WHOIS (pronounced as the phrase who is ) is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. WHOIS lookups were traditionally performed with a command line interface application, and network administrators predominantly still use this method, but many simplified web-based tools exist. WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43.
The WHOIS system originated as a method for system administrators to obtain contact information for IP address assignments or domain name administrators. The use of the data in the WHOIS system has evolved into a variety of uses, including:
- Supporting the security and stability of the Internet by providing contact points for network operators and administrators, including ISPs, and certified computer incident response teams;
- Determining the registration status of domain names;
- Assisting law enforcement authorities in investigations for enforcing national and international laws, including, for example, countering terrorism-related criminal offenses and in supporting international cooperation procedures. In some countries, specialized non-governmental entities may be involved in this work;
- Assisting in the combating against abusive uses of Information communication technology, such as illegal and other acts motivated by racism, racial discrimination, xenophobia, and related intolerance, hatred, violence, all forms of child abuse, including pedophilia and child pornography, the trafficking in, and exploitation of, human beings.
- Facilitating inquiries and subsequent steps to conduct trademark clearances and to help counter intellectual property infringement, misuse and theft in accordance with applicable national laws and international treaties;
- Contributing to user confidence in the Internet as a reliable and efficient means of information and communication and as an important tool for promoting digital inclusion, e-commerce and other legitimate uses by helping users identify persons or entities responsible for content and services online; and
- Assisting businesses, other organizations and users in combating fraud, complying with relevant laws and safeguarding the interests of the public.
Presently ICANN is undertaking a study to determine the uses and abuses of WHOIS information. Other studies that are ongoing concern the accuracy of WHOIS information, and the effectiveness of the processes for reporting inaccurate public WHOIS information.
Due to the potential abuse of WHOIS information, the registrant of a domain is considered to be whoever controls the domain's username/passwords, e-mail address, and administrative features.
WHOIS has a sister protocol called Referral Whois (RWhois).
History
When the Internet was emerging out of the ARPANET, there was only one organization that handled all domain registrations, which was DARPA itself. The process of registration was established in RFC 920. WHOIS was standardized in the early 1980s to look-up domains, people and other resources related to domain and number registrations. Because all registration was done by one organization in that time, one centralized server was used for WHOIS queries. This made looking-up such information very easy.
Early WHOIS servers were highly permissive and would allow wild-card searches. You could do a WHOIS lookup on a person's last name and get all the individual people who had that name. Someone could do a query on a keyword and see all registered domains containing that keyword. Someone could even query a given administrative contact and see all domains they were associated with. Due to the advent of the commercialized Internet, multiple registrars and unethical spammers, such permissive searching is no longer available.
Responsibility of domain registration remained with DARPA as the ARPANET became the Internet during the 1980s. UUNet began offering domain registration service, however they simply handled the paperwork which they forwarded to DARPA's Network Information Center (NIC). Then the National Science Foundation directed that management of Internet domain registration would be handled by commercial, 3rd party entities. InterNIC was formed in 1993 under contract with the NSF, consisting of Network Solutions, Inc., General Atomics, and AT&T. General Atomics' contract was cancelled after several years due to performance issues.
On December 1 , 1999, management of the top-level domains (TLDs) .com, .net, and .org was turned over to ICANN. At the time, these popular TLDs were switched to a thin WHOIS model. Existing WHOIS clients stopped working at that time. A month later, it had self-detecting CGI support so that the same program could operate a web-based WHOIS lookup, and an external TLD table to support multiple WHOIS servers based on the TLD of the request. This eventually became the model of the modern WHOIS client.
By 2005, there were many more generic top-level domains than there had been in the early 1980s. There are also many more country-code top-level domains. This has led to a complex network of domain name registrars and registrar associations, especially as the management of Internet infrastructure which has become more internationalized. As such, performing a WHOIS query on a domain requires knowing the correct, authoritative WHOIS server to use. Tools to do WHOIS proxy searches have become common. Also, there is a command-line whois client called jwhois which uses a configuration file to map domain names and network blocks to their appropriate registrars.
In 2004, an IETF committee was formed to standardize a whole new way to look-up information on domain names and network numbers. The current working name for this proposed new standard is Cross Registry Information Service Protocol (CRISP).
Technical and software overview
Thin and thick lookups
WHOIS information can be stored and looked up according to either a "thick" or a "thin" data model:
The thick model usually ensures consistent data and slightly faster lookups (since only one WHOIS server needs to be contacted). If a registrar goes out of business, a thick registry contains all important information (if the registrant entered correct data, and privacy features were not used to obscure the data) and registration information can be retained. But with a thin registry, the contact information might not be available (unless adequately escrowed), and it could be difficult for the rightful registrant to retain control of the domain.
If a WHOIS client did not understand how to deal with this situation, it would display the full information from the registrar. Unfortunately, the WHOIS protocol has no standard for determining how to distinguish the thin model from the thick model.
Specific details of which records are stored vary among domain name registries. Some top-level domains, including .com and .net, operate a thin WHOIS, requiring domain registrars to maintain their own customers' data. Other registries, including .org, operate a thick model.
Command-line clients
Originally the only method by which a WHOIS server could be contacted was to use a command line interface text client. In most cases this was on a Unix or Unix-like platform. The WHOIS client software was (and still is) distributed as open source. Various commercial Unix implementations may use their own implementations (for example, Sun Solaris 7 has a WHOIS client authored by Sun).
A WHOIS command line client typically has options to choose which host to connect to for whois queries, with a default whois server being compiled in. Additional options may allow control of what port to connect on, displaying additional debugging data, or changing recursion/referral behavior.
Like most TCP/IP client/server applications, a WHOIS client takes the user input and then opens an IP socket to its destination server. The WHOIS protocol is used to establish a connection on the appropriate port and send the query. The client waits for a response from the server, which it then either returns to the end-user or uses to make additional queries. .
The source package of GNU whois command-line client can be downloaded from Free Software Directory. A Windows port of this can be acquired from SourceForge. Windows users also can acquire a WHOIS command-line client from Microsoft as part of its Sysinternals Suite.
Graphical clients
The term "graphical client" may be a bit of a misnomer for a WHOIS client, since all the data to be derived from a WHOIS server is plain text, and the protocol is a relatively static one. There is not much interaction to do with a WHOIS server. In this context, the term "graphical client" is taken to mean a WHOIS client that runs as an application on a GUI OS and uses the OS's standard GUI for user interaction.
Web-based queries
With the advent of the World Wide Web and especially the loosening up of the Network Solutions monopoly, looking up WHOIS information via the web has become quite common. At present, popular web-based WHOIS-queries may be conducted from ARIN, RIPE and APNIC. Most early web-based WHOIS clients were merely front-ends to a command-line client, where the resulting output just got displayed on a webpage with little, if any, clean-up or formatting.
Nowad
Whois lookup and Domain name search
Whois database lookups for hundreds of TLDs with site details like IP location, reverse DNS, screenshots, whois history, name server, IP History, blacklist status, SEO score, Alexa ...
Whois.net - Domain Names
Whois domain name lookup, available domain names, domain keyword search, deleted domains: Explanation of Tool:
WHOIS Lookup
Domain name registration. Web hosting. Email services. SSL certificates.
Who.is: Whois, Website, Domain Name, and IP Tools - Who.is
Who.is has a large suite of tools related to whois, websites, domain names and ip addresses.
Domain Tools: Whois Lookup and Domain Suggestions
Domain name search tool; allows wildcard search of current, deleted/expired whois domains and dns tools.
WHOIS Search for Domain Registration Information | Network Solutions
For a small monthly fee, we'll act as your proxy — which means that anyone who does a WHOIS lookup for your domain name information will find our contact information, not yours.
.edu Whois Look up
(You may use "%" as a wildcard in your search.) Domain (e.g., myinstitution.edu) Organization (e.g., Anywhere University) Nameserver (e.g., dns.myinstitution.edu)
easyWhois: Lookup Domain Whois Records and Research DNS Information
easily lookup domain name whois records and DNS information for any top level domain name or IP address block
PNINA: Whois Lookup System
PNINA, Building and Managing the Palestinian Internet Address Book .PS DOMAIN LOOKUP
WHOIS Lookup
Note: Are you an Existing Customer? Your Username is the email address you used to create your account with us originally. Enter your Username and Password to Login.