|Family:||Internet protocol family|
|Operation area:||Query of domain ,
AS and IP information
|Ports:||43 / TCP|
RFC 2167 (RWhois 1997 )
Whois inquiries have been made via the command line from the very beginning . Since the corresponding client software was not available for all common operating systems, web-based frontends prevailed early on . Despite later corresponding versions, web whois providers are still very popular, not least for reasons of keeping domain lookups up-to-date.
For data protection reasons, the owners of .de domains can no longer be queried via the whois protocol since the end of the 2000s, but only via the DENIC homepage . In the mid-2010s, this secured the website form against automated access with a captcha .
Since the General Data Protection Regulation came into force in May 2018 , the query has only provided third parties with the technical information of the name servers and e-mail addresses for making contact. In addition, owners themselves receive the entered data, for example for checking, via a link that is sent to the stored email address. Third parties, on the other hand, can only request the owner data using separate forms as an authority or in the event of verifiable legal disputes, for example due to name rights or seizures.
The term “Whois” is also used for other, comparable queries, for example regarding user information on IRC .
A plain text protocol is defined on port 43 / TCP specified by the IANA . The sister protocol RWhois extends Whois to include forwarding and a hierarchical structure, similar to the Domain Name System . As in HTTP 0.9, queries consist of a single line that is passed by the client to an open socket . The answer from the Whois server follows the first line feed. Some databases, including whois.denic.de, allow the specification of the encoding or the query type using your own, but not standardized, parameters that precede the query. Due to its architecture, queries like in the following example can also be carried out with a Telnet client.
|A TCP connection is established with the three-way handshake .|
|(SYN + ACK)|
|The actual query with answer|
|example.com <CR> <LF>|
|Whois record from example.com <CR> <LF>|
|Continuation <CR> <LF>|
|The TCP connection is terminated|
In the early days of the Internet, the registration and administration of all ARPANET domains was in the hands of DARPA . This centralization made it possible to obtain information about all assigned IP addresses, domains and persons from a single server. The small number of data records also enabled fuzzy searches for names or any content. With the increasing opening of the networks, the arrival of new registrars and abuse by spam senders, the search criteria were noticeably restricted. A trend that has continued to this day, so that today's Whois servers sometimes define restrictive query rates and some Web Whois providers protect their services with captchas or use other methods of bot detection.
On December 1, 1999, ICANN began to be responsible for the three popular .com, .net and .org domains, with a changeover to a model that delegates the complete data records to the respective registrars ("thin") and only worked to a limited extent with traditional clients. As of January 1, 2003, the Public Interest Registry (under the leadership of Afilias) took over the operation of .org, again in the model of a central data storage ("thick").
Today, with the existence of new generic and sponsored top-level domains and also new country domains, there is a complex, incomplete network that requires knowledge of the corresponding Whois server for a successful domain lookup.
In order to overcome existing disadvantages, an IETF working group was formed in 2004 to develop a new standard with the working title CRISP (Cross Registry Information Service Protocol). A first result of these efforts is the XML -based IRIS protocol, the classes of which are reminiscent of RPSL structures. Previous attempts to make Whois information accessible via LDAP or the Whois ++ were unsuccessful.
As of August 26, 2019, domain dealers and operators of all address zones that are contractually bound to the ICANN domain administration will have to stop access to domain owner data via the Whois protocol and switch to the Registration Data Access Protocol ( RDAP ).
Problems and privacy
Neither the structure and character coding of the return nor error handling are subject to standards, which makes cross-domain machine evaluation more difficult. Domain lookups are the responsibility of the administration or NIC and are not available for every top level domain . As a rule, detailed information that must be provided during the domain registration can be queried here.
The individual domain name registries often handle whois data very differently. The public provision of telephone numbers in the context of Whois entries, for example, is subject to a constant discussion, which flared up again in 2006 with a proposal by ICANN . Since an administrative contact is also provided for possible misuse, some providers are already restricting themselves to a list of name servers or information about the registrability.
With the application of the General Data Protection Regulation from May 25, 2018, this data may no longer be publicly visible in Europe.
Since there are no naming conventions for Whois servers, common clients such as GNU jwhois keep correspondence lists that require a configuration update every time a change is made.
Example of a domain query
Domain ID:D51687756-LROR Domain Name:WIKIPEDIA.ORG Created On:13-Jan-2001 00:12:14 UTC Last Updated On:02-Dec-2009 20:57:17 UTC Expiration Date:13-Jan-2015 00:12:14 UTC Sponsoring Registrar:GoDaddy.com, Inc. (R91-LROR) Status:CLIENT DELETE PROHIBITED Status:CLIENT RENEW PROHIBITED Status:CLIENT TRANSFER PROHIBITED Status:CLIENT UPDATE PROHIBITED Registrant ID:CR31094073 Registrant Name:DNS Admin Registrant Organization:Wikimedia Foundation, Inc. Registrant Street1:149 New Montgomery Street Registrant Street2:Third Floor Registrant Street3: Registrant City:San Francisco Registrant State/Province:California Registrant Postal Code:94105 Registrant Country:US Registrant Phone:+1.4158396885 Registrant Phone Ext.: Registrant FAX:+1.4158820495 Registrant FAX Ext.: Registrant Email:firstname.lastname@example.org Admin ID:CR31094075 Admin Name:DNS Admin Admin Organization:Wikimedia Foundation, Inc. Admin Street1:149 New Montgomery Street Admin Street2:Third Floor Admin Street3: Admin City:San Francisco Admin State/Province:California Admin Postal Code:94105 Admin Country:US Admin Phone:+1.4158396885 Admin Phone Ext.: Admin FAX:+1.4158820495 Admin FAX Ext.: Admin Email:email@example.com Tech ID:CR31094074 Tech Name:DNS Admin Tech Organization:Wikimedia Foundation, Inc. Tech Street1:149 New Montgomery Street Tech Street2:Third Floor Tech Street3: Tech City:San Francisco Tech State/Province:California Tech Postal Code:94105 Tech Country:US Tech Phone:+1.4158396885 Tech Phone Ext.: Tech FAX:+1.4158820495 Tech FAX Ext.: Tech Email:firstname.lastname@example.org Name Server:NS0.WIKIMEDIA.ORG Name Server:NS1.WIKIMEDIA.ORG Name Server:NS2.WIKIMEDIA.ORG Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC:Unsigned
While the format of the return on domain queries is based on RPSL only for some providers , results from IP, AS, role or person queries as well as databases available for download (such as Merit IRR Services) follow this standard largely.
- The query for the IP also provides information about the IP range in which the address is located and where these IPs are registered:
abc@example:~# whois 188.8.131.52 Neucom, Inc. NEUCOM (NET-66-230-192-0-1) 184.108.40.206 - 220.127.116.11 Wikimedia Foundation Inc. WIKIMEDIA-66-230-200 (NET-66-230-200-0-1) 18.104.22.168 - 22.214.171.124 # ARIN WHOIS database, last updated 2007-07-22 19:10
List of whois servers
IP and AS lookups
The databases of the Regional Internet Registries are usually also available for download on their websites. To protect against abuse, the information contained in these packages does not contain any person classes.
Information about autonomous systems is also provided by the RIRs.
Generic Top Level Domains (gTLD)
The servers listed are Whois servers that provide their information on port 43 / TCP, but not web frontends from the providers concerned.
|Whois server for domain lookups of gTLDs|
Second level domain Whois
Occasionally, second-level domains can operate their own Whois servers. In some countries that follow the ".co.uk" similar scheme, this is done by the responsible NIC. Some commercial providers such as Centralnic (including .de.com), ausregistry (including .com.au) or info.at (including .info.at) provide whois information.
Query of Whois databases
Various Whois proxy services exist to make Whois information available via a web browser . In many cases, these are services operated by domain dealers and registrars that only cover a few domains and only rarely IP or AS information. For further searches, we recommend using a corresponding client in the command line .
With most common home and server operating systems , a Whois client is either included in the scope of delivery or at least freely available. Simple queries can be made in the command line with the program
whois . The following is an example of the syntax:
$ whois wikipedia.org
$ telnet whois.internic.net 43 example.com <CR><LF>
- IP-info.org shows domain in IP and vice versa, RIR, ISP, host, with a map and complete "Whois" result. Multilingual
- The Internet Corporation for Assigned Names and Numbers
- The Internet Assigned Numbers Authority
- Link catalog on the subject of WHOIS web clients at curlie.org (formerly DMOZ )
- Official IANA ccTLD list
- Report on the data protection discussion at heise online, July 3, 2006
- Whois server software
List of whois servers for the five RIRs
|Whois server for IP lookups according to RIR|
|RIPE NCC||http://www.ripe.net/||Réseaux IP Européens|
|ARIN||http://www.arin.net/||American Registry For Internet Numbers|
|APNIC||http://www.apnic.net/||Asia Pacific Network Information Center|
|LACNIC||http://www.lacnic.net/||Latin American and Caribbean Internet Addresses Registry|
|AfriNIC||http://www.afrinic.net/||African Network Information Center|
Requests For Comments (RFC)
- RFC 812 , NICNAME / WHOIS ( 1982 , superseded)
- RFC 954 , NICNAME / WHOIS ( 1985 , superseded)
- RFC 1714 , RWHOIS ( 1994 , superseded)
- RFC 2167 , RWHOIS 1.5 ( 1997 )
- RFC 3912 , WHOIS Protocol Specification ( 2004 )
Protocols traded as a replacement:
- Whois ++: RFC 1834 , RFC 1835 , RFC 1913 , RFC 1914 , RFC 2957 , RFC 2958
- CRISP / IRIS: RFC 3707 , RFC 3981 , RFC 3982 , RFC 3983
- RFC 3912
- defined in RFC 1714 and RFC 2167
- RFC 3981
- Whois ++ was first proposed in RFC 1834
- RFC 2142
- into force of the European General Data Protection Regulation affects the WHOIS system , internetx.com, article dated November 29, 2017.