Whois is a service that provides basic information about a registered domain, such as domain owner contact information, domain availability status, and the company with which the domain is registered (also called the Registrar). In addition, Whois also provides the registration and expiration dates of a domain and the nameservers the domain is using. ICANN regulations require all domain Registrants to keep their contact details valid and up-to-date to help prevent fraud and identity theft.
Whois is also the name of the command-line utility on most UNIX systems used to make WHOIS protocol queries. In addition, WHOIS has a sister protocol called Referral Whois (RWhois).
Why was the WHOIS database created
Initially, the database was created as a directory. It listed "the contact information … of anyone transmitting data across the ARPANET," a building block of the Internet as we know it today.
Think about it: The Internet we're familiar with today is massive. Odds are, you can find just about anything on the Internet. But how often have you stopped to think about where the information is coming from and who's behind it? With the rise and prominence of fake news, it's more important now than ever before to know the source of your information.
WHOIS helps to democratize the Internet. From businesses and corporations to law enforcement and individual users, anyone can access and use the WHOIS database to find out who is behind a domain name and any associated website.
Beyond that, many people find the WHOIS database an excellent tool for business opportunities. For example, if you're looking to take your business online or start a website, you will need a domain name. However, as you get started, you might find that the domain name you want is already registered by someone else. You can use the WHOIS database to get their contact information and reach out to try and broker and deal for the domain name you want.
What kind of information is stored in the WHOIS database
When a domain name is registered, the registrant has to supply their information, and it needs to be accurate. If you supply false information when registering your domain name, you risk losing your domain. ICANN writes, "If the domain name registrant knowingly provides inaccurate information, fails to update information within seven days of any change, or does not respond within 15 days to an inquiry about the accuracy, the domain name may be suspended or canceled."
The information collected during the domain registration process includes your:
That's pretty sensitive information to have at anyone's fingertips, especially the Internet-at-large. However, if you'd rather not have all of your personal information easily searchable by anyone with an internet connection, you do have options.
Almost every domain name registrar offers some form of domain privacy, which is just as it sounds. Domain privacy allows you to supplant the Registrar's information for your own, so instead of having your contact information displayed in WHOIS Lookup results, your Registrar's will show. If someone needs to contact you about your domain name, your Registrar acts as the "middle man" - they'll direct any inquiries to you to view and act upon.
WHOIS Lookup limitations
While the WHOIS database stores a massive amount of information about registered domain names, it doesn't display all of the registration information for every domain name. Certain TLDs, like .com and .net, will always have their registration information in the WHOIS database. Other TLDs, like .me or .gov, display less information. And then there are some domain extensions, like .asia or .coop, that don't allow for domain privacy, so the registrant information will always be searchable and viewable.
ICANN is constantly improving the WHOIS system and has acknowledged, "The evolution of the Internet ecosystem has created challenges for WHOIS in every area."
WHOIS lookups were traditionally performed with a command-line interface application, but now many alternative web-based tools exist.
A WHOIS database consists of a set of text records for each resource. These text records consist of information about the resource itself and any associated information of assignees, registrants, administrative information, such as creation and expiration dates.
Two data models exist for storing resource information in a WHOIS database, the thick and the thin model.
Thin and thick lookups
WHOIS information can be stored and looked up according to either a thick or a thin data model:
Thick: A Thick WHOIS server stores the complete WHOIS information from all the registrars for the particular set of data (so that one WHOIS server can respond with WHOIS information on all .org domains, for example).
Thin: A Thin WHOIS server stores only the name of the WHOIS server of the Registrar of a domain, which has the full details on the data being looked up (such as the .com WHOIS servers, which refer the WHOIS query to the Registrar where the domain was registered).
The thick model usually ensures consistent data and slightly faster queries since only one WHOIS server needs to be contacted. In addition, if a registrar goes out of business, a thick registry contains all necessary information (if the registrant entered correct data, and privacy features were not used to obscure the data), and registration information can be retained. But with a thin registry, the contact information might not be available, and it could be difficult for the rightful registrant to retain control of the domain.
If a WHOIS client did not understand how to deal with this situation, it would display the complete information from the Registrar. Unfortunately, the WHOIS protocol has no standard for distinguishing the thin model from the thick model.
Specific details of which records are stored vary among domain name registries. Some top-level domains, including com and net, operate a thin WHOIS, requiring domain registrars to maintain their own customers' data. The other global top-level registries, including org, operate a thick model. In addition, each country-code top-level registry has its own national rules.
Operating system Unix, Unix-like, ReactOS
License BSD License
The first applications written for the WHOIS information system were command-line interface tools for Unix and Unix-like operating systems (i.e., Solaris, Linux, etc.). WHOIS client and server software is distributed as free, open-source software, and binary distributions are included with all Unix-like systems. However, various commercial Unix implementations may use a proprietary implementation (for example, Solaris 7).
A WHOIS command line client passes a phrase given as an argument directly to the WHOIS server. Various free open source examples can still be found on sites such as sourceforge.net. However, most modern WHOIS tools implement command-line flags or options, such as the -h option to access a specific server host, but default servers are preconfigured. Additional options may allow control of the port number to connect on, displaying additional debugging data, or changing recursion/referral behavior.
Like most TCP/IP client-server applications, a WHOIS client takes the user input and then opens an Internet socket to its destination server. The WHOIS protocol manages the transmission of the query and reception of results.
With the advent of the World Wide Web and especially the loosening up of the Network Solutions monopoly, looking up WHOIS information via the web has become quite common. At present, popular web-based WHOIS-queries may be conducted from ARIN, RIPE, and APNIC. However, most early web-based WHOIS clients were merely front-ends to a command-line client, where the resulting output gets displayed on a web page with little if any clean-up or formatting.
Currently, web-based WHOIS clients usually perform the WHOIS queries directly and then format the results for display. Unfortunately, many such clients are proprietary, authored by domain name registrars.
The need for web-based clients came from the fact that command-line WHOIS clients primarily existed only in the Unix and large computing worlds. Microsoft Windows and Macintosh computers had no WHOIS clients installed by default, so registrars had to find a way to access WHOIS data for potential customers. Many end-users still rely on such clients, even though command line and graphical clients exist now for most home PC platforms. Microsoft provides the Sysinternals Suite that includes a whois client at no cost.
CPAN has several Perl modules available that work with WHOIS servers. Many of them are not current and do not fully function with the current (2005) WHOIS server infrastructure. However, there is still much proper functionality to derive, including looking up AS numbers and registrant contacts.
Registrars and registries mainly run WHOIS services; for example, the Public Interest Registry (PIR) maintains the.ORG registry and associated WHOIS service.