from Wikipedia, the free encyclopedia
Family: Internet protocol family
Operation area: Query of domain ,
AS and IP information
Ports: 43 / TCP
Whois in the TCP / IP protocol stack :
application Whois
transport TCP
Internet IP ( IPv4 , IPv6 )
Network access Ethernet Token
FDDI ...
Standards: RFC 2167 (RWhois 1997 )

RFC 3912 (Whois 2004 )

Whois ( English who is 'who is') is a protocol with which information about Internet domains and IP addresses and their owners (“registrant”) can be requested from a distributed database system .

Whois inquiries have been made via the command line from the very beginning . Since the corresponding client software was not available for all common operating systems, web-based frontends prevailed early on . Despite later corresponding versions, web whois providers are still very popular, not least for reasons of keeping domain lookups up-to-date.

For data protection reasons, the owners of .de domains can no longer be queried via the whois protocol since the end of the 2000s, but only via the DENIC homepage . In the mid-2010s, this secured the website form against automated access with a captcha .

Since the General Data Protection Regulation came into force in May 2018 , the query has only provided third parties with the technical information of the name servers and e-mail addresses for making contact. In addition, owners themselves receive the entered data, for example for checking, via a link that is sent to the stored email address. Third parties, on the other hand, can only request the owner data using separate forms as an authority or in the event of verifiable legal disputes, for example due to name rights or seizures.

The term “Whois” is also used for other, comparable queries, for example regarding user information on IRC .


A plain text protocol is defined on port 43 / TCP specified by the IANA . The sister protocol RWhois extends Whois to include forwarding and a hierarchical structure, similar to the Domain Name System . As in HTTP 0.9, queries consist of a single line that is passed by the client to an open socket . The answer from the Whois server follows the first line feed. Some databases, including whois.denic.de, allow the specification of the encoding or the query type using your own, but not standardized, parameters that precede the query. Due to its architecture, queries like in the following example can also be carried out with a Telnet client.

Client server
A TCP connection is established with the three-way handshake .
The actual query with answer
example.com <CR> <LF>
Whois record from example.com <CR> <LF>
Continuation <CR> <LF>
The TCP connection is terminated


In the early days of the Internet, the registration and administration of all ARPANET domains was in the hands of DARPA . This centralization made it possible to obtain information about all assigned IP addresses, domains and persons from a single server. The small number of data records also enabled fuzzy searches for names or any content. With the increasing opening of the networks, the arrival of new registrars and abuse by spam senders, the search criteria were noticeably restricted. A trend that has continued to this day, so that today's Whois servers sometimes define restrictive query rates and some Web Whois providers protect their services with captchas or use other methods of bot detection.

When the ARPANET went online in the late 1980s, DARPA initially remained as a registrar until the National Science Foundation assigned this task to commercial third parties.

On December 1, 1999, ICANN began to be responsible for the three popular .com, .net and .org domains, with a changeover to a model that delegates the complete data records to the respective registrars ("thin") and only worked to a limited extent with traditional clients. As of January 1, 2003, the Public Interest Registry (under the leadership of Afilias) took over the operation of .org, again in the model of a central data storage ("thick").

Today, with the existence of new generic and sponsored top-level domains and also new country domains, there is a complex, incomplete network that requires knowledge of the corresponding Whois server for a successful domain lookup.

In order to overcome existing disadvantages, an IETF working group was formed in 2004 to develop a new standard with the working title CRISP (Cross Registry Information Service Protocol). A first result of these efforts is the XML -based IRIS protocol, the classes of which are reminiscent of RPSL structures. Previous attempts to make Whois information accessible via LDAP or the Whois ++ were unsuccessful.

As of August 26, 2019, domain dealers and operators of all address zones that are contractually bound to the ICANN domain administration will have to stop access to domain owner data via the Whois protocol and switch to the Registration Data Access Protocol ( RDAP ).

Problems and privacy

Neither the structure and character coding of the return nor error handling are subject to standards, which makes cross-domain machine evaluation more difficult. Domain lookups are the responsibility of the administration or NIC and are not available for every top level domain . As a rule, detailed information that must be provided during the domain registration can be queried here.

The individual domain name registries often handle whois data very differently. The public provision of telephone numbers in the context of Whois entries, for example, is subject to a constant discussion, which flared up again in 2006 with a proposal by ICANN . Since an administrative contact is also provided for possible misuse, some providers are already restricting themselves to a list of name servers or information about the registrability.

With the application of the General Data Protection Regulation from May 25, 2018, this data may no longer be publicly visible in Europe.

Since there are no naming conventions for Whois servers, common clients such as GNU jwhois keep correspondence lists that require a configuration update every time a change is made.

Example of a domain query

The whois query for the domain wikipedia.org at whois.publicinterestregistry.net, for example, has the following result, shortened to the essentials:

 Domain ID:D51687756-LROR
 Created On:13-Jan-2001 00:12:14 UTC
 Last Updated On:02-Dec-2009 20:57:17 UTC
 Expiration Date:13-Jan-2015 00:12:14 UTC
 Sponsoring Registrar:GoDaddy.com, Inc. (R91-LROR)

 Registrant ID:CR31094073
 Registrant Name:DNS Admin
 Registrant Organization:Wikimedia Foundation, Inc.
 Registrant Street1:149 New Montgomery Street
 Registrant Street2:Third Floor
 Registrant Street3:
 Registrant City:San Francisco
 Registrant State/Province:California
 Registrant Postal Code:94105
 Registrant Country:US
 Registrant Phone:+1.4158396885
 Registrant Phone Ext.:
 Registrant FAX:+1.4158820495
 Registrant FAX Ext.:
 Registrant Email:dns-admin@wikimedia.org

 Admin ID:CR31094075
 Admin Name:DNS Admin
 Admin Organization:Wikimedia Foundation, Inc.
 Admin Street1:149 New Montgomery Street
 Admin Street2:Third Floor
 Admin Street3:
 Admin City:San Francisco
 Admin State/Province:California
 Admin Postal Code:94105
 Admin Country:US
 Admin Phone:+1.4158396885
 Admin Phone Ext.:
 Admin FAX:+1.4158820495
 Admin FAX Ext.:
 Admin Email:dns-admin@wikimedia.org

 Tech ID:CR31094074
 Tech Name:DNS Admin
 Tech Organization:Wikimedia Foundation, Inc.
 Tech Street1:149 New Montgomery Street
 Tech Street2:Third Floor
 Tech Street3:
 Tech City:San Francisco
 Tech State/Province:California
 Tech Postal Code:94105
 Tech Country:US
 Tech Phone:+1.4158396885
 Tech Phone Ext.:
 Tech FAX:+1.4158820495
 Tech FAX Ext.:
 Tech Email:dns-admin@wikimedia.org

 Name Server:
 Name Server:
 Name Server:
 Name Server:
 Name Server:
 Name Server:
 Name Server:
 Name Server:
 Name Server:
 Name Server:

While the format of the return on domain queries is based on RPSL only for some providers , results from IP, AS, role or person queries as well as databases available for download (such as Merit IRR Services) follow this standard largely.

  • The query for the IP also provides information about the IP range in which the address is located and where these IPs are registered:
 abc@example:~# whois
 Neucom, Inc. NEUCOM (NET-66-230-192-0-1)
 Wikimedia Foundation Inc. WIKIMEDIA-66-230-200 (NET-66-230-200-0-1)

 # ARIN WHOIS database, last updated 2007-07-22 19:10

List of whois servers

IP and AS lookups

regional jurisdiction

Databases for IP lookups ( IPv4 and IPv6 ) are looked after and maintained by the five RIRs ( Regional Internet Registry ).

The databases of the Regional Internet Registries are usually also available for download on their websites. To protect against abuse, the information contained in these packages does not contain any person classes.

Information about autonomous systems is also provided by the RIRs.

Generic Top Level Domains (gTLD)

The servers listed are Whois servers that provide their information on port 43 / TCP, but not web frontends from the providers concerned.

Whois server for domain lookups of gTLDs
.aero whois.aero .asia whois.dotasia.net .biz whois.neulevel.biz
.cat whois.cat .com whois.internic.net .coop whois.nic.coop
.edu whois.educause.net .eu whois.eu .gov whois.nic.gov
.info whois.afilias.net .int whois.iana.org .jobs jobswhois.verisign-grs.com
.mil unavailable .mobi whois.dotmobiregistry.net .museum whois.museum
.Surname whois.nic.name .net whois.internic.net .org whois.pir.org
.Per whois.registrypro.pro .tel whois.nic.tel .travel whois.nic.travel


  1. Formerly whois.nic.mil ( Memento from August 17, 2000 in the Internet Archive )

Second level domain Whois

Occasionally, second-level domains can operate their own Whois servers. In some countries that follow the ".co.uk" similar scheme, this is done by the responsible NIC. Some commercial providers such as Centralnic (including .de.com), ausregistry (including .com.au) or info.at (including .info.at) provide whois information.

Query of Whois databases

Various Whois proxy services exist to make Whois information available via a web browser . In many cases, these are services operated by domain dealers and registrars that only cover a few domains and only rarely IP or AS information. For further searches, we recommend using a corresponding client in the command line .

With most common home and server operating systems , a Whois client is either included in the scope of delivery or at least freely available. Simple queries can be made in the command line with the program whois . The following is an example of the syntax:

$ whois wikipedia.org

Alternatively, an IP address whois or an autonomous system can be whois AS14907 specified. Queries can also be made using a Telnet client:

$ telnet whois.internic.net 43
example.com <CR><LF>

Web links

List of whois servers for the five RIRs

Whois server for IP lookups according to RIR
RIPE NCC http://www.ripe.net/ Réseaux IP Européens
ARIN http://www.arin.net/ American Registry For Internet Numbers
APNIC http://www.apnic.net/ Asia Pacific Network Information Center
LACNIC http://www.lacnic.net/ Latin American and Caribbean Internet Addresses Registry
AfriNIC http://www.afrinic.net/ African Network Information Center

Requests For Comments (RFC)


Protocols traded as a replacement:

See also

Individual evidence

  1. https://www.denic.de/webwhois/
  2. https://www.denic.de/service/whois-service/anfragen-dritter-zu-inhaberdaten/
  3. RFC 3912
  4. defined in RFC 1714 and RFC 2167
  5. RFC 3981
  6. Whois ++ was first proposed in RFC 1834
  7. RFC 2142
  8. ↑ Entry into force of the European General Data Protection Regulation affects the WHOIS system , internetx.com, article dated November 29, 2017.
  9. irr.net