The whois System

The whois system is a listing of records that contains details about both the ownership of domains and the owners. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership, but the list of records is held by many companies, known as registries.

Anyone can query the list of records. When you do, one of the registries will handle your request and send you details from the appropriate whois record.

Before we go any further, it’s important that you’re familiar with the following terms:

Registry: A company that manages a list containing a set of domain names (there are many of these). Registrant: The legal owner of the domain; it’s registered to this person. Registrar: A registrant uses a registrar to make his or her registration.

A whois record contains all the contact information associated with the person, company, or other entity that registered the domain name. Some registrations contain more information than others, and some registries return differing amounts of information.

A typical whois record will contain the following information:

The name and contact information of the registrant: The owner of the domain. The name and contact information of the registrar: The organization that registered the domain name. The registration date. When the information was last updated. The expiration date.

You can make whois requests on the web, but, with the Linux whois command, you can perform lookups right from the command line. This is useful if you need to perform a lookup from a computer without a graphical user interface, or if you want to do so from a shell script.

Installing whois

The whois command was already installed on Ubuntu 20.04. If you need to install it on your version of Ubuntu, you can do so with the following command:

On Fedora, use the command below:

And finally, on Manjaro, type the following:

Using whois with a Domain Name

You can use the whois command with domain names or Internet Protocol (IP) addresses. A slightly different set of information is returned for each of these.

We’ll use a domain name for our first example:

The response from the whois registry starts with a summary, and then repeats itself with extra information included. We’ve included an example below with trademark statements and terms of use removed:

This is reasonably self-explanatory. We see various details about the registrar and registry, including contact details, registration dates, and so on. There are a few entries in the list that you might not recognize.

The Internet Assigned Numbers Authority (IANA) oversees and coordinates things like top-level Domain Name System zones, IP protocol addressing systems, and the list of registries. This registry is number 299, which is indicated in the listing as “IANA ID: 299.”

The “domain status” lines show the state in which the domain is, and it can be in several simultaneously. The states are defined in the Extensible Provisioning Protocol. Some of these are rarely seen, and others are restricted to certain situations, such as legal disputes.

The following states are attached to this registration:

clientTransferProhibited: The domain’s registry will reject requests to transfer the domain from the current registrar to another. serverDeleteProhibited: The domain cannot be deleted. serverTransferProhibited: The domain cannot be transferred to another registrar. serverUpdateProhibited: The domain cannot be updated

The last three are usually enabled at the registrant’s request, or if a legal dispute is in progress. In this case, CNN probably requested these to be enforced to “lock down” the company’s domain.

“!DNSSEC” stands for Domain Name System Security Extensions, a scheme that allows a DNS name resolver to cryptographically check that the data it received from the DNS zone is valid and hasn’t been tampered with.

The longer part of the response is shown below:

This gives us more or less the same information as the summary, with extra sections about the registrant and their contact details for administrative and technical purposes.

The registrant name is given as “Domain Name Manager.” Sometimes, for a fee, companies choose to let their registrar register the domain on their behalf under a generic name the registrar maintains for this purpose. That appears to be the case here. However, as the address of the registrant is “1 CCN Center,” it’s obvious who the registrant is.

Using whois with an IP Address

Using whois with an IP address is just as simple as using it with a domain name. Just specify an IP address after whois, like so:

This is the output returned by whois:

The other sections contain contact information that allows you to report issues regarding abuse, network operation, traffic routing, and so on.

Using whois in a Script

To use whois in a script, let’s assume we have a set of domains for which we need to check the expiration dates. We can accomplish this with a small shell script.

Type this into an editor, and save it as “get-expiry.sh”:

Set the script to have executable permissions by using the chmod command, as shown below:

Run the script by calling it by name:

The expiration date for each domain is extracted from the response from whois by using grep to find lines that contain the string “Expiration,” and using awk to print the fifth item from that line.

RELATED: How to Use the awk Command on Linux

Convenience and Automation

Yes, you can also perform whois lookups online. However, having the whois command available in the terminal window and scripts offers convenience, flexibility, and gives you the option to automate some of your workload.