Whois

Whois inquiries have been made via the command line from the very beginning . Since the corresponding client software was not available for all common operating systems, web-based frontends prevailed early on . Despite later corresponding versions, web whois providers are still very popular, not least for reasons of keeping domain lookups up-to-date.

For data protection reasons, the owners of .de domains can no longer be queried via the whois protocol since the end of the 2000s, but only via the DENIC homepage . In the mid-2010s, this secured the website form against automated access with a captcha .

The term “Whois” is also used for other, comparable queries, for example regarding user information on IRC .

protocol

history

In the early days of the Internet, the registration and administration of all ARPANET domains was in the hands of DARPA . This centralization made it possible to obtain information about all assigned IP addresses, domains and persons from a single server. The small number of data records also enabled fuzzy searches for names or any content. With the increasing opening of the networks, the arrival of new registrars and abuse by spam senders, the search criteria were noticeably restricted. A trend that has continued to this day, so that today's Whois servers sometimes define restrictive query rates and some Web Whois providers protect their services with captchas or use other methods of bot detection.

When the ARPANET went online in the late 1980s, DARPA initially remained as a registrar until the National Science Foundation assigned this task to commercial third parties.

On December 1, 1999, ICANN began to be responsible for the three popular .com, .net and .org domains, with a changeover to a model that delegates the complete data records to the respective registrars ("thin") and only worked to a limited extent with traditional clients. As of January 1, 2003, the Public Interest Registry (under the leadership of Afilias) took over the operation of .org, again in the model of a central data storage ("thick").

Today, with the existence of new generic and sponsored top-level domains and also new country domains, there is a complex, incomplete network that requires knowledge of the corresponding Whois server for a successful domain lookup.

In order to overcome existing disadvantages, an IETF working group was formed in 2004 to develop a new standard with the working title CRISP (Cross Registry Information Service Protocol). A first result of these efforts is the XML -based IRIS protocol, the classes of which are reminiscent of RPSL structures. Previous attempts to make Whois information accessible via LDAP or the Whois ++ were unsuccessful.

As of August 26, 2019, domain dealers and operators of all address zones that are contractually bound to the ICANN domain administration will have to stop access to domain owner data via the Whois protocol and switch to the Registration Data Access Protocol ( RDAP ).

Problems and privacy

Neither the structure and character coding of the return nor error handling are subject to standards, which makes cross-domain machine evaluation more difficult. Domain lookups are the responsibility of the administration or NIC and are not available for every top level domain . As a rule, detailed information that must be provided during the domain registration can be queried here.

The individual domain name registries often handle whois data very differently. The public provision of telephone numbers in the context of Whois entries, for example, is subject to a constant discussion, which flared up again in 2006 with a proposal by ICANN . Since an administrative contact is also provided for possible misuse, some providers are already restricting themselves to a list of name servers or information about the registrability.

With the application of the General Data Protection Regulation from May 25, 2018, this data may no longer be publicly visible in Europe.

Example of a domain query

The whois query for the domain wikipedia.org at whois.publicinterestregistry.net, for example, has the following result, shortened to the essentials:

 Domain ID:D51687756-LROR
 Domain Name:WIKIPEDIA.ORG
 Created On:13-Jan-2001 00:12:14 UTC
 Last Updated On:02-Dec-2009 20:57:17 UTC
 Expiration Date:13-Jan-2015 00:12:14 UTC
 Sponsoring Registrar:GoDaddy.com, Inc. (R91-LROR)
 Status:CLIENT DELETE PROHIBITED
 Status:CLIENT RENEW PROHIBITED
 Status:CLIENT TRANSFER PROHIBITED
 Status:CLIENT UPDATE PROHIBITED

 Registrant ID:CR31094073
 Registrant Name:DNS Admin
 Registrant Organization:Wikimedia Foundation, Inc.
 Registrant Street1:149 New Montgomery Street
 Registrant Street2:Third Floor
 Registrant Street3:
 Registrant City:San Francisco
 Registrant State/Province:California
 Registrant Postal Code:94105
 Registrant Country:US
 Registrant Phone:+1.4158396885
 Registrant Phone Ext.:
 Registrant FAX:+1.4158820495
 Registrant FAX Ext.:
 Registrant Email:dns-admin@wikimedia.org


 Admin ID:CR31094075
 Admin Name:DNS Admin
 Admin Organization:Wikimedia Foundation, Inc.
 Admin Street1:149 New Montgomery Street
 Admin Street2:Third Floor
 Admin Street3:
 Admin City:San Francisco
 Admin State/Province:California
 Admin Postal Code:94105
 Admin Country:US
 Admin Phone:+1.4158396885
 Admin Phone Ext.:
 Admin FAX:+1.4158820495
 Admin FAX Ext.:
 Admin Email:dns-admin@wikimedia.org


 Tech ID:CR31094074
 Tech Name:DNS Admin
 Tech Organization:Wikimedia Foundation, Inc.
 Tech Street1:149 New Montgomery Street
 Tech Street2:Third Floor
 Tech Street3:
 Tech City:San Francisco
 Tech State/Province:California
 Tech Postal Code:94105
 Tech Country:US
 Tech Phone:+1.4158396885
 Tech Phone Ext.:
 Tech FAX:+1.4158820495
 Tech FAX Ext.:
 Tech Email:dns-admin@wikimedia.org


 Name Server:NS0.WIKIMEDIA.ORG
 Name Server:NS1.WIKIMEDIA.ORG
 Name Server:NS2.WIKIMEDIA.ORG
 Name Server:
 Name Server:
 Name Server:
 Name Server:
 Name Server:
 Name Server:
 Name Server:
 Name Server:
 Name Server:
 Name Server:
 DNSSEC:Unsigned

While the format of the return on domain queries is based on RPSL only for some providers , results from IP, AS, role or person queries as well as databases available for download (such as Merit IRR Services) follow this standard largely.

• The query for the IP also provides information about the IP range in which the address is located and where these IPs are registered:

 abc@example:~# whois 66.230.200.100
 Neucom, Inc. NEUCOM (NET-66-230-192-0-1)
                                  66.230.192.0 - 66.230.239.255
 Wikimedia Foundation Inc. WIKIMEDIA-66-230-200 (NET-66-230-200-0-1)
                                  66.230.200.0 - 66.230.200.255

 # ARIN WHOIS database, last updated 2007-07-22 19:10

List of whois servers

IP and AS lookups

regional jurisdiction

Databases for IP lookups ( IPv4 and IPv6 ) are looked after and maintained by the five RIRs ( Regional Internet Registry ).

The databases of the Regional Internet Registries are usually also available for download on their websites. To protect against abuse, the information contained in these packages does not contain any person classes.

Information about autonomous systems is also provided by the RIRs.

Generic Top Level Domains (gTLD)

The servers listed are Whois servers that provide their information on port 43 / TCP, but not web frontends from the providers concerned.

annotation

1. ↑ Formerly whois.nic.mil ( Memento from August 17, 2000 in the Internet Archive )

Second level domain Whois

Occasionally, second-level domains can operate their own Whois servers. In some countries that follow the ".co.uk" similar scheme, this is done by the responsible NIC. Some commercial providers such as Centralnic (including .de.com), ausregistry (including .com.au) or info.at (including .info.at) provide whois information.

Query of Whois databases

Various Whois proxy services exist to make Whois information available via a web browser . In many cases, these are services operated by domain dealers and registrars that only cover a few domains and only rarely IP or AS information. For further searches, we recommend using a corresponding client in the command line .

With most common home and server operating systems , a Whois client is either included in the scope of delivery or at least freely available. Simple queries can be made in the command line with the program whois . The following is an example of the syntax:

$ whois wikipedia.org

Alternatively, an IP address whois 208.80.154.225 or an autonomous system can be whois AS14907 specified. Queries can also be made using a Telnet client:

$ telnet whois.internic.net 43
example.com <CR><LF>

Web links

• IP-info.org shows domain in IP and vice versa, RIR, ISP, host, with a map and complete "Whois" result. Multilingual
• The Internet Corporation for Assigned Names and Numbers
• The Internet Assigned Numbers Authority
• Link catalog on the subject of WHOIS web clients at curlie.org (formerly DMOZ )
• Official IANA ccTLD list
• Report on the data protection discussion at heise online, July 3, 2006
• Whois server software
  • Simple Whois Daemon
  • JWhoisServer
  • WhoisThisDomain

List of whois servers for the five RIRs

Requests For Comments (RFC)

Whois:

• RFC 812 , NICNAME / WHOIS ( 1982 , superseded)
• RFC 954 , NICNAME / WHOIS ( 1985 , superseded)
• RFC 1714 , RWHOIS ( 1994 , superseded)
• RFC 2167 , RWHOIS 1.5 ( 1997 )
• RFC 3912 , WHOIS Protocol Specification ( 2004 )

Protocols traded as a replacement:

• Whois ++: RFC 1834 , RFC 1835 , RFC 1913 , RFC 1914 , RFC 2957 , RFC 2958
• CRISP / IRIS: RFC 3707 , RFC 3981 , RFC 3982 , RFC 3983

See also

• RDAP

Individual evidence

1. ↑ https://www.denic.de/webwhois/
2. ↑ https://www.denic.de/service/whois-service/anfragen-dritter-zu-inhaberdaten/
3. ↑ RFC 3912
4. ↑ defined in RFC 1714 and RFC 2167
5. ↑ RFC 3981
6. ↑ Whois ++ was first proposed in RFC 1834
7. ↑ RFC 2142
8. ↑ Entry into force of the European General Data Protection Regulation affects the WHOIS system , internetx.com, article dated November 29, 2017.
9. ↑ irr.net