine the OUI, Google it (if you can read this page, you clearly have unfettered internet access)
then, it works like this:
$\ nslookup > set type=TXT > set domain=oui.old.nu > 000533 Server: 192.168.22.1 Address: 192.168.22.1#53 Non-authoritative answer: 000533.oui.old.nu text = "Brocade Communications Systems, Inc."
$ nslookup > set type=txt > set domain=oui.old.nu > 000533 Non-authoritative answer: 000533.oui.old.nu text = "Brocade Communications Systems, Inc." > b8c75d Non-authoritative answer: b8c75d.oui.old.nu text = "Apple"
If you're a UNIX/Linux/BSD guy (including MacOSX), you can do this with the "host" command:
$ host -t TXT 000533.oui.old.nu 000533.oui.old.nu descriptive text "Brocade Communications Systems, Inc."(the "dig" command works similarly)
I started re-using DNS for LDAP URLs: I found that if a DNS TXT record tells you where a rogue LDAP is to show company extensions and phone numbers, then you can toss a binary around willy-nilly and it'll find the closest. Just as DNS subsystems will look for "www" as a website in your local area first (see "searchorder" or "hostresorder"), the same thing would happen if full names (FQDNs) map to servers. In my case, the SC, NJ, and UK offices had their own subdomains occasionally used, so a ext.sc.example.com, ext.nj.example.com, and a ext.uk.example.com would guide queries to the closest LDAP. If a new "oo.example.com" domain appears if the future, it would find no "ext.oo.example.com", and would then search for a "ext.example.com". ...so in putting "ext.example.com" as a fallback DNS A-record, it catches new locales as well. "ext" was a LDAP client that would default to certain scopes and searches. "ext Robert" would find all Roberts, their extensions, and office locations -- yes, very easy using GUI XXX product today, but remember, this was 1999, and we liked our command-line while building products such as Borealis.
No, I didn't want to do the full query by DNS since the LDAP was based on a server "balboa" that did corporate email redirection, hence was already maintained for me. Zero effort!
Present-day, I do the full query by DNS. I have a zone "oui.old.nu" that is filled nightly by a filter/cleanup of the IEEE content. The SOA is accurate.
This modern solution is difficult for some to comprehend: "what? OUI lookup? But DNS is.. is for... is for names! No Way! Not possible! You just cannot DO that!". Thing is, it works. and has some benefits inherent in the protocol:
Using DNS for lookups such as OUIs is
Luckily, most datacenters and "secure" mom-and-pop environments are realizing that the significant effort and oddities from Split-Horizon DNS (or "firewalled" DNS) are not worth the effort. Crackers and miscreants use IP addresses, not names, and the range of possible targets is given to them in the IP (it's called a "subnet mask"). More and more systems permit DNS queries to the unwashed internet, enabling this type of a lookup.