WHOIS command not returning useful information?
Asked Answered
L

3

8

Nowadays, whenever you use WHOIS command doesn't return any usefully information. I usually have to go to Godaddy, Dnsstuff or other services to get the data. I understand the reason is mostly due to spamming.

I was just wondering how other services get this data. Do they use different type of WHOIS command?

Landscape answered 30/3, 2011 at 2:7 Comment(3)
Haha.. I'm going to chalk that up to a SO bug.. Last time I looked, it was 0% - both on this page and on click throughs. I'd delete the comment, but I'll leave it in case SO devs look :)Logsdon
I already answered on ServerFault serverfault.com/questions/253451/…Potentiate
I'm voting to close this question as off-topic because it is not about programming as defined in help center.Pryer
D
5

Bare-naked whois stopped returning complete records when Network Solutions was no longer the only place to register domains. Now it functions more like DNS, where something gives you a place to look for authoritative information, and you have to go look there if you want it.

To wit:

% whois stackoverflow.com
[Querying whois.verisign-grs.com]
[whois.verisign-grs.com]
   ...
   Domain Name: STACKOVERFLOW.COM
   Registrar: GODADDY.COM, INC.
   Whois Server: whois.godaddy.com
   ...

% whois [email protected]
[Querying whois.godaddy.com]
[whois.godaddy.com]
...
Registrant:
   Stack Overflow Internet Services, Inc.
   1010 Disk Drive
   ...etc...

The other services are in the business of registering domains and get their information from their domain registrants.

Danieladaniele answered 30/3, 2011 at 2:18 Comment(4)
I get the error, "No whois server is known for this kind of object."Cobra
@Cobra This question was answered six years ago and was, at the time, accurate. Things have changes since then.Danieladaniele
@Danieladaniele What's the new way of doing this now? I've tried all answers here and it seems to just query whois twice instead.Loiretcher
@Loiretcher The version of whois used in most Linux distributions combines both steps into one, so whois stackoverflow.com now works as you'd expect.Danieladaniele
P
4

Here's the answer I posted on ServerFault.


The short answer to your question, assuming you are using the debian/ubuntu whois library, is to use

$ whois -h whois.crsnic.net "domain google.com"

Here's the long answer.

The .COM TLD is a Thin WHOIS. When you peform a WHOIS query, the WHOIS tool first sends a WHOIS query to Verisign (hostname whois.crsnic.net) and extract the referral from the the response.

By default, when you query Verisign from the domain example.com, Whois performs a very broad search of the string "example.com" in several different objects including the domain name, the registrar name and the nameservers.

You can refine the query by specifying a keyword, as described in the Verisign documentation. http://registrar.verisign-grs.com/whois/iframe/help.html?ppath=www.verisigninc.com/products-and-services/domain-name-services/whois&

The command above does exactly what I explained. Instead of google.com it sends to Verisign the full query "domain google.com". You have to explicitly pass the -h flag because Whois attempts to guess the hostname to query from the query, but it will fail because it won't recognize the query "domain google.com" as a valid domain.

Here's the result of the command.

$ whois -h whois.crsnic.net "domain google.com"

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: GOOGLE.COM
   Registrar: MARKMONITOR INC.
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Status: serverDeleteProhibited
   Status: serverTransferProhibited
   Status: serverUpdateProhibited
   Updated Date: 15-sep-2010
   Creation Date: 15-sep-1997
   Expiration Date: 14-sep-2011

>>> Last update of whois database: Wed, 30 Mar 2011 08:50:16 UTC <<<

NOTICE: The expiration date displayed in this record is the date the 
registrar's sponsorship of the domain name registration in the registry is 
currently set to expire. This date does not necessarily reflect the expiration 
date of the domain name registrant's agreement with the sponsoring 
registrar.  Users may consult the sponsoring registrar's Whois database to 
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois 
database through the use of electronic processes that are high-volume and 
automated except as reasonably necessary to register domain names or 
modify existing registrations; the Data in VeriSign Global Registry 
Services' ("VeriSign") Whois database is provided by VeriSign for 
information purposes only, and to assist persons in obtaining information 
about or related to a domain name registration record. VeriSign does not 
guarantee its accuracy. By submitting a Whois query, you agree to abide 
by the following terms of use: You agree that you may use this Data only 
for lawful purposes and that under no circumstances will you use this Data 
to: (1) allow, enable, or otherwise support the transmission of mass 
unsolicited, commercial advertising or solicitations via e-mail, telephone, 
or facsimile; or (2) enable high volume, automated, electronic processes 
that apply to VeriSign (or its computer systems). The compilation, 
repackaging, dissemination or other use of this Data is expressly 
prohibited without the prior written consent of VeriSign. You agree not to 
use electronic processes that are automated and high-volume to access or 
query the Whois database except as reasonably necessary to register 
domain names or modify existing registrations. VeriSign reserves the right 
to restrict your access to the Whois database in its sole discretion to ensure 
operational stability.  VeriSign may restrict or terminate your access to the 
Whois database for failure to abide by these terms of use. VeriSign 
reserves the right to modify these terms at any time. 

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Potentiate answered 30/3, 2011 at 9:27 Comment(0)
C
2

Although the new "thick" WHOIS policy now requires all new gTLD registries operate a thick registry, currently a few existing registries (such as .COM and .NET) have not yet transitioned to "thick" WHOIS and still operate a thin registry. - https://whois.icann.org/en/primer

For .com and .net, use the registry's thin results from a simple whois command to find the registrar's whois server.

For example,

# whois google.com

   Domain Name: GOOGLE.COM
   Registry Domain ID: 2138514_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.markmonitor.com
   Registrar URL: http://www.markmonitor.com
   Updated Date: 2011-07-20T16:55:31Z
   Creation Date: 1997-09-15T04:00:00Z
   Registry Expiry Date: 2020-09-14T04:00:00Z
   Registrar: MarkMonitor Inc.
   Registrar IANA ID: 292
   Registrar Abuse Contact Email: [email protected]
   Registrar Abuse Contact Phone: +1.2083895740
   Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
   Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
   Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2017-09-12T18:51:08Z <<<

For more information on Whois status codes, please visit https://icann.org/epp
...

Then query the registrar for thick results.

For example,

# whois google.com -h whois.markmonitor.com

Domain Name: google.com
Registry Domain ID: 2138514_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2017-09-07T08:50:36-0700
Creation Date: 1997-09-15T00:00:00-0700
Registrar Registration Expiration Date: 2020-09-13T21:00:00-0700
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)
Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)
Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)
Domain Status: serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited)
Domain Status: serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited)
Domain Status: serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited)
Registry Registrant ID:
Registrant Name: DNS Admin
Registrant Organization: Google Inc.
Registrant Street: 1600 Amphitheatre Parkway,
Registrant City: Mountain View
Registrant State/Province: CA
...

It appears to me (although I don't feel like determining the whois command history now) that at some point the whois command was modified to not automatically query the thick registrar results from the initial thin registry information.

Cobra answered 12/9, 2017 at 19:12 Comment(1)
As for your last sentence, this depends on which whois client you use. There are various strategies, see unix.stackexchange.com/a/407030/211833Puglia

© 2022 - 2024 — McMap. All rights reserved.