whois

It was originally a phonebook service for various organizations. For a long time, most whois clients defaulted to the US Military's phonebook. It was a lot of fun to see if you could find various obscene military designations. One night out of sheer boredom, I did, in fact, find a Major Woody, Private Dick, and Major Dick, as well as a few other name-rank pairs with fun connotations.

On the phonebook front, whois was replaced by finger (which gave .plan files) and, later on, finger was replaced by homepages and various CGI-based phonebook tools, like the one NMSU has setup which helped this one guy stalk me for a while.

Unfortunately, now it's a Major Payne (also a real military person) in order to search on the com/net/org TLDs. At least the ICANN stuff makes it easier to find out where to search on non-generic TLDs such as cx and the like.

On a related note, we still have a gopher server at NMSU. Scary.

Here's a brief beginner's starter-pack for performing a WHOIS search on a domain (only .COM, .NET, .EDU and .ORG at the moment):

Go to the internic whois page at http://www.internic.net/whois.html and type the domain you're interested in.

It will either list the full details (name and address of the registrar), or will list a WHOIS server that _does_ know. (for example, if it says 'whois server: whois.networksolutions.com', browse to 'whois.networksolutions.com', go to the 'whois lookup', and try again)

You can usually find out the name, address and phone number of who registered the domain. Handy, huh?

Whois is a database that contains registration information for any and all registered domain names, IP blocks/networks, individual IP addresses, and registered DNS servers, though it is most often used to look up domain names. It is also a *n?x command used for the retrival of information of same (via udp/tcp port 63).

The database is extremely massive and very cumbersome. As such, it is possible to perform lookups on whois data only on a one-query-at-a-time basis. Each TLD has its own whois database, although some, like .com and .net, are combined into a single database as they are registered through a single registry. All the other TLDs are handled individually, and so there are a lot of separate masses of data that collectively make up the whois database. Generally, each of those single databases can be accessed by checking the subject domain name to a whois query to a whois server that catalogs each single whois database into a whole. Many such global whois servers exist, and modern GNU implementations of whois utilize them to increase usability. (i.e., you no longer have to do 'whois -h whois.whatever.tld domain.tld' to find the record for a domain registered through a lesser known or country-coded registrar.)

The program called whois is standard fare on any UNIX-derived operating system, although some of the more consumer-orientated distributions of Linux omit it (you can still install it yourself). It is a command line program, and its syntax is generally 'whois domain.tld', where "domain.tld" is the domain name in question. Since 2001, GNU whois has used whois-servers.net, a global whois server run by a company called CenterGate, as its pointer to all registrars providing whois services, and this is the service that the *nix command-line program uses.

A whois result will contain information on the domain's registrant and company (if applicable), as well as a series of individual person (or sometimes company) contacts, though these vary wildly. The only contact required is the administrative contact, which is used only for transferring domains from one registrar to another. Other contacts include technical, billing, and registrant, although registrars pretty much follow their own rules when it comes to whois contacts. The result will also contain the date of the domain's registration, its most recent update, and its expiration, as well as a pointer to a sponsoring registrar (if applicable), and whatever DNS servers the domain may be using, if any. For example, here is the whois result for everything2.com:

Registrant:
 Blockstackers
 8122 Main St
 Dexter, MI 48130
 US

 Domain name: EVERYTHING2.COM

 Administrative Contact:
    Malda, Rob  easydns@cmdrtaco.net
    8122 Main St
    Dexter, MI 48130
    US
    616.395.5400    Fax: 616.395.0223

 Technical Contact:
    Hostmaster, easyDNS  hostmaster@easydns.com
    304A-219 Dufferin Street
    Toronto, Ontario M6K 3E3
    CA
    +1.4165358672


 Registrar of Record: easyDNS Technologies, Inc.
 Record last updated on 26-Jun-2004.
 Record expires on 23-Aug-2005.
 Record created on 23-Aug-1999.

 Domain servers in listed order:
    NS1.EASYDNS.COM   216.220.40.243
    NS2.EASYDNS.COM   205.210.42.20
    REMOTE1.EASYDNS.COM   64.39.29.212
    REMOTE2.EASYDNS.COM   212.100.224.80


 Domain status:
REGISTRAR-LOCK

The format of the result also varies greatly, depending on the registrar. The result above is the most favored, it seems, but registrars using the EPP system tend for a more verbose type of listing, cramming a lot of info, including all contact types, into a large chunk of text that is not very easy to read casually. Additionally, it can cause some parsing problems with various scripting langauges.

Note also the "Domain status" heading. This is used for security purposes. A domain in REGISTRAR-LOCK status is not eligible for transfer to another registrar, while an ACTIVE domain is. REGISTRAR-HOLD is used for expired domains or domains that are the subject of lawsuits or other legal contests. As of January 1, 2003, the REDEMPTIONPERIOD status is used, which provides an ICANN-mandated 35-day grace period in which the most recent registrant of the domain can renew it at great cost (usually around $200 per domain) before it is made available again. The EPP registrars again tend toward more verbose status listings, such as CLIENT TRANSFER PROHIBITED, CLIENT UPDATE PROHIBITED, and PENDING DELETE RESTORABLE, which are all quite self-explainatory.

Since whois is a command line program, it is relatively easy to write a web interface for. Regardless of programming language, all you really need to do is create a variable to store the result in, then pipe the program to standard output. Here's my PHP implementation, sans web interface HTML forms and htmlentities (for which you should really come up with your own style):

<?php

$e = EscapeShellArg($record);

if (!empty($e)) {
    echo "<br /><hr size=\"1\" width=\"75%\" align=\"center\" />\n  <br />\n";
    if (eregi("'/\|;",$e)) {
      echo "Invalid query.<br />\n";
    }
    else
    {
       $whois = `whois $e`;
       echo "<pre>$whois</pre>";
       $i=0;
       while($i < count($whois)) {
            echo "$whois[$i]<br />\n";
            $i++;
       }
    }
 }

?>

Just name the HTML form input "<?php $record ?>" to get it to output. Feel free to use the above example for your own web interface for whois. I hereby place the above code into the public domain.

Since the deregulation of the domain name industry in 1999, spammers have used whois as a bountiful source of valid email addresses. Many registrars have a policy against the abuse of their whois database by spammers, but it hasn't stopped a single one yet. ICANN has mandated that all whois information must be accurate, although not too many people follow that rule, either. However, domain registrations can be revoked by a registrar if the domain's whois information is proven to be false. Many anti-spam activists have turned it into a valuable weapon in the War on Spam.

There are innumerable web interfaces for whois, so I'll only point out a couple:

http://www.directnic.com/whois/
http://whois.domaintools.com/

Here's a link to the Internic's Whois Data Problem Reporting System, which can be used to report invalid whois info to not only ICANN but also to whichever registrar the errant domain is registered with:

http://wdprs.internic.net/

Variations include rwhois and jwhois.