WHOIS ( pronounced as the phrase “ who is ” ) is a question and response protocol that is wide used for querying databases that store the register users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system, but is besides used for a across-the-board roll of other information. The protocol stores and delivers database subject in a human-readable format. [ 1 ] The current iteration of the WHOIS protocol was drafted by the Internet Society, and is documented in RFC 3912. Whois is besides the mention of the command-line utility on most unix systems used to make WHOIS protocol queries. [ 2 ] In summation WHOIS has a baby protocol called Referral Whois ( RWhois ) .
Contents
history
Elizabeth Feinler and her team ( who had created the Resource Directory for ARPANET ) were creditworthy for creating the first WHOIS directory in the early 1970s. Feinler set up a server in Stanford ‘s Network Information Center ( NIC ) which acted as a directory that could retrieve relevant data about people or entities. She and the team created domains, with Feinler ‘s hypnotism that domains be divided into categories based on the physical savoir-faire of the calculator.
Reading: WHOIS – Flickroom
The procedure of registration was established in RFC 920. WHOIS was standardized in the early 1980s to look up domains, people, and other resources related to domain and number registrations. As all registration was done by one organization at that time, one centralized server was used for WHOIS queries. This made looking up such information very easy. At the time of the emergence of the internet from the ARPANET, the only organization that handled all sphere registrations was the Defense Advanced Research Projects Agency ( DARPA ) of the United States government ( created during 1958. [ 6 ] ). responsibility of domain registration remained with DARPA as the ARPANET became the Internet during the 1980s. UUNET began offering domain registration service ; however, they merely handled the paperwork which they forwarded to the DARPA Network Information Center ( NIC ). then the National Science Foundation directed that management of Internet domain registration would be handled by commercial, third-party entities. InterNIC was formed in 1993 under compress with the NSF, consisting of Network Solutions, Inc., general Atomics and AT & T. The General Atomics contract was canceled after several years ascribable to performance issues. twentieth century WHOIS servers were highly permissive and would allow wild-card searches. A WHOIS question of a person ‘s stopping point name would yield all individuals with that name. A question with a given keyword returned all registered domains containing that keyword. A question for a given administrative reach returned all domains the administrator was associated with. Since the second coming of the commercialized Internet, multiple registrars and unethical spammers, such permissive search is no longer available. On December 1, 1999, management of the top-level domains ( TLDs ) com, net, and org was assigned to ICANN. At the meter, these TLDs were converted to a thin WHOIS exemplar. Existing WHOIS clients stopped working at that time. A month late, it had self-detecting Common Gateway Interface support so that the like program could operate a web-based WHOIS search, and an external TLD postpone to support multiple WHOIS servers based on the TLD of the request. This finally became the model of the modern WHOIS node. By 2005, there were many more generic top-level domains than there had been in the early 1980s. There are besides many more country-code top-level domains. This has led to a complex network of domain name registrars and registrar associations, specially as the management of Internet infrastructure has become more internationalize. As such, performing a WHOIS question on a knowledge domain requires knowing the discipline, authoritative WHOIS server to use. Tools to do WHOIS domain searches have become common. [ citation needed ]
CRISP and IRIS
In 2003, an IETF committee was formed to create a new standard for looking up information on world names and network numbers : Cross Registry Information Service Protocol ( CRISP ). [ 7 ] Between January 2005 and July 2006, the work name for this proposed new standard was Internet Registry Information Service ( IRIS ) [ 8 ] [ 9 ] The initial IETF Proposed Standards RFCs for IRIS are :
The condition of RFCs this group worked on can be found on the IETF Tools locate. [ 10 ] As of March 2009, the CRISP IETF Working Group concluded, [ 11 ] after a final examination RFC 5144 was published by the group [ 12 ] Newton, Andrew ; Sanz, Marcos ( February 2008 ). A Domain Availability Check (DCHK) Registry Type for the Internet Registry Information Service (IRIS). IETF. department of the interior : 10.17487/RFC5144. RFC 5144 .. Note : The IETF CRISP working group is not to be confused with the Number Resource Organization ‘s ( NRO ) team of the same diagnose “ Consolidated RIR IANA Stewardship Proposal Team ” ( CRISP Team ). [ 13 ]
WEIRDS and RDAP
In 2013, the IETF acknowledged that IRIS had not been a successful refilling for WHOIS. The primary technical reason for that appeared to be the complexity of IRIS. Further, non-technical reasons were deemed to lie in areas upon which the IETF does not pass opinion. interim, ARIN and RIPE NCC managed to serve WHOIS data via RESTful web services. The charter ( drafted in February 2012 ) provided for separate specifications, for number registries first and for name registries to follow. [ 14 ] The working group produced five proposed standard documents :
and an informational document :
protocol
The WHOIS protocol had its origin in the ARPANET NICNAME protocol and was based on the NAME/FINGER Protocol, described in RFC 742 ( 1977 ). The NICNAME/WHOIS protocol was first described in RFC 812 in 1982 by Ken Harrenstien and Vic White of the Network Information Center at SRI International. WHOIS was primitively implemented on the Network Control Program ( NCP ) but found its major function when the TCP/IP suite was standardized across the ARPANET and former the Internet. The protocol specification is the adopt ( original quote ) : [ 15 ]
Connect to the service host TCP: service port 43 decimal NCP: ICP to socket 43 decimal, establishing two 8-bit connections Send a single "command line", ending with. Receive information in response to the command line. The server closes its connections as soon as the output is finished.
The command line server question is normally a single name stipulation. i.e. the name of a resource. however, servers accept a question, consisting of merely the question mark ( ? ) to return a description of acceptable command note formats. substitution or wild-card formats besides exist, e.g., appending a full-stop ( period ) to the question mention returns all entries beginning with the question name. On the modern Internet, WHOIS services are typically communicated using the Transmission Control Protocol ( TCP ). Servers listen to requests on the well-known port number 43. Clients are simpleton applications that establish a communications channel to the server, transmit a textbook record with the name of the resource to be queried and await the response in form of a sequence of text records found in the database. This simplicity of the protocol besides permits an lotion, and a instruction line interface user, to query a WHOIS server using the Telnet protocol .
Augmentations
In 2014, June ICANN published the recommendation for condition codes, the “ extensile Provisioning Protocol ( EPP ) domain status codes ” [ 16 ]
| Status Code | Description |
|---|---|
| addPeriod | This grace period is provided after the initial registration of a domain name. If the registrar deletes the domain name during this period, the registry may provide credit to the registrar for the cost of the registration. |
| autoRenewPeriod | This grace period is provided after a domain name registration period expires and is extended (renewed) automatically by the registry. If the registrar deletes the domain name during this period, the registry provides a credit to the registrar for the cost of the renewal. |
| inactive | This status code indicates that delegation information (name servers) has not been associated with the domain. The domain is not activated in the DNS and will not resolve. |
| ok | This is the standard status for a domain, meaning it has no pending operations or prohibitions. |
| pendingCreate | This status code indicates that a request to create the domain has been received and is being processed. |
| pendingDelete | This status code may be mixed with redemptionPeriod or pendingRestore. In such case, depending on the status set in the domain name, otherwise (not combined with other status), the pendingDelete status code indicates that the domain has been in redemptionPeriod status for 30 days and not restored. The domain will remain in this status for several days, after which time the domain will be dropped from the registry database. once deletion occurs, the sphere is available for re-registration in accord with the register ‘s policies . |
| pendingRenew | This status code indicates that a request to renew the domain has been received and is being processed. |
| pendingRestore | This status code indicates that your registrar has asked the registry to restore the domain that was in redemptionPeriod status. Your registry will hold the domain in this status while waiting for your registrar to provide required restoration documentation. If your registrar fails to provide documentation to the registry operator within a set time period to confirm the restoration request, the domain will revert to redemptionPeriod status. |
| pendingTransfer | This status code indicates that a request to transfer the domain to a new registrar has been received and is being processed. |
| pendingUpdate | This status code indicates that a request to update the domain has been received and is being processed. |
| redemptionPeriod | This status code indicates that your registrar has asked the registry to delete the domain. The domain will be held in this status for 30 days. After five calendar days following the end of the redemptionPeriod, the domain is purged from the registry database and becomes available for registration. |
| renewPeriod | This grace period is provided after a domain name registration period is explicitly extended (renewed) by the registrar. If the registrar deletes the domain name during this period, the registry provides a credit to the registrar for the cost of the renewal. |
| serverDeleteProhibited | This status code prevents the domain from being deleted. It is an uncommon status that is usually enacted during legal disputes, at your request, or when a redemptionPeriod status is in place. |
| serverHold | This status code is set by the domain’s Registry Operator. The domain is not activated in the DNS. |
| serverRenewProhibited | This status code indicates the domain’s Registry Operator will not allow your registrar to renew the domain. It is an uncommon status that is usually enacted during legal disputes or when the domain is subject to deletion. |
| serverTransferProhibited | This status code prevents the domain from being transferred from your current registrar to another. It is an uncommon status that is usually enacted during legal or other disputes, at your request, or when a redemptionPeriod status is in place. |
| serverUpdateProhibited | This status code locks the domain preventing it from being updated. It is an uncommon status that is usually enacted during legal disputes, at your request, or when a redemptionPeriod status is in place. |
| transferPeriod | This grace period is provided after the successful transfer of a domain name from one registrar to another. If the new registrar deletes the domain name during this period, the registry provides a credit to the registrar for the cost of the transfer. |
implementation
WHOIS lookups were traditionally performed with a instruction production line interface application, but nowadays many alternative web-based tools exist. A WHOIS database consists of a set of textbook records for each resource. These text records consists of versatile items of information about the resource itself, and any consociate information of assignees, registrants, administrative information, such as universe and exhalation dates. Two data models exist for storing resource information in a WHOIS database, the thick and the thin model .
Thin and thick lookups
WHOIS information can be stored and looked up according to either a thick or a thin data model :
- Thick
- A Thick WHOIS server stores the complete WHOIS information from all the registrars for the particular set of data (so that one WHOIS server can respond with WHOIS information on all .org domains, for example).
- Thin
- A Thin WHOIS server stores only the name of the WHOIS server of the registrar of a domain, which in turn has the full details on the data being looked up (such as the .com WHOIS servers, which refer the WHOIS query to the registrar where the domain was registered).
The thick mannequin normally ensures coherent data and slightly faster queries, since lone one WHOIS waiter needs to be contacted. If a registrar goes out of occupation, a dense register contains all significant information ( if the registrant entered adjust data, and privacy features were not used to obscure the data ) and registration information can be retained. But with a thin register, the contact information might not be available, and it could be unmanageable for the rightful registrant to retain control of the sphere. [ 17 ] If a WHOIS node did not understand how to deal with this situation, it would display the full information from the registrar. unfortunately, the WHOIS protocol has no standard for determining how to distinguish the thin exemplar from the thick model. specific details of which records are stored vary among domain name registries. Some top-level domains, including com and net, operate a thin WHOIS, requiring world registrars to maintain their own customers ‘ data. The other global top-level registries, including org, operate a slurred model. [ 18 ] Each country-code top-level register has its own national rules .
software
The first applications written for the WHOIS information organization were command-line interface tools for Unix and Unix-like operating systems ( i.e. Solaris, Linux and so forth ). WHOIS customer and server software is distributed as rid open-source software and binary distributions are included with all Unix-like systems. respective commercial Unix implementations may use a proprietary implementation ( for exercise, Solaris 7 ). A WHOIS command course client passes a phrase given as an argument directly to the WHOIS server. assorted free open source examples can still be found on sites such as sourceforge.net. however, most modern WHOIS tools implement command line flags or options, such as the -h option to access a specific waiter host, but default servers are preconfigured. Additional options may allow control of the port act to connect on, displaying extra debug data, or changing recursion/referral behavior. Like most TCP/IP client–server applications, a WHOIS client takes the drug user input signal and then opens an Internet socket to its finish waiter. The WHOIS protocol manages the transmission of the question and reception of results .
web
With the advent of the World Wide Web and particularly the loosening up of the Network Solutions monopoly, looking up WHOIS information via the network has become quite common. At present, popular web-based WHOIS-queries may be conducted from ARIN, [ 20 ] RIPE [ 21 ] and APNIC. [ 22 ] Most early web-based WHOIS clients were merely front-ends to a command-line node, where the resulting output signal merely gets displayed on a web page with short, if any, clean-up or format.
presently, web based WHOIS clients normally perform the WHOIS queries directly and then format the results for expose. many such clients are proprietary, authored by sphere name registrars. The necessitate for web-based clients came from the fact that command-line WHOIS clients largely existed entirely in the Unix and large computing worlds. Microsoft Windows and Macintosh computers had no WHOIS clients installed by nonpayment, so registrars had to find a way to provide access to WHOIS data for electric potential customers. many end-users placid trust on such clients, even though dominate credit line and graphic clients exist now for most home personal computer platforms. Microsoft provides the Sysinternals Suite that includes a whois node at no cost. CPAN has several Perl modules available that knead with WHOIS servers. Many of them are not current and do not amply function with the current ( 2005 ) WHOIS waiter infrastructure. however, there is still much utilitarian functionality to derive including looking up AS numbers and registrant contacts. [ citation needed ]
Servers
WHOIS services are chiefly run by registrars and registries ; for exemplar the Public Interest Registry ( PIR ) maintains the .ORG register and associated WHOIS avail. [ 23 ]
regional Internet registries
regional Internet registries WHOIS servers operated by regional Internet registries ( RIR ) can be queried directly to determine the Internet service provider creditworthy for a particular resource. The records of each of these registries are cross-referenced, so that a question to ARIN for a record which belongs to RIPE will return a proxy pointing to the RIPE WHOIS server. This lets the WHOIS user making the question know that the detailed information resides on the RIPE server. In addition to the RIRs servers, commercial services exist, such as the Routing Assets Database used by some big networks ( for example, big Internet providers that acquired other ISPs in several RIR areas ) .
server discovery
There is presently no widely extended means for determining the responsible WHOIS server for a DNS knowledge domain, though a number of methods are in common manipulation for top-level domains ( TLDs ). Some registries use DNS SRV records ( defined in RFC 2782 [ 24 ] ) to allow clients to discover the address of the WHOIS server. [ 25 ] Some WHOIS lookups require searching the pander sphere registrar to display domain owner details .
question model
normally the contact information of the resources assignee is returned. however, some registrars offer private registration, in which case the contact data of the registrar is shown alternatively. Some register operators are wholesalers, meaning that they typically provide knowledge domain name services to a large number of retail registrars, who in turn offer them to consumers. For secret registration, only the identity of the wholesale registrar may be returned. In this font, the identity of the individual ampere well as the retail registrar may be hidden. Below is an case of WHOIS data returned for an individual resource holder. This is the result of a WHOIS question of example.com :
whois example.com [Querying whois.verisign-grs.com] [Redirected to whois.iana.org] [Querying whois.iana.org] [whois.iana.org] % IANA WHOIS server % for more information on IANA, visit http://www.iana.org % This query returned 1 object domain: EXAMPLE.COM organisation: Internet Assigned Numbers Authority created: 1992-01-01 source: IANA
referral Whois
Referral Whois ( RWhois ) is an extension of the original Whois protocol and service. RWhois extends the concepts of Whois in a scalable, hierarchical fashion, potentially creating a arrangement with a tree-like architecture. Queries are deterministically routed to servers based on hierarchical labels, reducing a question to the primary depository of information. [ 26 ] Lookups of IP address allocations are frequently limited to the larger Classless Inter-Domain Routing ( CIDR ) blocks ( for example, /24, /22, /16 ), because normally merely the regional Internet registries ( RIRs ) and domain registrars run RWhois or Whois servers, although RWhois is intended to be run by tied smaller local Internet registries, to provide more chondritic information about IP address assignment. RWhois is intended to replace Whois, providing an organized hierarchy of referral services where one could connect to any RWhois server, request a look-up and be automatically re-directed to the correct server ( sulfur ). however, while the technical functionality is in seat, adoption of the RWhois standard has been faint. RWhois services are typically communicated using the Transmission Control Protocol ( TCP ). Servers listen to requests on the long-familiar port number 4321. Rwhois was first specified in RFC 1714 in 1994 by Network Solutions, [ 26 ] but the specification was superseded in 1997 by RFC 2167. [ 27 ] The referral features of RWhois are different than the feature of a Whois server to refer responses to another server, which RWhois besides implements .
criticism
One criticism of WHOIS is the lack of entire access to the datum. [ 28 ] [ 29 ] Few parties have realtime access to the complete databases. Others cite the competing goal of domain privacy as a criticism, although this trouble is strongly mitigated by domain privacy services. presently, the Internet Corporation for Assigned Names and Numbers ( ICANN ) broadly requires that the mail address, phone total and electronic mail address of those owning or administering a knowledge domain name to be made publicly available through the “ WHOIS ” directories. The registrant ‘s ( domain owner ‘s ) contact details, such as address and telephone numeral, are easily accessible to anyone who queries a WHOIS waiter. however, that policy enables spammers, direct marketers, identity thieves or other attackers to loot the directory for personal information about these people. Although ICANN has been exploring changing WHOIS to enable greater privacy, there is a miss of consensus among major stakeholders as to what type of change should be made. [ 30 ] Some world registrars offer private registrations ( besides known as world privacy ), by which the touch information of the registrar is shown rather of the customer ‘s. With the volunteer of private adjustment from many registrars, some of the risk has been mitigated. [ 31 ] Studies have shown that spammers can and do harvest plain-text electronic mail addresses from WHOIS servers. [ 32 ] For this reason, some WHOIS servers and websites offering WHOIS queries have implemented rate-limiting systems, such as web-based CAPTCHA and limited amounts of search queries per exploiter IP address. [ 31 ] The WHOIS requirements conflict with the General Data Protection Regulation ( GDPR ), effective in the European Union 25 May 2018, which places nonindulgent regulations on the serve and publication of personally identifiable information. ICANN stated in November 2017 that it would not reprimand “ disobedience with contractual obligations related to the handle of registration data ” if registrars provide alternative solutions for submission with its rules, until the WHOIS requirements are updated to take GDPR into account. [ 31 ] [ 33 ] The WHOIS protocol was not written with an international hearing in take care. A WHOIS server and/or client can not determine the text encoding in effect for the question or the database content. many servers were originally using US- ASCII and Internationalization concerns were not taken into retainer until much later. [ 34 ] This might impact the serviceability or utility of the WHOIS protocol in countries outside the USA. [ 1 ] In the case of internationalize domain names it is the province of the client application to perform the translation of the domain name between its native language script and the DNS name in punycode .
Accuracy of information
In cases where the registrant ‘s ( Domain Owner ) identity is public, anyone can easily confirm the status of a sphere via WHOIS. In the case of private registrations, ascertaining adjustment information may be more difficult. If a registrant, who acquired a sphere mention, wants to verify the registrar has completed the registration process, three steps may be required :
- Perform a WHOIS and confirm that the resource is at least registered with ICANN,
- Determine the name of the wholesale registrar, and
- Contact the wholesaler and obtain the name of the retail registrar.
This provides some confidence that the retailer actually registered the name. But if the registrar goes out of business, as with the failure of RegisterFly in 2007, the true world holder with privacy-protected registrations may have difficulty regaining the administration of their world name. [ 17 ] Registrants using “ private registration ” can attempt to protect themselves by using a registrar that places customer data in escrow with a third base party. ICANN requires that every registrant of a domain name be given the opportunity to correct any inaccurate contact data associated with their sphere. For this cause, registrars are required to sporadically send the holder the contact information on record for verification, but they do not provide any guarantee about the accuracy of information if the registrant provided inaccurate information.
Read more: The Best VPS Web Hosting Services for 2022
law and policy
WHOIS has generated policy issues in the United States federal politics. As celebrated above, WHOIS creates a privacy emergence which is besides tied to free lecture and anonymity. however, WHOIS is an important cock for law enforcement officers investigating violations like spam and phishing to track down the holders of knowledge domain names. As a leave, police enforcement agencies have sought to make WHOIS records both open and control : [ 35 ]
- The Federal Trade Commission has testified about how inaccurate WHOIS records thwart their investigations.[36]
- Congressional hearings have been conducted about the importance of WHOIS in 2001, 2002 and 2006.[37]
- The Fraudulent Online Identity Sanctions Act[38] “make it a violation of trademark and copyright law if a person knowingly provided, or caused to be provided, materially false contact information in making, maintaining, or renewing the registration of a domain name used in connection with the violation,”[39] where the latter “violation” refers to a prior violation of trademark or copyright law. The act does not make the submission of false WHOIS data illegal in itself, only if used to shield oneself from prosecution for crimes committed using that domain name.
ICANN proposal to abolish WHOIS
The Expert Working Group ( EWG ) of the Internet Corporation for Assigned Names and Numbers ( ICANN ) recommended on 24 June 2013 that WHOIS should be scrapped. It recommends that WHOIS be replaced with a organization that keeps data secret from most Internet users, and entirely discloses information for “ permissible purposes ”. [ 40 ] ICANN ‘s list of permissible purposes includes domain-name inquiry, domain-name sale and leverage, regulative enforcement, personal datum auspices, legal actions, and misuse moderation. [ 41 ] Although WHOIS has been a key joyride of journalists in determining who was disseminating certain information on the Internet, [ 42 ] the consumption of WHOIS by the barren iron is not included in ICANN ‘s nominate tilt of permissible purposes. The EWG collected populace input on the initial report until 13 September 2013. Its final examination report was issued on 6 June 2014, without meaningful changes to the recommendations. [ 43 ] As of March 2015, ICANN is in the “ process of re-inventing WHOIS, ” working on “ ICANN WHOIS Beta. ” [ 44 ] [ 45 ]
Standards documents
- RFC 812 – NICNAME/WHOIS (1982, obsolete)
- RFC 954 – NICNAME/WHOIS (1985, obsolete)
- RFC 3912 – WHOIS protocol specification (2004, current)
