Whois
Whois | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Family: | Internet protocol family | ||||||||||||||||||||||||
Operation area: | Query of domain , AS and IP information |
||||||||||||||||||||||||
Ports: | 43 / TCP | ||||||||||||||||||||||||
|
|||||||||||||||||||||||||
Standards: |
RFC 2167 (RWhois 1997 ) |
Whois ( English who is 'who is') is a protocol with which information about Internet domains and IP addresses and their owners (“registrant”) can be requested from a distributed database system .
Whois inquiries have been made via the command line from the very beginning . Since the corresponding client software was not available for all common operating systems, web-based frontends prevailed early on . Despite later corresponding versions, web whois providers are still very popular, not least for reasons of keeping domain lookups up-to-date.
For data protection reasons, the owners of .de domains can no longer be queried via the whois protocol since the end of the 2000s, but only via the DENIC homepage . In the mid-2010s, this secured the website form against automated access with a captcha .
Since the General Data Protection Regulation came into force in May 2018 , the query has only provided third parties with the technical information of the name servers and e-mail addresses for making contact. In addition, owners themselves receive the entered data, for example for checking, via a link that is sent to the stored email address. Third parties, on the other hand, can only request the owner data using separate forms as an authority or in the event of verifiable legal disputes, for example due to name rights or seizures.
The term “Whois” is also used for other, comparable queries, for example regarding user information on IRC .
protocol
A plain text protocol is defined on port 43 / TCP specified by the IANA . The sister protocol RWhois extends Whois to include forwarding and a hierarchical structure, similar to the Domain Name System . As in HTTP 0.9, queries consist of a single line that is passed by the client to an open socket . The answer from the Whois server follows the first line feed. Some databases, including whois.denic.de, allow the specification of the encoding or the query type using your own, but not standardized, parameters that precede the query. Due to its architecture, queries like in the following example can also be carried out with a Telnet client.
Client | server |
---|---|
A TCP connection is established with the three-way handshake . | |
(SYN) | |
(SYN + ACK) | |
(ACK) | |
The actual query with answer | |
example.com <CR> <LF> | |
Whois record from example.com <CR> <LF> | |
Continuation <CR> <LF> | |
The TCP connection is terminated | |
(FIN) | |
(FIN) |
history
In the early days of the Internet, the registration and administration of all ARPANET domains was in the hands of DARPA . This centralization made it possible to obtain information about all assigned IP addresses, domains and persons from a single server. The small number of data records also enabled fuzzy searches for names or any content. With the increasing opening of the networks, the arrival of new registrars and abuse by spam senders, the search criteria were noticeably restricted. A trend that has continued to this day, so that today's Whois servers sometimes define restrictive query rates and some Web Whois providers protect their services with captchas or use other methods of bot detection.
When the ARPANET went online in the late 1980s, DARPA initially remained as a registrar until the National Science Foundation assigned this task to commercial third parties.
On December 1, 1999, ICANN began to be responsible for the three popular .com, .net and .org domains, with a changeover to a model that delegates the complete data records to the respective registrars ("thin") and only worked to a limited extent with traditional clients. As of January 1, 2003, the Public Interest Registry (under the leadership of Afilias) took over the operation of .org, again in the model of a central data storage ("thick").
Today, with the existence of new generic and sponsored top-level domains and also new country domains, there is a complex, incomplete network that requires knowledge of the corresponding Whois server for a successful domain lookup.
In order to overcome existing disadvantages, an IETF working group was formed in 2004 to develop a new standard with the working title CRISP (Cross Registry Information Service Protocol). A first result of these efforts is the XML -based IRIS protocol, the classes of which are reminiscent of RPSL structures. Previous attempts to make Whois information accessible via LDAP or the Whois ++ were unsuccessful.
As of August 26, 2019, domain dealers and operators of all address zones that are contractually bound to the ICANN domain administration will have to stop access to domain owner data via the Whois protocol and switch to the Registration Data Access Protocol ( RDAP ).
Problems and privacy
Neither the structure and character coding of the return nor error handling are subject to standards, which makes cross-domain machine evaluation more difficult. Domain lookups are the responsibility of the administration or NIC and are not available for every top level domain . As a rule, detailed information that must be provided during the domain registration can be queried here.
The individual domain name registries often handle whois data very differently. The public provision of telephone numbers in the context of Whois entries, for example, is subject to a constant discussion, which flared up again in 2006 with a proposal by ICANN . Since an administrative contact is also provided for possible misuse, some providers are already restricting themselves to a list of name servers or information about the registrability.
With the application of the General Data Protection Regulation from May 25, 2018, this data may no longer be publicly visible in Europe.
Since there are no naming conventions for Whois servers, common clients such as GNU jwhois keep correspondence lists that require a configuration update every time a change is made.
Example of a domain query
The whois query for the domain wikipedia.org at whois.publicinterestregistry.net, for example, has the following result, shortened to the essentials:
Domain ID:D51687756-LROR
Domain Name:WIKIPEDIA.ORG
Created On:13-Jan-2001 00:12:14 UTC
Last Updated On:02-Dec-2009 20:57:17 UTC
Expiration Date:13-Jan-2015 00:12:14 UTC
Sponsoring Registrar:GoDaddy.com, Inc. (R91-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:CR31094073
Registrant Name:DNS Admin
Registrant Organization:Wikimedia Foundation, Inc.
Registrant Street1:149 New Montgomery Street
Registrant Street2:Third Floor
Registrant Street3:
Registrant City:San Francisco
Registrant State/Province:California
Registrant Postal Code:94105
Registrant Country:US
Registrant Phone:+1.4158396885
Registrant Phone Ext.:
Registrant FAX:+1.4158820495
Registrant FAX Ext.:
Registrant Email:dns-admin@wikimedia.org
Admin ID:CR31094075
Admin Name:DNS Admin
Admin Organization:Wikimedia Foundation, Inc.
Admin Street1:149 New Montgomery Street
Admin Street2:Third Floor
Admin Street3:
Admin City:San Francisco
Admin State/Province:California
Admin Postal Code:94105
Admin Country:US
Admin Phone:+1.4158396885
Admin Phone Ext.:
Admin FAX:+1.4158820495
Admin FAX Ext.:
Admin Email:dns-admin@wikimedia.org
Tech ID:CR31094074
Tech Name:DNS Admin
Tech Organization:Wikimedia Foundation, Inc.
Tech Street1:149 New Montgomery Street
Tech Street2:Third Floor
Tech Street3:
Tech City:San Francisco
Tech State/Province:California
Tech Postal Code:94105
Tech Country:US
Tech Phone:+1.4158396885
Tech Phone Ext.:
Tech FAX:+1.4158820495
Tech FAX Ext.:
Tech Email:dns-admin@wikimedia.org
Name Server:NS0.WIKIMEDIA.ORG
Name Server:NS1.WIKIMEDIA.ORG
Name Server:NS2.WIKIMEDIA.ORG
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned
While the format of the return on domain queries is based on RPSL only for some providers , results from IP, AS, role or person queries as well as databases available for download (such as Merit IRR Services) follow this standard largely.
- The query for the IP also provides information about the IP range in which the address is located and where these IPs are registered:
abc@example:~# whois 66.230.200.100
Neucom, Inc. NEUCOM (NET-66-230-192-0-1)
66.230.192.0 - 66.230.239.255
Wikimedia Foundation Inc. WIKIMEDIA-66-230-200 (NET-66-230-200-0-1)
66.230.200.0 - 66.230.200.255
# ARIN WHOIS database, last updated 2007-07-22 19:10
List of whois servers
IP and AS lookups
Databases for IP lookups ( IPv4 and IPv6 ) are looked after and maintained by the five RIRs ( Regional Internet Registry ).
The databases of the Regional Internet Registries are usually also available for download on their websites. To protect against abuse, the information contained in these packages does not contain any person classes.
Information about autonomous systems is also provided by the RIRs.
Generic Top Level Domains (gTLD)
The servers listed are Whois servers that provide their information on port 43 / TCP, but not web frontends from the providers concerned.
Whois server for domain lookups of gTLDs | |||||
---|---|---|---|---|---|
.aero | whois.aero | .asia | whois.dotasia.net | .biz | whois.neulevel.biz |
.cat | whois.cat | .com | whois.internic.net | .coop | whois.nic.coop |
.edu | whois.educause.net | .eu | whois.eu | .gov | whois.nic.gov |
.info | whois.afilias.net | .int | whois.iana.org | .jobs | jobswhois.verisign-grs.com |
.mil | unavailable | .mobi | whois.dotmobiregistry.net | .museum | whois.museum |
.Surname | whois.nic.name | .net | whois.internic.net | .org | whois.pir.org |
.Per | whois.registrypro.pro | .tel | whois.nic.tel | .travel | whois.nic.travel |
annotation
- ↑ Formerly whois.nic.mil ( Memento from August 17, 2000 in the Internet Archive )
Second level domain Whois
Occasionally, second-level domains can operate their own Whois servers. In some countries that follow the ".co.uk" similar scheme, this is done by the responsible NIC. Some commercial providers such as Centralnic (including .de.com), ausregistry (including .com.au) or info.at (including .info.at) provide whois information.
Query of Whois databases
Various Whois proxy services exist to make Whois information available via a web browser . In many cases, these are services operated by domain dealers and registrars that only cover a few domains and only rarely IP or AS information. For further searches, we recommend using a corresponding client in the command line .
With most common home and server operating systems , a Whois client is either included in the scope of delivery or at least freely available. Simple queries can be made in the command line with the program whois
. The following is an example of the syntax:
$ whois wikipedia.org
Alternatively, an IP address whois 208.80.154.225
or an autonomous system can be whois AS14907
specified. Queries can also be made using a Telnet client:
$ telnet whois.internic.net 43
example.com <CR><LF>
Web links
- IP-info.org shows domain in IP and vice versa, RIR, ISP, host, with a map and complete "Whois" result. Multilingual
- The Internet Corporation for Assigned Names and Numbers
- The Internet Assigned Numbers Authority
- Link catalog on the subject of WHOIS web clients at curlie.org (formerly DMOZ )
- Official IANA ccTLD list
- Report on the data protection discussion at heise online, July 3, 2006
- Whois server software
List of whois servers for the five RIRs
Whois server for IP lookups according to RIR | |||
---|---|---|---|
RIPE NCC | http://www.ripe.net/ | Réseaux IP Européens | |
ARIN | http://www.arin.net/ | American Registry For Internet Numbers | |
APNIC | http://www.apnic.net/ | Asia Pacific Network Information Center | |
LACNIC | http://www.lacnic.net/ | Latin American and Caribbean Internet Addresses Registry | |
AfriNIC | http://www.afrinic.net/ | African Network Information Center |
Requests For Comments (RFC)
Whois:
- RFC 812 , NICNAME / WHOIS ( 1982 , superseded)
- RFC 954 , NICNAME / WHOIS ( 1985 , superseded)
- RFC 1714 , RWHOIS ( 1994 , superseded)
- RFC 2167 , RWHOIS 1.5 ( 1997 )
- RFC 3912 , WHOIS Protocol Specification ( 2004 )
Protocols traded as a replacement:
- Whois ++: RFC 1834 , RFC 1835 , RFC 1913 , RFC 1914 , RFC 2957 , RFC 2958
- CRISP / IRIS: RFC 3707 , RFC 3981 , RFC 3982 , RFC 3983
See also
Individual evidence
- ↑ https://www.denic.de/webwhois/
- ↑ https://www.denic.de/service/whois-service/anfragen-dritter-zu-inhaberdaten/
- ↑ RFC 3912
- ↑ defined in RFC 1714 and RFC 2167
- ↑ RFC 3981
- ↑ Whois ++ was first proposed in RFC 1834
- ↑ RFC 2142
- ↑ Entry into force of the European General Data Protection Regulation affects the WHOIS system , internetx.com, article dated November 29, 2017.
- ↑ irr.net