|
Whois is a protocol used to find information about networks, domains and hosts. The whois records normally include data on the organizations and the contacts associated with these networks and domains.
Whois services operate through a whois server. Any one can connect to a whois server and send a query. The whois server will then respond to the query and close the connection. Any one can run a whois server. For example a company could run a whois server that provides information about its various departments and employees.
The most common use of whois is for finding information about domain names. For example, you can find information on a domain (eg: microsoft.com) by querying the appropriate whois server.
If your internet connection has a permanent IP, you should be very careful while using public resources like whois servers. Make sure that your IP doesn't find its way into various registrar ban lists. If you ever find your IP banned give them a call and explain your situation. Find out what got you banned and assure them that you will follow their whois policy usage guidelines. Remember that whois servers are being used and abused. Whois server administrators have responded with limits on how many lookups may be performed per minute, per day, etc.
Whois Lookup using Telnet
Let us assume you want to find the domain registration details regarding “softnik.co.uk”. The whois server for UK domains is whois.nic.uk. So all we need to do is connect to whois.nic.uk on port 43 (the standard port defined for whois requests) and then send the string softnik.co.uk followed by a carriage return linefeed pair (by pressing the <enter&rt; key on your keyboard).
|
Try this:
From the Windows Start button select “Run”.
Now type: telnet whois.nic.uk 43.
Click OK.
Telnet window will open up.
Briefly, a “connecting...” message shows.
|
Once the connection is made the window will be blank. Now type in any UK domain (e.g. microsoft.co.uk) and press the enter key (please note that the telnet window will not display the text that is being typed in). You should be able to see the unformatted raw domain record in the window.
IP Whois: Looking up IP Addresses
The Internet address space allocation is managed by a number of different organizations. These registries provide IP allocation information through their whois servers.
To find the allocation information for a specific IP address, query it first using the ARIN whois server. If the IP address is allocated through any of the other registries this information will be reported by ARIN. More lookups will be required to locate the actual data.
When large IP blocks are allocated to a large organization, there may be other whois servers internal to the organization. This means even more lookups.
Organizations Responsible for IP Allocations
American Region
The Internet numbering resources for North America is managed by American Registry for Internet Numbers, “ARIN”.
Asia/Oceania Region
Asia Pacific Network Information Centre, “APNIC”, serves the Asia Pacific region, comprising the countries in Asia and Australia.
Europe and Middle East
The RIPE Network Coordination Centre, “RIPE NCC” manages the IP allocation in Europe, The Middle East, The North of Africa and parts of Asia.
Latin American and Caribbean Region
The Latin American and Caribbean IP address Regional Registry, “LACNIC”, is the emerging organization that will administer the Latin American and Caribbean Region IP address space.
African Region
The African Network Information Center, “AfriNIC”, is the emerging organization that will administer IP allocation for Africa.
Domain Whois: Looking up Domain Names
The most common use of whois is for looking up domain names. This may be for checking available domain names before registering or to locate information on the domain name registrant.
The whois server for domain registration records are maintained by the organization authorized to register domain names. This depends on the specific domain name extension.
There are a number of registrars for the popular Com and Net domains and the actual domain records are not available from a single whois server.
Whois lookup for Com and Net Domains
Here is the procedure for looking up the popular top level domains:
- Query whois.crsnic.net (or rs.internic.net) for the domain name.
- Check the returned records to see if the domain is already registered. If it is, look for the authoritative whois server.
- Query the authoritative whois server to obtain the actual whois records.
|
Whois lookup for other top level domains
The other top level domain registrars maintain their own whois servers. Some of the main domain extensions and the whois servers are listed below.
| INFO: | whois.afilias.info
|
| BIZ: | whois.neulevel.biz
|
| ORG: | whois.publicinterestregistry.net
|
| AERO: | whois.information.aero
|
| COOP: | whois.nic.coop
|
| NAME: | whois.nic.name
|
|
Command line version usage
clwhois [-d] <host or IP address>
-d Do domain whois lookup if an IP address is not specified.
|
|
Examples:
clwhois microsoft.com
clwhois -d microsoft.com
clwhois 200.200.200.200
|
Configuring Whois Servers
To add support for more top level domains or change the default whois servers simply create a text file called whoislist.txt and place it in the same directory where clwhois.exe is present. The text file should have entries similar to the following:
| com: | whois.crsnic.net
|
| net: | whois.crsnic.net
|
| org: | whois.crsnic.net
|
| edu: | whois.crsnic.net
|
| biz: | whois.neulevel.biz
|
| info: | whois.afilias.info
|
| us: | whois.nic.us
|
| uk: | whois.nic.uk
|
| ca: | whois.cira.ca
|
| de: | whois.nic.de
|
| ws: | whois.nic.ws
|
| au: | whois.aunic.net
|
| nu: | whois.nic.nu
|
Country Code Top Level Domains
There are two types of top-level domains: generic and country code. Generic Top Level Domains (gTLD) are used on a global basis and include tlds like Com, Net, org, Info, biz, Aero, etc.
Country code Top Level Domains, “ccTLD”, are meant for use by individual countries, as they deem necessary. Examples include .US, .UK, .AU, .IN, etc.
Some country code domains are open to registration on a global basis. However most of the country code domains are restricted.
Whois Servers for ccTLDs
The registries for country code TLDs maintain their own whois servers:
| UK: | whois.nic.uk
|
| US: | whois.nic.us
|
| CA: | whois.cira.ca
|
| DE: | whois.nic.de
|
| WS: | whois.nic.ws
|
| AU: | whois.aunic.net
|
| IN: | whois.inregistry.net
|
| NU: | whois.nic.nu
|
Port 43 Whois Server for Specific Countries
You can find the official whois server for a specific country code by querying Internet Assigned Numbers Authority, “IANA”, whois server at whois.iana.org.
Whois Lookups Require Port 43
Whois servers normally accept connections on port 43. This means that your whois client should be able to transmit and receive data using this port. If you are behind a firewall or proxy the whois lookups may not work. If this is the case ask your system administrator to open up port 43.
Port 43 Usage Restrictions
It is very important to be careful when using automated software tools to access port 43 whois servers. If you make too many connections in a short duration you will find your ip address blocked by the whois server. Many registrars restrict the number of connections and the frequency of connections to their port 43 whois servers. This is to prevent abuse from people looking to mine the whois database for email and snail mail addresses.
Whois Proxy Servers
Technically a “proxy” is a person or agency who has authority to act for another. Whois Proxies act as an intermediary between a whois client and whois servers.
Why would you need an intermediary for doing whois lookups? There are a number of reasons why a whois proxy is useful.
Uses of a Whois Proxy:
- Whois proxies can act as a single point of contact between the whois client and whois servers. Instead of the whois client being aware of different whois servers it only needs to communicate with the proxy. The proxy takes care of deciding which whois server to connect to. This has the advantage that any required code changes may be made at the proxy instead of updating every copy of the whois client on multiple computers.
- Whois proxies can cache the data reducing overall network traffic to and from whois servers. For example, if person A asks for specific domain record, the proxy first checks if a fresh data is available in the local cache. If it is not, the data is retrieved and supplied to A's whois client. The data is also cached locally. If after a few minutes person B asks for the same data, it is picked up from the local cache and supplied to B. No connections are made to the whois servers.
- If you are behind a firewall that rejects direct connects to port 43, you can try accessing a whois proxy that uses the HTTP protocol. Since HTTP connects are almost never prevented by a firewall, this method provides an easy way to overcome network restrictions.
|
