WHOIS
Encyclopedia
WHOIS is a query and response protocol that is widely used for querying database
s that store the registered users or assignees of an Internet
resource, such as a domain name
, an IP address
block, or an autonomous system
, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The Whois protocol is documented inRFC 3912.
administrators. The use of the data in the WHOIS system has evolved into a variety of uses, including:
, there was only one organization that handled all domain registrations, which was DARPA itself. The process of registration was established inRFC 920 . WHOIS was standardized in the early 1980s to look-up domains, people and other resources related to domain and number registrations. Because all registration was done by one organization at that time, one centralized server was used for WHOIS queries. This made looking-up such information very easy.
Early WHOIS servers were highly permissive and would allow wild-card searches. A WHOIS query of a person's last name would yield all individuals with that name. A query with a given keyword returned all registered domains containing that keyword. A query for a given administrative contact returned all domains the administrator was associated with. Since the advent of the commercialized Internet, multiple registrars and unethical spammers, such permissive searching is no longer available.
Responsibility of domain registration remained with DARPA as the ARPANET
became the Internet during the 1980s. UUNet
began offering domain registration service, however they simply handled the paperwork which they forwarded to the DARPA Network Information Center (NIC). Then the National Science Foundation
directed that management of Internet domain registration would be handled by commercial, 3rd party entities. InterNIC
was formed in 1993 under contract with the NSF, consisting of Network Solutions, Inc.
, General Atomics
and AT&T
. The General Atomics contract was canceled after several years due to performance issues.
On December 1, 1999, management of the top-level domain
s (TLDs) com, net, and org was assigned to ICANN
. At the time, these TLDs were converted to a thin WHOIS model. Existing WHOIS clients stopped working at that time. A month later, it had self-detecting CGI support so that the same program could operate a web-based WHOIS lookup, and an external TLD table to support multiple WHOIS servers based on the TLD of the request. This eventually became the model of the modern WHOIS client.
By 2005, there were many more generic top-level domains than there had been in the early 1980s. There are also many more country-code top-level domains. This has led to a complex network of domain name registrar
s and registrar associations, especially as the management of Internet infrastructure which has become more internationalized. As such, performing a WHOIS query on a domain requires knowing the correct, authoritative WHOIS server to use. Tools to do WHOIS proxy searches have become common.
In 2004, an IETF committee was formed to standardize a whole new way to look-up information on domain names and network numbers. The current working name for this proposed new standard is Cross Registry Information Service Protocol
(CRISP).
RFC 742 (1977). The NICNAME/WHOIS protocol was first described in RFC 812 in 1982 by Ken Harrenstien and Vic White of the Network Information Center at SRI International
.
WHOIS was originally implemented on the Network Control Program
(NCP) but found its major use when the TCP/IP
suite was standardized across the ARPANET and later the Internet.
The protocol specification is the following (original quote):
The command line server query is normally a single name specification. i.e. the name of a resource. However, servers accept a query, consisting of only the question mark (?) to return a description of acceptable command line formats. Substitution or wild-card formats also exist, e.g., appending a full-stop (period) to the query name returns all entries beginning with the query name.
On the modern Internet, WHOIS services are typically communicated using the Transmission Control Protocol
(TCP). Servers listen to requests on the well-known port number 43. Clients are simple applications that establish a communications channel to the server, transmit a text record with the name of the resource to be queried and await the response in form of a sequence of text records found in the database. This simplicity of the protocol also permits an application, and a command line interface user, to query a WHOIS server using the Telnet
protocol.
A WHOIS database consists of a set of text records for each resource. These text records consists of various items of information about the resource itself, and any associated information of assignees, registrants, administrative information, such as creation and expiration dates.
Two data models exist for storing resource information in a WHOIS database, the thick and the thin model.
Thick: one WHOIS server stores the complete WHOIS information from all the registrars for the particular set of data (so that one WHOIS server can respond with WHOIS information on all .org
domains, for example).
Thin: one WHOIS server stores only the name of the WHOIS server of the registrar of a domain, which in turn has the full details on the data being looked up (such as the .com
WHOIS servers, which refer the WHOIS query to the registrar where the domain was registered).
The thick model usually ensures consistent data and slightly faster queries, since only one WHOIS server needs to be contacted. If a registrar goes out of business, a thick registry contains all important information (if the registrant entered correct data, and privacy features were not used to obscure the data) and registration information can be retained. But with a thin registry, the contact information might not be available, and it could be difficult for the rightful registrant to retain control of the domain.
If a WHOIS client did not understand how to deal with this situation, it would display the full information from the registrar. Unfortunately, the WHOIS protocol has no standard for determining how to distinguish the thin model from the thick model.
Specific details of which records are stored vary among domain name registries
. Some top-level domain
s, including com
and net
, operate a thin WHOIS, requiring domain registrars to maintain their own customers' data. The other global top-level registries, including org
, operate a thick model. Each country-code top-level registry has its own national rules.
and Unix-like
operating systems. WHOIS client and server software is distributed as free open-source software
and binary distributions are included with all Unix-like
systems. Various commercial Unix implementations may use a proprietary implementations (for example, Sun Solaris 7).
A WHOIS command line client passes a phrase given as an argument directly to the WHOIS server. However, most modern WHOIS tools implement command line flags or options, such as the -h option to access a specific server host, but default servers are preconfigured. Additional options may allow control of the port number to connect on, displaying additional debugging data, or changing recursion/referral behavior.
Like most TCP/IP client-server
applications, a WHOIS client takes the user input and then opens an Internet socket
to its destination server. The WHOIS protocol manages the transmission of the query and reception of results.
and especially the loosening up of the Network Solutions
monopoly, looking up WHOIS information via the web has become quite common. At present, popular web-based WHOIS-queries may be conducted from ARIN
, RIPE
and APNIC. Most early web-based WHOIS clients were merely front-ends to a command-line client, where the resulting output just gets displayed on a web page with little, if any, clean-up or formatting.
Nowadays, web based WHOIS clients usually perform the WHOIS queries directly and then format the results for display. Many such clients are proprietary, authored by domain name registrars.
The need for web-based clients came from the fact that command-line WHOIS clients largely existed only in the Unix and large computing worlds. Microsoft Windows
and Macintosh computers had no WHOIS clients, so registrars had to find a way to provide access to WHOIS data for potential customers. Many end-users still rely on such clients, even though command line and graphical clients exist now for most home PC platforms.
There are also many sites not owned by registrars or Internet-related companies. These support most of main TLD
and remains free. But most of web-based whois sites are incomplete and do not support all TLD nor IP search.
Some work from a built-in WHOIS server list and some other try to retrieve the one which fits the TLD you ask for from a live Domain Information Groper
query (command line clients do this query in background first).
CPAN
has several Perl
modules available that work with WHOIS servers. Many of them are not current and do not fully function with the current (2005) WHOIS server infrastructure. However, there is still much useful functionality to derive including looking up AS numbers and registrant contacts.
responsible for a particular resource.
The records of each of these registries are cross-referenced, so that a query to ARIN
for a record which belongs to RIPE
will return a place-holder pointing to the RIPE WHOIS server. This lets the WHOIS user making the query know that the detailed information resides on the RIPE server. In addition to the RIRs servers, commercial services exist, such as the Routing Assets Database
used by some large networks (e.g., large Internet providers that acquired other ISPs in several RIR areas).
s (TLDs).
) for the WHOIS protocol in their DNS zone, advertising their WHOIS server. This SRV record has the domain name format _nicname._tcp..
For example, the WHOIS server for us may be found by querying for the SRV record:
returning the server name and port number (43).
.whois-servers.net .
For example, the host com.whois-servers.net can be used in place of the WHOIS server name for the com TLD in a command line query:
The GNU
WHOIS utility automatically uses the whois-servers.net service.
whois server at whois.iana.org provides information on each TLD including the whois server.
Some registry operators are wholesalers, meaning that they typically provide domain name services to a large number of retail registrars, who in turn offer them to consumers. For private registration, only the identity of the wholesale registrar may be returned. In this case, the identity of the individual as well as the retail registrar may be hidden.
Below is an example of WHOIS data returned for an individual resource holder. This is the result of a WHOIS query of example.com
:
, hierarchical fashion, potentially creating a system with a tree-like architecture. Queries are deterministically routed to servers based on hierarchical labels, reducing a query to the primary repository of information.
Lookups of IP address allocations are often limited to the larger Classless Inter-Domain Routing
(CIDR) blocks (e.g., /24, /22, /16), because usually only the regional Internet registries
(RIRs) and domain registrars run RWhois or Whois servers, although RWhois is intended to be run by even smaller local Internet registries
, to provided more granular information about IP address assignment.
RWhois is intended to replace Whois, providing an organized hierarchy of referral services where one could connect to any RWhois server, request a look-up and be automatically re-directed to the correct server(s). However, while the technical functionality is in place, adoption of the RWhois standard has been weak.
RWhois services are typically communicated using the Transmission Control Protocol
(TCP). Servers listen to requests on the well-known port number 4321.
Rwhois was first specified inRFC 1714 in 1994 by Network Solutions
, but the specification was superseded in 1997 by RFC 2167.
The referral features of RWhois are different than the feature of a Whois server to refer responses to another server, which RWhois also implements.
. Registrant's contact details, such as address and telephone number, are easily accessible to anyone for many domains. Although some registrars offer private registrations, by which the contact information of the registrar is shown, the ICANN rules state that in these cases the registrar or the provider of this service is the lessor of the domain.
Registrant may be obscured: In the case of private registration, it may be difficult for a registrant to confirm their registration status.
Spammers often harvest plain-text email addresses from WHOIS requests. For this reason, WHOIS servers and websites offering WHOIS queries have implemented rate-limiting system, such as CAPTCHA
.
The WHOIS protocol was not written with an international audience in mind. A WHOIS server or client cannot determine the text encoding in effect for the query or the database content. The servers were originally using US-ASCII
. This might impact the usability or usefulness of the WHOIS protocol in countries outside the USA. In the case of internationalized domain names it is the responsibility of the client application to perform the translation of the domain name between its native language script and the DNS name in punycode
.
In the case of private registrations, ascertaining registration information may be more difficult. If a registrant has acquired a domain name and wants to verify that the registrar has indeed completed the registration process, three steps may be required: 1) perform a WHOIS and confirm that the resource is at least registered with ICANN, 2) determine the name of the wholesale registrar, and 3) contact the wholesaler and obtain the name of the retail registrar. This provides some confidence that the retailer actually registered the name. But if the registrar goes out of business, such as the failure of RegisterFly
in 2007, the rightful domain holder with privacy-protected registrations may have difficulty retaining domain administration. The end user of "private registration" can attempt to protect themselves by using a registrar that places customer data in escrow with a third party.
ICANN requires that each domain name registrant be given the opportunity to correct any inaccurate contact data associated with a domain. For this reason, the registrar is required to periodically send the holder the contact information on record for verification.
issue which is also tied to free speech and anonymous speech. However, WHOIS is an important tool for law enforcement officers investigating violations like spam
and phishing
to track down the holders of domain names. Law enforcement officers become frustrated when WHOIS records are filled with rubbish. As a result, law enforcement agencies have sought to make WHOIS records both open and verified:
Database
A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model relevant aspects of reality , in a way that supports processes requiring this information...
s that store the registered users or assignees of an Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
resource, such as a domain name
Domain name
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....
, an IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
block, or an autonomous system
Autonomous system (Internet)
Within the Internet, an Autonomous System is a collection of connected Internet Protocol routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet....
, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The Whois protocol is documented in
Purpose
The WHOIS system originated as a method for system administrators to obtain contact information for IP address assignments or domain nameDomain name
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....
administrators. The use of the data in the WHOIS system has evolved into a variety of uses, including:
- Supporting the security and stability of the Internet by providing contact points for network operators and administrators, including ISPs, and certified computer incident response teams;
- Determining the registration status of domain names;
- Assisting law enforcement authorities in investigations for enforcing national and international laws, including. In some countries, specialized non-governmental entities may be involved in this work;
- Assisting in combating abusive uses of information communication technology;
- Facilitating inquiries and subsequent steps to conduct trademark research and to help counter intellectual property infringement;
- Contributing to user confidence in the Internet as a reliable and efficient means of information and communication and as an important tool for promoting digital inclusion, e-commerce and other legitimate uses by helping users identify persons or entities responsible for content and services online; and
- Assisting businesses, other organizations and users in combating fraud, complying with relevant laws and safeguarding the interests of the public.
History
When the Internet was emerging out of the ARPANETARPANET
The Advanced Research Projects Agency Network , was the world's first operational packet switching network and the core network of a set that came to compose the global Internet...
, there was only one organization that handled all domain registrations, which was DARPA itself. The process of registration was established in
Early WHOIS servers were highly permissive and would allow wild-card searches. A WHOIS query of a person's last name would yield all individuals with that name. A query with a given keyword returned all registered domains containing that keyword. A query for a given administrative contact returned all domains the administrator was associated with. Since the advent of the commercialized Internet, multiple registrars and unethical spammers, such permissive searching is no longer available.
Responsibility of domain registration remained with DARPA as the ARPANET
ARPANET
The Advanced Research Projects Agency Network , was the world's first operational packet switching network and the core network of a set that came to compose the global Internet...
became the Internet during the 1980s. UUNet
UUNET
UUNET founded in 1987, was one of the largest Internet service providers and one of the nine Tier 1 networks. It was based in Northern Virginia and was the first commercial Internet service provider...
began offering domain registration service, however they simply handled the paperwork which they forwarded to the DARPA Network Information Center (NIC). Then the National Science Foundation
National Science Foundation
The National Science Foundation is a United States government agency that supports fundamental research and education in all the non-medical fields of science and engineering. Its medical counterpart is the National Institutes of Health...
directed that management of Internet domain registration would be handled by commercial, 3rd party entities. InterNIC
InterNIC
The Internet Network Information Center, known as InterNIC, was the Internet governing body primarily responsible for domain name and IP address allocations from 1972 until September 18, 1998 when this role was assumed by the Internet Corporation for Assigned Names and Numbers...
was formed in 1993 under contract with the NSF, consisting of Network Solutions, Inc.
Network Solutions
Network Solutions, LLC is a technology company founded in 1979. The domain name registration business has become the most important division of the company. As of January 2009, Network Solutions managed more than 6.6 million domain names.-History:...
, General Atomics
General Atomics
General Atomics is a nuclear physics and defense contractor headquartered in San Diego, California. General Atomics’ research into fission and fusion matured into competencies in related technologies, allowing the company to expand into other fields of research...
and AT&T
AT&T
AT&T Inc. is an American multinational telecommunications corporation headquartered in Whitacre Tower, Dallas, Texas, United States. It is the largest provider of mobile telephony and fixed telephony in the United States, and is also a provider of broadband and subscription television services...
. The General Atomics contract was canceled after several years due to performance issues.
On December 1, 1999, management of the top-level domain
Top-level domain
A top-level domain is one of the domains at the highest level in the hierarchical Domain Name System of the Internet. The top-level domain names are installed in the root zone of the name space. For all domains in lower levels, it is the last part of the domain name, that is, the last label of a...
s (TLDs) com, net, and org was assigned to ICANN
ICANN
The Internet Corporation for Assigned Names and Numbers is a non-profit corporation headquartered in Marina del Rey, California, United States, that was created on September 18, 1998, and incorporated on September 30, 1998 to oversee a number of Internet-related tasks previously performed directly...
. At the time, these TLDs were converted to a thin WHOIS model. Existing WHOIS clients stopped working at that time. A month later, it had self-detecting CGI support so that the same program could operate a web-based WHOIS lookup, and an external TLD table to support multiple WHOIS servers based on the TLD of the request. This eventually became the model of the modern WHOIS client.
By 2005, there were many more generic top-level domains than there had been in the early 1980s. There are also many more country-code top-level domains. This has led to a complex network of domain name registrar
Domain name registrar
A domain name registrar is an organization or commercial entity, accredited by both ICANN and generic top-level domain registry to sell gTLDs and/or by a country code top-level domain registry to sell ccTLDs; to manage the reservation of Internet domain names in accordance with the guidelines of...
s and registrar associations, especially as the management of Internet infrastructure which has become more internationalized. As such, performing a WHOIS query on a domain requires knowing the correct, authoritative WHOIS server to use. Tools to do WHOIS proxy searches have become common.
In 2004, an IETF committee was formed to standardize a whole new way to look-up information on domain names and network numbers. The current working name for this proposed new standard is Cross Registry Information Service Protocol
Cross Registry Information Service Protocol
The Cross Registry Information Service Protocol, or CRISP, is a computer network communications protocol which has been in development by a working group at the Internet Engineering Task Force since 2004...
(CRISP).
The WHOIS protocol
The WHOIS protocol had its origin in the ARPANET NICNAME protocol and was based on the NAME/FINGER Protocol, described inSRI International
SRI International , founded as Stanford Research Institute, is one of the world's largest contract research institutes. Based in Menlo Park, California, the trustees of Stanford University established it in 1946 as a center of innovation to support economic development in the region. It was later...
.
WHOIS was originally implemented on the Network Control Program
Network Control Program
The Network Control Program provided the middle layers of the protocol stack running on host computers of the ARPANET, the predecessor to the modern Internet...
(NCP) but found its major use when the TCP/IP
Internet protocol suite
The Internet protocol suite is the set of communications protocols used for the Internet and other similar networks. It is commonly known as TCP/IP from its most important protocols: Transmission Control Protocol and Internet Protocol , which were the first networking protocols defined in this...
suite was standardized across the ARPANET and later the Internet.
The protocol specification is the following (original quote):
Connect to the service host
TCP: service port 43 decimal
NCP: ICP to socket 43 decimal, establishing two 8-bit connections
Send a single "command line", ending with.
Receive information in response to the command line. The
server closes its connections as soon as the output is
finished.
The command line server query is normally a single name specification. i.e. the name of a resource. However, servers accept a query, consisting of only the question mark (?) to return a description of acceptable command line formats. Substitution or wild-card formats also exist, e.g., appending a full-stop (period) to the query name returns all entries beginning with the query name.
On the modern Internet, WHOIS services are typically communicated using the Transmission Control Protocol
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
(TCP). Servers listen to requests on the well-known port number 43. Clients are simple applications that establish a communications channel to the server, transmit a text record with the name of the resource to be queried and await the response in form of a sequence of text records found in the database. This simplicity of the protocol also permits an application, and a command line interface user, to query a WHOIS server using the Telnet
TELNET
Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection...
protocol.
Implementation
WHOIS lookups were traditionally performed with a command line interface application, but now many alternative web-based tools exist. WHOIS has a sister protocol called Referral Whois (RWhois).A WHOIS database consists of a set of text records for each resource. These text records consists of various items of information about the resource itself, and any associated information of assignees, registrants, administrative information, such as creation and expiration dates.
Two data models exist for storing resource information in a WHOIS database, the thick and the thin model.
Thin and thick lookups
WHOIS information can be stored and looked up according to either a thick or a thin data model:Thick: one WHOIS server stores the complete WHOIS information from all the registrars for the particular set of data (so that one WHOIS server can respond with WHOIS information on all .org
.org
The domain name org is a generic top-level domain of the Domain Name System used in the Internet. The name is derived from organization....
domains, for example).
Thin: one WHOIS server stores only the name of the WHOIS server of the registrar of a domain, which in turn has the full details on the data being looked up (such as the .com
.com
The domain name com is a generic top-level domain in the Domain Name System of the Internet. Its name is derived from commercial, indicating its original intended purpose for domains registered by commercial organizations...
WHOIS servers, which refer the WHOIS query to the registrar where the domain was registered).
The thick model usually ensures consistent data and slightly faster queries, since only one WHOIS server needs to be contacted. If a registrar goes out of business, a thick registry contains all important information (if the registrant entered correct data, and privacy features were not used to obscure the data) and registration information can be retained. But with a thin registry, the contact information might not be available, and it could be difficult for the rightful registrant to retain control of the domain.
If a WHOIS client did not understand how to deal with this situation, it would display the full information from the registrar. Unfortunately, the WHOIS protocol has no standard for determining how to distinguish the thin model from the thick model.
Specific details of which records are stored vary among domain name registries
Domain name registry
A domain name registry is a database of all domain names registered in a top-level domain. A registry operator, also called a network information center , is the part of the Domain Name System of the Internet that keeps the database of domain names, and generates the zone files which convert...
. Some top-level domain
Top-level domain
A top-level domain is one of the domains at the highest level in the hierarchical Domain Name System of the Internet. The top-level domain names are installed in the root zone of the name space. For all domains in lower levels, it is the last part of the domain name, that is, the last label of a...
s, including com
.com
The domain name com is a generic top-level domain in the Domain Name System of the Internet. Its name is derived from commercial, indicating its original intended purpose for domains registered by commercial organizations...
and net
.net
The domain name net is a generic top-level domain used in the Domain Name System of the Internet. The name is derived from network, indicating its originally intended purpose for organizations involved in networking technologies, such as Internet service providers and other infrastructure companies...
, operate a thin WHOIS, requiring domain registrars to maintain their own customers' data. The other global top-level registries, including org
.org
The domain name org is a generic top-level domain of the Domain Name System used in the Internet. The name is derived from organization....
, operate a thick model. Each country-code top-level registry has its own national rules.
Software
The first applications written for the WHOIS information system were command line interface tools for UnixUnix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
and Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
operating systems. WHOIS client and server software is distributed as free open-source software
Open-source software
Open-source software is computer software that is available in source code form: the source code and certain other rights normally reserved for copyright holders are provided under a software license that permits users to study, change, improve and at times also to distribute the software.Open...
and binary distributions are included with all Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
systems. Various commercial Unix implementations may use a proprietary implementations (for example, Sun Solaris 7).
A WHOIS command line client passes a phrase given as an argument directly to the WHOIS server. However, most modern WHOIS tools implement command line flags or options, such as the -h option to access a specific server host, but default servers are preconfigured. Additional options may allow control of the port number to connect on, displaying additional debugging data, or changing recursion/referral behavior.
Like most TCP/IP client-server
Client-server
The client–server model of computing is a distributed application that partitions tasks or workloads between the providers of a resource or service, called servers, and service requesters, called clients. Often clients and servers communicate over a computer network on separate hardware, but both...
applications, a WHOIS client takes the user input and then opens an Internet socket
Internet socket
In computer networking, an Internet socket or network socket is an endpoint of a bidirectional inter-process communication flow across an Internet Protocol-based computer network, such as the Internet....
to its destination server. The WHOIS protocol manages the transmission of the query and reception of results.
Web
With the advent of the World Wide WebWorld Wide Web
The World Wide Web is a system of interlinked hypertext documents accessed via the Internet...
and especially the loosening up of the Network Solutions
Network Solutions
Network Solutions, LLC is a technology company founded in 1979. The domain name registration business has become the most important division of the company. As of January 2009, Network Solutions managed more than 6.6 million domain names.-History:...
monopoly, looking up WHOIS information via the web has become quite common. At present, popular web-based WHOIS-queries may be conducted from ARIN
Arin
Arin may refer to:* American Registry for Internet Numbers* Arin, Armenia - A town in Armenia* Arin language - An extinct Yeniseic language* Arın Soğancıoğlu, Turkish basketball player...
, RIPE
RIPE
Réseaux IP Européens is a forum open to all parties with an interest in the technical development of the Internet. The RIPE community’s objective is to ensure that the administrative and technical coordination necessary to maintain and develop the Internet continues...
and APNIC. Most early web-based WHOIS clients were merely front-ends to a command-line client, where the resulting output just gets displayed on a web page with little, if any, clean-up or formatting.
Nowadays, web based WHOIS clients usually perform the WHOIS queries directly and then format the results for display. Many such clients are proprietary, authored by domain name registrars.
The need for web-based clients came from the fact that command-line WHOIS clients largely existed only in the Unix and large computing worlds. Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
and Macintosh computers had no WHOIS clients, so registrars had to find a way to provide access to WHOIS data for potential customers. Many end-users still rely on such clients, even though command line and graphical clients exist now for most home PC platforms.
There are also many sites not owned by registrars or Internet-related companies. These support most of main TLD
TLD
TLD is a three-letter initialism that may stand for:* Top-level domain, the last part of an Internet domain name* Tag Library Descriptor, an XML document that maps JSP tags to their handlers or associated files...
and remains free. But most of web-based whois sites are incomplete and do not support all TLD nor IP search.
Some work from a built-in WHOIS server list and some other try to retrieve the one which fits the TLD you ask for from a live Domain Information Groper
Domain Information Groper
Domain Information Groper is a network administration command-line tool for querying Domain Name System name servers for any desired DNS records....
query (command line clients do this query in background first).
CPAN
CPAN
CPAN, the Comprehensive Perl Archive Network, is an archive of nearly 100,000 modules of software written in Perl, as well as documentation for it. It has a presence on the World Wide Web at and is mirrored worldwide at more than 200 locations...
has several Perl
Perl
Perl is a high-level, general-purpose, interpreted, dynamic programming language. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language to make report processing easier. Since then, it has undergone many changes and revisions and become widely popular...
modules available that work with WHOIS servers. Many of them are not current and do not fully function with the current (2005) WHOIS server infrastructure. However, there is still much useful functionality to derive including looking up AS numbers and registrant contacts.
Regional Internet registries
WHOIS servers operated by Regional Internet Registries (RIR) can be queried directly to determine the Internet Service ProviderInternet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
responsible for a particular resource.
The records of each of these registries are cross-referenced, so that a query to ARIN
Arin
Arin may refer to:* American Registry for Internet Numbers* Arin, Armenia - A town in Armenia* Arin language - An extinct Yeniseic language* Arın Soğancıoğlu, Turkish basketball player...
for a record which belongs to RIPE
RIPE
Réseaux IP Européens is a forum open to all parties with an interest in the technical development of the Internet. The RIPE community’s objective is to ensure that the administrative and technical coordination necessary to maintain and develop the Internet continues...
will return a place-holder pointing to the RIPE WHOIS server. This lets the WHOIS user making the query know that the detailed information resides on the RIPE server. In addition to the RIRs servers, commercial services exist, such as the Routing Assets Database
Routing Assets Database
Routing Assets Database , run by Merit Network, is a lookup database designed to make fundamental information about networks available. The RADb is a public registry of routing information for networks in the Internet...
used by some large networks (e.g., large Internet providers that acquired other ISPs in several RIR areas).
Server discovery
There is currently no standard for determining the responsible WHOIS server for a DNS domain, though a number of methods are in common use for top-level domainTop-level domain
A top-level domain is one of the domains at the highest level in the hierarchical Domain Name System of the Internet. The top-level domain names are installed in the root zone of the name space. For all domains in lower levels, it is the last part of the domain name, that is, the last label of a...
s (TLDs).
Server advertisement in DNS
Some TLD operators publish a server referral (SRV recordSRV record
A Service record is a specification of data in the Domain Name System defining the location, i.e. the hostname and port number, of servers for specified services. It is defined in RFC 2782, and its type code is 33...
) for the WHOIS protocol in their DNS zone, advertising their WHOIS server. This SRV record has the domain name format _nicname._tcp.
For example, the WHOIS server for us may be found by querying for the SRV record:
dig +short SRV _nicname._tcp.us
0 0 43 whois.nic.us.
returning the server name and port number (43).
Server name aliases under whois-servers.net
whois-servers.net provides DNS alias records (CNAME) for TLD WHOIS servers of the formFor example, the host com.whois-servers.net can be used in place of the WHOIS server name for the com TLD in a command line query:
whois -h com.whois-servers.net example.com
[Querying com.whois-servers.net]
[com.whois-servers.net]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: EXAMPLE.COM
Registrar: RESERVED-INTERNET ASSIGNED NUMBERS AUTHORITY
Whois Server: whois.iana.org
Referral URL: http://res-dom.iana.org
Name Server: A.IANA-SERVERS.NET
Name Server: B.IANA-SERVERS.NET
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 26-mar-2004
Creation Date: 14-aug-1995
Expiration Date: 13-aug-2011
>>> Last update of whois database: Tue, 17 Aug 2010 02:23:52 UTC <<<
The GNU
GNU
GNU is a Unix-like computer operating system developed by the GNU project, ultimately aiming to be a "complete Unix-compatible software system"...
WHOIS utility automatically uses the whois-servers.net service.
WHOIS lookup at whois.iana.org
The IANAIANA
IANA is an initialism that may stand for a number of things:*the Internet Assigned Numbers Authority, an organisation that oversees IP address, Top-level domain and Internet protocol code point allocations*the Iranian Agriculture News Agency...
whois server at whois.iana.org provides information on each TLD including the whois server.
whois -h whois.iana.org com
[Querying whois.iana.org]
[whois.iana.org]
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
domain: COM
organisation: VeriSign Global Registry Services
address: 21345 Ridgetop Circle
address: Dulles Virginia 20166
address: United States
contact: administrative
name: Registry Customer Service
organisation: VeriSign Global Registry Services
address: 21345 Ridgetop Circle
address: Dulles Virginia 20166
address: United States
phone: +1 703 925-6999
fax-no: +1 703 421-5828
e-mail: info@verisign-grs.com
contact: technical
name: Registry Customer Service
organisation: VeriSign Global Registry Services
address: 21345 Ridgetop Circle
address: Dulles Virginia 20166
address: United States
phone: +1 703 925-6999
fax-no: +1 703 421-5828
e-mail: info@verisign-grs.com
nserver: A.GTLD-SERVERS.NET 192.5.6.30 2001:503:a83e:0:0:0:2:30
nserver: B.GTLD-SERVERS.NET 192.33.14.30 2001:503:231d:0:0:0:2:30
nserver: C.GTLD-SERVERS.NET 192.26.92.30
nserver: D.GTLD-SERVERS.NET 192.31.80.30
nserver: E.GTLD-SERVERS.NET 192.12.94.30
nserver: F.GTLD-SERVERS.NET 192.35.51.30
nserver: G.GTLD-SERVERS.NET 192.42.93.30
nserver: H.GTLD-SERVERS.NET 192.54.112.30
nserver: I.GTLD-SERVERS.NET 192.43.172.30
nserver: J.GTLD-SERVERS.NET 192.48.79.30
nserver: K.GTLD-SERVERS.NET 192.52.178.30
nserver: L.GTLD-SERVERS.NET 192.41.162.30
nserver: M.GTLD-SERVERS.NET 192.55.83.30
whois: whois.verisign-grs.com
remarks: Registration information: http://www.verisign-grs.com
created: 1985-01-01
changed: 2005-07-26
source: IANA
Query example
Normally the contact information of the resources assignee is returned. However, some registrars offer private registration, in which case the contact information of the registrar is shown instead.Some registry operators are wholesalers, meaning that they typically provide domain name services to a large number of retail registrars, who in turn offer them to consumers. For private registration, only the identity of the wholesale registrar may be returned. In this case, the identity of the individual as well as the retail registrar may be hidden.
Below is an example of WHOIS data returned for an individual resource holder. This is the result of a WHOIS query of example.com
Example.com
Example.com, example.net, example.org, and example.edu are second-level domain names reserved for documentation purposes and examples of the use of domain names....
:
whois example.com
[Querying whois.verisign-grs.com]
[Redirected to whois.iana.org]
[Querying whois.iana.org]
[whois.iana.org]
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
domain: EXAMPLE.COM
organisation: Internet Assigned Numbers Authority
created: 1992-01-01
source: IANA
Referral Whois
Referral Whois (RWhois) is an extension of the original Whois protocol and service. RWhois extends the concepts of Whois in a scalableScalability
In electronics scalability is the ability of a system, network, or process, to handle growing amount of work in a graceful manner or its ability to be enlarged to accommodate that growth...
, hierarchical fashion, potentially creating a system with a tree-like architecture. Queries are deterministically routed to servers based on hierarchical labels, reducing a query to the primary repository of information.
Lookups of IP address allocations are often limited to the larger Classless Inter-Domain Routing
Classless Inter-Domain Routing
Classless Inter-Domain Routing is a method for allocating IP addresses and routing Internet Protocol packets. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the Internet...
(CIDR) blocks (e.g., /24, /22, /16), because usually only the regional Internet registries
Regional Internet registry
A regional Internet registry is an organization that manages the allocation and registration of Internet number resources within a particular region of the world...
(RIRs) and domain registrars run RWhois or Whois servers, although RWhois is intended to be run by even smaller local Internet registries
Local Internet Registry
A local Internet registry is an organization that has been allocated a block of IP addresses by a regional Internet registry , and that assigns most parts of this block to its own customers. Most LIRs are Internet service providers, enterprises, or academic institutions. Membership in an RIR is...
, to provided more granular information about IP address assignment.
RWhois is intended to replace Whois, providing an organized hierarchy of referral services where one could connect to any RWhois server, request a look-up and be automatically re-directed to the correct server(s). However, while the technical functionality is in place, adoption of the RWhois standard has been weak.
RWhois services are typically communicated using the Transmission Control Protocol
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
(TCP). Servers listen to requests on the well-known port number 4321.
Rwhois was first specified in
Network Solutions
Network Solutions, LLC is a technology company founded in 1979. The domain name registration business has become the most important division of the company. As of January 2009, Network Solutions managed more than 6.6 million domain names.-History:...
, but the specification was superseded in 1997 by RFC 2167.
The referral features of RWhois are different than the feature of a Whois server to refer responses to another server, which RWhois also implements.
Criticism
There is no domain privacyDomain privacy
Domain privacy is a service offered by a number of domain name registrars. A user buys privacy from the company, who in turn replaces the user's info in the WHOIS with the info of a forwarding service such as "Domains by Proxy, Inc." or eNom's "Whois Privacy Protection Service".-Level of...
. Registrant's contact details, such as address and telephone number, are easily accessible to anyone for many domains. Although some registrars offer private registrations, by which the contact information of the registrar is shown, the ICANN rules state that in these cases the registrar or the provider of this service is the lessor of the domain.
Registrant may be obscured: In the case of private registration, it may be difficult for a registrant to confirm their registration status.
Spammers often harvest plain-text email addresses from WHOIS requests. For this reason, WHOIS servers and websites offering WHOIS queries have implemented rate-limiting system, such as CAPTCHA
CAPTCHA
A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person. The process usually involves one computer asking a user to complete a simple test which the computer is able to generate and grade...
.
The WHOIS protocol was not written with an international audience in mind. A WHOIS server or client cannot determine the text encoding in effect for the query or the database content. The servers were originally using US-ASCII
ASCII
The American Standard Code for Information Interchange is a character-encoding scheme based on the ordering of the English alphabet. ASCII codes represent text in computers, communications equipment, and other devices that use text...
. This might impact the usability or usefulness of the WHOIS protocol in countries outside the USA. In the case of internationalized domain names it is the responsibility of the client application to perform the translation of the domain name between its native language script and the DNS name in punycode
Punycode
In computing, Punycode is an instance of a general encoding syntax by which a string of Unicode characters is transformed uniquely and reversibly into a smaller, restricted character set....
.
Accuracy of information
In cases where the registrant's identity is public, anyone can easily confirm the status of a domain via WHOIS.In the case of private registrations, ascertaining registration information may be more difficult. If a registrant has acquired a domain name and wants to verify that the registrar has indeed completed the registration process, three steps may be required: 1) perform a WHOIS and confirm that the resource is at least registered with ICANN, 2) determine the name of the wholesale registrar, and 3) contact the wholesaler and obtain the name of the retail registrar. This provides some confidence that the retailer actually registered the name. But if the registrar goes out of business, such as the failure of RegisterFly
RegisterFly
RegisterFly was a New Jersey based internet hosting and domain name registrar that had their ICANN-accredited status terminated in March 2007.-History:...
in 2007, the rightful domain holder with privacy-protected registrations may have difficulty retaining domain administration. The end user of "private registration" can attempt to protect themselves by using a registrar that places customer data in escrow with a third party.
ICANN requires that each domain name registrant be given the opportunity to correct any inaccurate contact data associated with a domain. For this reason, the registrar is required to periodically send the holder the contact information on record for verification.
Law and policy
WHOIS has generated policy issues in the United States federal government. As noted above, WHOIS creates a privacyPrivacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
issue which is also tied to free speech and anonymous speech. However, WHOIS is an important tool for law enforcement officers investigating violations like spam
Spam (electronic)
Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
and phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
to track down the holders of domain names. Law enforcement officers become frustrated when WHOIS records are filled with rubbish. As a result, law enforcement agencies have sought to make WHOIS records both open and verified:
- The Federal Trade CommissionFederal Trade CommissionThe Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
has testified about how inaccurate WHOIS records thwart their investigations. - Congressional hearings have been conducted about the importance of WHOIS in 2006, 2002, and 2001.
- The Fraudulent Online Identity Sanctions Act "make it a violation of trademark and copyright law if a person knowingly provided, or caused to be provided, materially false contact information in making, maintaining, or renewing the registration of a domain name used in connection with the violation," where the latter "violation" refers to a prior violation of trademark or copyright law. The act does not make the submission of false WHOIS data illegal in itself, only if used to shield oneself from prosecution for crimes committed using that domain name.
Standards documents
-
RFC 812 – NICNAME/WHOIS (1982, obsolete) -
RFC 954 – NICNAME/WHOIS (1985, obsolete) -
RFC 3912 – WHOIS protocol specification (2004, current)
See also
- Domain name registryDomain name registryA domain name registry is a database of all domain names registered in a top-level domain. A registry operator, also called a network information center , is the part of the Domain Name System of the Internet that keeps the database of domain names, and generates the zone files which convert...
- Regional Internet registryRegional Internet registryA regional Internet registry is an organization that manages the allocation and registration of Internet number resources within a particular region of the world...
- Routing Assets DatabaseRouting Assets DatabaseRouting Assets Database , run by Merit Network, is a lookup database designed to make fundamental information about networks available. The RADb is a public registry of routing information for networks in the Internet...
- Routing Policy Specification LanguageRouting Policy Specification LanguageThe Routing Policy Specification Language is a language commonly used by ISPs to describe their routing policies.The routing policies are stored at various whois databases including RIPE, RADB and APNIC...
- Shared Whois ProjectShared Whois ProjectThe Shared Whois Project is the process used to submit, maintain and update information to ensure up-to-date and efficient maintenance of WHOIS records, as structured in RFC 1491. The process updates WHOIS to contain information regarding what organization is using a specific IP address, or a...