What is a WHOIS Search

21 Feb, 2013 Getting Started 0 Comments 9 Votes

This article briefly explains what’s WHOIS and describes most common use cases often referred to as “WHOIS search” or “WHOIS lookup”.

WHOIS explained

WHOIS actually means “Who is?” and reads the same. It’s a useful utility for looking up information on any domain name.

Whois search for TLDs, domain names and IPs

Who stands behind all these?
Image credit: http://www.flickr.com/people/28288673@N07/

Historically, WHOIS is one of the oldest terms of the Internet. It’s a crucial set of data for businesses (e.g. ISPs), individuals (e.g. webmasters) and even governments, so no wonder it is one of the most searched database in the world, also one of the most detailed.

WHOIS search results provide helpful information surrounding a particular domain name. It may include personal or business information about domain name ownership, registration and expiration dates, nameservers, status information, etc. It may also include contact information such as physical address, phone number and email address.

Technically, WHOIS is a protocol used to update and find information about domain names, IP addresses and some other Internet resources. This means WHOIS services operate through WHOIS servers – databases that store records of registered users or assignees of Internet resources in a human-readable format.

Anyone can connect to a WHOIS server to send a query, the server will then respond to this query. The most common usage of WHOIS is for finding information about domain names – that’s generally meant by various terms, such as “whois search”, “whois lookup” or “whois query”.

How to perform a WHOIS search

You don’t need to have any software installed on your PC, there are many websites that will allow you to perform a WHOIS lookup, for example who.is

Yet, if you’re a Linux or Mac user, or if you have purchased your own Linux-based VPS or Dedicated Server – it’s easy to retrieve any WHOIS record you need. Use the following command in shell:

whois webhostingbuzz.com

[alert]Recent CentOS versions don’t have whois command line client installed by default. Run yum install jwhois command to set it up. Windows users can get a command line Whois utility by Mark Russinovich.[/alert]

This command will output the following result:

[Querying whois.verisign-grs.com]
[Redirected to whois.enom.com]
[Querying whois.enom.com]
[whois.enom.com]
=-=-=-=

Registration Service Provided By: Namecheap.com
Contact: [email protected]
Visit: http://namecheap.com

Domain name: webhostingbuzz.com

Registrant Contact:
WebHostingBuzz USA LLC
Matthew Russell ()

Fax:
15 Midstate Drive
Suite 212
Auburn, MA 01501
US

Administrative Contact:
WebHostingBuzz USA LLC
Matthew Russell ([email protected])
+1.8002521887
Fax: +1.3023972394
15 Midstate Drive
Suite 212
Auburn, MA 01501
US

Technical Contact:
WebHostingBuzz USA LLC
Matthew Russell ([email protected])
+1.8002521887
Fax: +1.3023972394
15 Midstate Drive
Suite 212
Auburn, MA 01501
US

Status: Locked

Name Servers:
ns100.fastwhb.com
ns101.fastwhb.com

Creation date: 31 Oct 2002 00:00:00
Expiration date: 31 Oct 2018 00:00:00

=-=-=-=
The data in this whois database is provided to you for information
purposes only, that is, to assist you in obtaining information about or
related to a domain name registration record. We make this information
available "as is," and do not guarantee its accuracy. By submitting a
whois query, you agree that you will use this data only for lawful
purposes and that, under no circumstances will you use this data to: (1)
enable high volume, automated, electronic processes that stress or load
this whois database system providing you this information; or (2) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic
mail, or by telephone. The compilation, repackaging, dissemination or
other use of this data is expressly prohibited without prior written
consent from us.

We reserve the right to modify these terms at any time. By submitting
this query, you agree to abide by these terms.
Version 6.3 4/3/2002

This is a standard-looking whois response about a domain name.

Obviously, the above information has been captured at a time of preparing this article for publication, so if you decide to run the exact same query and search whois database for webhostingbuzz.com domain name records – some bits of the output may vary.

[alert]A WHOIS lookup may not provide expected results if WHOIS privacy is enabled by domain name registrar. This is usually done in order to hide or disguise certain information, or prevent automated collecting of it as all information in whois database is 100% publicly available.[/alert]

No useful information will be provided if a domain name is not registered:

root@linux [~]# whois not-yet-registered.com
[Querying whois.verisign-grs.com]
[whois.verisign-grs.com]

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

No match for domain "NOT-YET-REGISTERED.COM".
>>> Last update of whois database: Thu, 21 Feb 2013 15:51:22 UTC <<<

As seen above, not-yet-registered.com domain name doesn’t have any WHOIS records associated with it, meaning that it can be registered by anyone. As soon as someone registers this domain name and it stops being available for registration – we’ll see whois results similar to those of webhostingbuzz.com name.

Keep in mind that different WHOIS servers will display different results also depending on a domain name zone (TLD). For example:

root@linux [~]# whois bloggr.no
[Querying whois.norid.no]
[whois.norid.no]
% Kopibeskyttet, se http://www.norid.no/domenenavnbaser/whois/kopirett.html
% Rights restricted by copyright. See http://www.norid.no/domenenavnbaser/whois/kopirett.en.html

Domain Information

NORID Handle...............: BLO1487D-NORID
Domain Name................: bloggr.no
Domain Holder Handle.......: BA5098O-NORID
Registrar Handle...........: REG42-NORID
Legal-c Handle.............: EA3434P-NORID
Tech-c Handle..............: DH38R-NORID
Name Server Handle.........: NSHY11H-NORID
Name Server Handle.........: NSHY46H-NORID
Name Server Handle.........: NSHY81H-NORID

Additional information:
Created: 2011-02-17
Last updated: 2013-02-08

NORID Handle...............: BA5098O-NORID
Type.......................: organization
Name.......................: OMEGA MEDIA AS
Id Type....................: organization_number
Id Number..................: 934563719
Registrar Handle...........: REG42-NORID
Post Address...............: Sorgenfrigata 6A
Postal Code................: NO-0367
Postal Area................: OSLO
Country....................: NO
Phone Number...............: +47.94328901
Email Address..............: [email protected]

Additional information:
Created: 2010-10-01
Last updated: 2013-01-31

That’s because specific details of records being stored vary among domain name registries. Besides that, each country-code top-level registry has its own national rules.

WHOIS search of IP address

WHOIS query can be also used to retrieve publicly available information about IP addresses:

root@linux [~]# whois 37.61.233.101
[Querying whois.arin.net]
[Redirected to whois.ripe.net:43]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '37.61.233.0 - 37.61.234.255'

inetnum: 37.61.233.0 - 37.61.234.255
netname: LIT-1
descr: LayerIP - UK hosting division infrastructure
country: GB
remarks: Please send abuse complaint emails to "[email protected]"
admin-c: LRIP-RIPE
tech-c: LRIP-RIPE
status: ASSIGNED PA
mnt-by: MNT-LAYERIP
mnt-by: TIMICO-MNT
mnt-domains: MNT-LAYERIP
source: RIPE # Filtered

role: LayerIP NOC
address: Landmark House, 1 Riseholme Road, Lincoln, LN1 3SN, UK
admin-c: LRIP-RIPE
tech-c: ARKH8-RIPE
nic-hdl: LRIP-RIPE
mnt-by: MNT-LAYERIP
source: RIPE # Filtered

% Information related to '37.61.233.0/24AS8607'

route: 37.61.233.0/24
descr: LayerIP - UK hosting division infrastructure
origin: AS8607
mnt-by: TIMICO-MNT
mnt-by: MNT-LAYERIP
source: RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.53 (WHOIS3)

The result is somewhat similar to what you get when querying whois about a domain name.

[alert style=success]If you’re fancy learning more about WHOIS, including examples of ‘esoteric’ use and other really techie stuff – check WHOIS Guide for Real Geeks by WebHostingBuzz Experts.[/alert]