Understanding WHOIS Search
WHOIS 101
WHOIS or “Who is?” is a useful tool for searching information on any domain name. It is one of the oldest terms in the web. It’s an important set of data for businesses (ISPs), individuals (e.g., webmasters) and even governments. For this reason, it is one of the most searched database worldwide, as well as one of the most comprehensive. WHOIS search results provide valuable information for a specific domain name. It includes personal or business data about domain name ownership, registration/expiration dates, nameservers, and status information, among others. It may also consist of contact information like physical addresses, phone numbers, and emails.
Technically, WHOIS is a protocol for finding and updating information about domain names, IP addresses and Internet resources. WHOIS services operate through WHOIS servers or databases that keep records of registered users of Internet resources in a format that humans can read.
You can connect to a WHOIS server to send a query. The server will respond to this inquiry.
It is most commonly used for obtaining information about domain names, generally using various terms such as “whois search”, “whois lookup”, or “whois query”.
Performing a WHOIS search
It is not necessary to install any software on your PC. Many websites will allow you to perform a WHOIS lookup, such as who.is.
It is not hard to recover WHOIS records if you are a Linux or Mac user or purchased your own Linux-based VPS or Dedicated Server. Refer to the command in shell:
whois jolt.co.uk
[su_note note_color=”#ffa6b1″]Recent CentOS versions do not have any whois command line client installed by default. Run yum install jwhois command. Windows users can get a command line Whois utility by Mark Russinovich.[/su_note]
This command will get the following result:
Domain name:
jolt.co.uk
Registrant:
Matthew russell
Registrant type:
UK Individual
Registrant's address:
28 Craypool Lane
Scothern
Lincoln
LN2 2UU
United Kingdom
Data validation:
Nominet was able to match the registrant's name and address against a 3rd party data source on 03-Oct-2014
Registrar:
eNom, Inc. [Tag = ENOM]
URL: http://www.enom.com
Relevant dates:
Registered on: 30-Aug-2013
Expiry date: 30-Aug-2017
Last updated: 31-Jul-2016
Registration status:
Registered until expiry date.
Name servers:
dns1.registrar-servers.com
dns2.registrar-servers.com
WHOIS lookup made at 08:30:05 10-Feb-2017
--
This WHOIS information is provided for free by Nominet UK the central registry
for .uk domain names. This information and the .uk WHOIS are:
Copyright Nominet UK 1996 - 2017.
You may not access the .uk WHOIS or use any data from it except as permitted
by the terms of use available in full at http://www.nominet.uk/whoisterms,
which includes restrictions on: (A) use of the data for advertising, or its
repackaging, recompilation, redistribution or reuse (B) obscuring, removing
or hiding any or all of this notice and (C) exceeding query rate or volume
limits. The data is provided on an 'as-is' basis and may lag behind the
register. Access may be withdrawn or restricted at any time.
The above is a standard whois response about a domain name.
The information presented above was captured at the time of writing this article for publication. If you decide to run the exact same query and search the whois database for jolt.co.uk domain name records, a few details of the result may vary.
[su_note note_color=”#ffa6b1″]A WHOIS lookup may not provide expected results if WHOIS privacy is enabled by domain name registrar. This is usually done in order to hide or disguise certain information, or prevent automated collecting of it as all information in whois database is 100% publicly available.[/su_note]
No useful information is given if a domain name is not registered:
root@linux [~]# whois not-yet-registered.com [Querying whois.verisign-grs.com] [whois.verisign-grs.com] Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. No match for domain "NOT-YET-REGISTERED.COM". >>> Last update of whois database: Thu, 21 Feb 2013 15:51:22 UTC <<<
The not-yet-registered.com domain name does not have any WHOIS records associated with it which means anybody can register that particular domain name. Once someone registers this domain, we will see whois results like those of the jolt.co.uk name.
Remember different WHOIS servers show various results based on the domain name zone (TLD). For instance:
root@linux [~]# whois bloggr.no [Querying whois.norid.no] [whois.norid.no] % Kopibeskyttet, se http://www.norid.no/domenenavnbaser/whois/kopirett.html % Rights restricted by copyright. See http://www.norid.no/domenenavnbaser/whois/kopirett.en.html Domain Information NORID Handle...............: BLO1487D-NORID Domain Name................: bloggr.no Domain Holder Handle.......: BA5098O-NORID Registrar Handle...........: REG42-NORID Legal-c Handle.............: EA3434P-NORID Tech-c Handle..............: DH38R-NORID Name Server Handle.........: NSHY11H-NORID Name Server Handle.........: NSHY46H-NORID Name Server Handle.........: NSHY81H-NORID Additional information: Created: 2011-02-17 Last updated: 2013-02-08 NORID Handle...............: BA5098O-NORID Type.......................: organization Name.......................: OMEGA MEDIA AS Id Type....................: organization_number Id Number..................: 934563719 Registrar Handle...........: REG42-NORID Post Address...............: Sorgenfrigata 6A Postal Code................: NO-0367 Postal Area................: OSLO Country....................: NO Phone Number...............: +47.94328901 Email Address..............: 74busjuisxeh@emailprotection.domainnameshop.com Additional information: Created: 2010-10-01 Last updated: 2013-01-31
The reason for this is that specific details of records stored vary among domain name registries. Additionally, each country-code’s top-level registry has its own national rules.
WHOIS search of IP address
WHOIS query can retrieve publicly-available information about IP addresses:
root@linux [~]# whois 37.61.233.101 [Querying whois.arin.net] [Redirected to whois.ripe.net:43] [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '37.61.233.0 - 37.61.234.255' inetnum: 37.61.233.0 - 37.61.234.255 netname: LIT-1 descr: LayerIP - UK hosting division infrastructure country: GB remarks: Please send abuse complaint emails to "abuse@layerip.com" admin-c: LRIP-RIPE tech-c: LRIP-RIPE status: ASSIGNED PA mnt-by: MNT-LAYERIP mnt-by: TIMICO-MNT mnt-domains: MNT-LAYERIP source: RIPE # Filtered role: LayerIP NOC address: Landmark House, 1 Riseholme Road, Lincoln, LN1 3SN, UK admin-c: LRIP-RIPE tech-c: ARKH8-RIPE nic-hdl: LRIP-RIPE mnt-by: MNT-LAYERIP source: RIPE # Filtered % Information related to '37.61.233.0/24AS8607' route: 37.61.233.0/24 descr: LayerIP - UK hosting division infrastructure origin: AS8607 mnt-by: TIMICO-MNT mnt-by: MNT-LAYERIP source: RIPE # Filtered % This query was served by the RIPE Database Query Service version 1.53 (WHOIS3)
It is similar to what you get for querying whois about a domain name.
[su_note note_color=”#ffa6b1″]If you want to learn more about WHOIS, check out the WHOIS Guide for Real Geeks by Jolt.co.uk Experts.[/su_note]
Resources
World Map of Regional Internet Registries
Image credit: http://en.wikipedia.org/wiki/File:Regional_Internet_Registries_world_map.svg