background 1| tools 1|1 essentials 1|1 start


From Wikipedia, the free encyclopedia

WHOIS is a TCP-based query/response protocol which is widely used for querying a database in order to 
determine the owner of a domain name, an IP address, or an autonomous system number on the Internet. 
WHOIS lookups were traditionally made using a command line interface, but a number of simplified web-based 
tools now exist for looking up domain ownership details from different databases. Web-based WHOIS clients
 still rely on the WHOIS protocol to connect to a WHOIS server and do lookups, and command-line WHOIS 
clients are still quite widely used by system administrators.

The WHOIS system originated as a method that system administrators could use to look up information to 
contact other IP address or domain name administrators (almost like a "white pages"). The use of the data 
that is returned from query responses has evolved from those origins into a variety of uses, both altruistic 
(such as a Certificate Authority validating the registration for ecommerce https) and nefarious (such as 
bulk unsolicited email campaigns).

WHOIS has a sister protocol standard called RWhois.

Thin and thick lookups

There are two ways that WHOIS information may be stored: thick or thin. With the thick model, one WHOIS
 server stores the WHOIS information from all the registrars for the particular set of data (so that one WHOIS
 server can respond with WHOIS information on all .org domains, for example). With the thin model, one 
WHOIS server stores the name of the WHOIS server of a registrar that has the full details on the data being
 looked up (such as the .com WHOIS servers, which refer the WHOIS query to the registrar that the domain
 was registered from). The thick model usually ensures consistent data and slightly faster lookups (since 
only one WHOIS server needs to be contacted).

If a WHOIS client does not understand the information being returned, the results of a thin lookup (which 
include the WHOIS server of the registrar, and perhaps a few other necessary details) will be displayed to
 the end user. If the WHOIS client understood how to deal with this situation, it would display the full 
information from the registrar. Unfortunately, there is no standard in the WHOIS protocol for determining
 how to distinguish the thin model from the thick model.

Exact implementation of which records are stored varies between domain name registries. Some top-level
 domains, including .com and .net, operate a thin WHOIS, allowing the various domain registrars the ability
 to maintain their own customers' data. Other registries, including .org, operate a thick model.

Example query

Below is the result of a WHOIS query on wikipedia.org:

  Domain ID:D51687756-LROR
  Created On:13-Jan-2001 00:12:14 UTC
  Last Updated On:01-Mar-2006 12:39:33 UTC
  Expiration Date:13-Jan-2015 00:12:14 UTC
  Sponsoring Registrar:Go Daddy Software, Inc. (R91-LROR)
  Registrant ID:GODA-09495921
  Registrant Name:Wikimedia Foundation
  Registrant Organization:Wikimedia Foundation Inc.
  Registrant Street1:204 37th Ave N, #330
  Registrant Street2:
  Registrant Street3:
  Registrant City:St. Petersburg
  Registrant State/Province:Florida
  Registrant Postal Code:33704
  Registrant Country:US
  Registrant Phone:+1.7272310101
  Registrant Phone Ext.:
  Registrant FAX:
  Registrant FAX Ext.:
  Registrant Email:noc@wikimedia.org
  Admin ID:GODA-29495921
  Admin Name:Jimmy Wales
  Admin Organization:Wikimedia Foundation
  Admin Street1:204 37th Ave. N.  #330
  Admin Street2:
  Admin Street3:
  Admin City:St. Petersburg
  Admin State/Province:Florida
  Admin Postal Code:33704
  Admin Country:US
  Admin Phone:+1.7276441636
  Admin Phone Ext.:
  Admin FAX:
  Admin FAX Ext.:
  Admin Email:jwales@bomis.com
  Tech ID:GODA-19495921
  Tech Name:Jason Richey
  Tech Organization:Wikimedia Foundation
  Tech Street1:19589 Oneida Rd.
  Tech Street2:
  Tech Street3:
  Tech City:Apple Valley
  Tech State/Province:California
  Tech Postal Code:92307
  Tech Country:US
  Tech Phone:+1.7604869194
  Tech Phone Ext.:
  Tech FAX:
  Tech FAX Ext.:
  Tech Email:jasonr@bomis.com


When the Internet was emerging out of the ARPANET entity, there was only one organization that handled
 all domain registrations, which was DARPA itself. The process of registration was established in RFC 920.
 WHOIS was standardized in the early 1980s to look-up domains, people and other resources related to
 domain and number registrations. Because all registration was done by one organization in that time, one
 centralized server was used for WHOIS queries. This made looking-up information very easy.

Early WHOIS servers were highly permissive and would allow wild-card searches. You could do a WHOIS
 lookup on a person's last name and get all the individual people who had a registered handle. You could
 do a query on a keyword and see all registered domains containing that keyword. You could even query
 a given administrative contact and see all domains they were associated with. Due to the advent of the
 commercialized Internet, multiple registrars and unethical spammers, such permissive searching is no
 longer available.

Initially, while ARPANET faded away in the late 1980s, responsibility of domain registration remained with
 DARPA. UUNet began offering domain registration service, however they simply handled the paperwork 
for you and still had to deal with DARPA's Network Information Center (NIC). Then the National Science 
Foundation directed that management of Internet domain registration would be handled by commercial, 
3rd party entities. InterNIC was formed in 1993 under contract with the NSF, consisting of Network 
Solutions, Inc., General Atomics, and AT&T. General Atomics' contract was cancelled after several years
 due to performance issues.

On December 1, 1999, management of .com, .net, and .org was turned over to ICANN and these popular 
TLDs were switched to a thin WHOIS model. Existing WHOIS clients stopped working at that time. A
 month later it had self-detecting CGI support so that the same program could operate a web-based WHOIS
 lookup, and an external TLD table to support multiple whois servers based on the TLD of the request. This
 eventually became the model of the modern whois client.

Currently, in 2005, there are many more generic top-level domains than there were in the early 1980s. Ther
 are also many, many more country-code top-level domains. This has led to a complex network of domain
 name registrars and registrar associations, especially as the management of Internet infrastructure has
 become more internationalized. As such, performing a WHOIS query on a domain requires knowing the
 correct, authoritative WHOIS server to use. Tools to do WHOIS proxy searches have become common,
 and there's a command-line whois client (jwhois) which uses a configuration file to map-out domain
names and network blocks to their appropriate registrar.

In 2004, an IETF committee was formed to standardize a whole new way to look-up information on domain
 names and network numbers. The current working name for this proposed new standard is Cross Registry
 Information Service Protocol (CRISP).

Retrieved from "http://en.wikipedia.org/wiki/WHOIS"