قالب وردپرس درنا توس
Home / Tips and Tricks / How to use the whois command on Linux

How to use the whois command on Linux



A terminal window on a Linux computer with a Ubuntu-style desktop.
Fatmawati Achmad Zaenuri / Shutterstock

A whois lookup will give you a lot of information about who owns an internet domain. On Linux, you can run whois lookup from the command line. We will guide you through it.

Whois system

The Whois system is a list of records that contains information about both the ownership of domains and the owners. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership, but the list of records is provided by many companies, so-called registries.

Anyone can ask for the list of items. When you do so, one of the registers will handle your request and send you information from the appropriate whois record.

Before we go any further, it is important to know the following conditions:

  • Register: A company that manages a list that contains a set of domain names (there are many of them).
  • registrant The legal owner of the domain; it is registered for this person.
  • Registrar: A registrant uses a registrar to do his registration.

A whois record contains all contact information associated with the person, company or other entity that registered the domain name. Some records contain more information than others, and some registers provide different amounts of information.

A typical whois entry contains the following information:

  • Registrant̵
    7;s name and contact information:
    Domain owner.
  • The registrar’s name and contact information: The organization that registered the domain name.
  • Joined.
  • When the information was last updated.
  • The expiry date.

You can make whois requests on the web, but with Linux whois command, you can perform searches directly from the command line. This is useful if you need to look up a computer without a graphical user interface, or if you want to do it from a shell script.

Installs whois

The whois the command was already installed on Ubuntu 20.04. If you need to install it on your version of Ubuntu, you can do so with the following command:

sudo apt-get install whois

sudo apt-get install whois in a terminal window.

At Fedora, use the command below:

sudo dnf install whois

sudo dnf install whois in a terminal window.

And finally, at Manjaro, you write the following:

sudo pacman -Syu whois

sudo pacman -Syu whois in a terminal window.

Use whois with a domain name

You can use whois command with domain names or IP addresses. A slightly different set of information is returned for each of these.

We will use a domain name for our first example:

whois cnn.com

whois cnn.com in a terminal window

The answer from the whois register starts with a summary and then repeats with extra information included. We’ve included an example below with trademark notices and terms of use removed:

Domain Name: CNN.COM
Registry Domain ID: 3269879_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.corporatedomains.com
Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html
Updated Date: 2018-04-10T16:43:38Z
Creation Date: 1993-09-22T04:00:00Z
Registry Expiry Date: 2026-09-21T04:00:00Z
Registrar: CSC Corporate Domains, Inc.
Registrar IANA ID: 299
Registrar Abuse Contact Email: domainabuse@cscglobal.com
Registrar Abuse Contact Phone: 8887802723
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS-1086.AWSDNS-07.ORG
Name Server: NS-1630.AWSDNS-11.CO.UK
Name Server: NS-47.AWSDNS-05.COM
Name Server: NS-576.AWSDNS-08.NET
DNSSEC: unsigned

This is pretty self-explanatory. We see various details about the registrar and the registry, including contact information, registry date and so on. There are some items in the list that you may not recognize.

The Internet Assigned Numbers Authority (IANA) monitors and coordinates things such as top-level domain name system zones, IP protocol addressing systems, and the list of registers. The registry is number 299, which is listed in the list as “IANA ID: 299.”

The lines “domain status” show the state of the domain and it can be in several at once. The states are defined in the Extensible Provisioning Protocol. Some of these are rarely seen, and others are limited to certain situations, such as legal disputes.

The following states are attached to this registration:

  • clientTransferProhibited: The domain registry rejects requests to transfer the domain from the current registrar to another.
  • serverDeleteProhibited: The domain cannot be deleted.
  • serverTransferProhibited: The domain cannot be transferred to another registrar.
  • serverUpdateProhibited: The domain cannot be updated

The last three are usually activated at the registrant’s request, or if a legal dispute is ongoing. In this case, CNN probably requested that these be enforced to “lock down” the company’s domain.

“! DNSSEC” stands for Domain Name System Security Extensions, a scheme that allows a DNS name resolver to cryptographically verify that data it received from the DNS zone is valid and has not been tampered with.

The longer part of the answer is shown below:

Domain Name: cnn.com
Registry Domain ID: 3269879_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.corporatedomains.com
Registrar URL: www.cscprotectsbrands.com
Updated Date: 2018-04-10T16:43:38Z
Creation Date: 1993-09-22T04:00:00Z
Registrar Registration Expiration Date: 2026-09-21T04:00:00Z
Registrar: CSC CORPORATE DOMAINS, INC.
Registrar IANA ID: 299
Registrar Abuse Contact Email: domainabuse@cscglobal.com
Registrar Abuse Contact Phone: +1.8887802723
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: serverDeleteProhibited http://www.icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited http://www.icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited http://www.icann.org/epp#serverUpdateProhibited
Registry Registrant ID:
Registrant Name: Domain Name Manager
Registrant Organization: Turner Broadcasting System, Inc.
Registrant Street: One CNN Center
Registrant City: Atlanta
Registrant State/Province: GA
Registrant Postal Code: 30303
Registrant Country: US
Registrant Phone: +1.4048275000
Registrant Phone Ext:
Registrant Fax: +1.4048271995
Registrant Fax Ext:
Registrant Email: tmgroup@turner.com
Registry Admin ID:
Admin Name: Domain Name Manager
Admin Organization: Turner Broadcasting System, Inc.
Admin Street: One CNN Center
Admin City: Atlanta
Admin State/Province: GA
Admin Postal Code: 30303
Admin Country: US
Admin Phone: +1.4048275000
Admin Phone Ext:
Admin Fax: +1.4048271995
Admin Fax Ext:
Admin Email: tmgroup@turner.com
Registry Tech ID:
Tech Name: TBS Server Operations
Tech Organization: Turner Broadcasting System, Inc.
Tech Street: One CNN Center
Tech City: Atlanta
Tech State/Province: GA
Tech Postal Code: 30303
Tech Country: US
Tech Phone: +1.4048275000
Tech Phone Ext:
Tech Fax: +1.4048271593
Tech Fax Ext:
Tech Email: hostmaster@turner.com
Name Server: ns-576.awsdns-08.net
Name Server: ns-1086.awsdns-07.org
Name Server: ns-47.awsdns-05.com
Name Server: ns-1630.awsdns-11.co.uk
DNSSEC: unsigned

This gives us more or less the same information as the summary, with extra sections on the registrant and their contact information for administrative and technical purposes.

The registrant name is given as “Domain Name Manager.” Sometimes, for a fee, companies choose to have their registrar register the domain on their behalf under a generic name that the registrar has for this purpose. That seems to be the case here. Since the registrant’s address is “1 CCN Center”, it is obvious who the registrant is.

Use whois with an IP address

Using whois having an IP address is as simple as using it with a domain name. Just enter an IP address after whois, like this:

whois 205.251.242.103

whois 205.251.242.103 in a terminal window.

This is the output returned by whois:

NetRange: 205.251.192.0 - 205.251.255.255
CIDR: 205.251.192.0/18
NetName: AMAZON-05
NetHandle: NET-205-251-192-0-1
Parent: NET205 (NET-205-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS16509, AS39111, AS7224
Organization: Amazon.com, Inc. (AMAZON-4)
RegDate: 2010-08-27
Updated: 2015-09-24
Ref: https://rdap.arin.net/registry/ip/205.251.192.0

OrgName: Amazon.com, Inc.
OrgId: AMAZON-4
Address: 1918 8th Ave
City: SEATTLE
StateProv: WA
PostalCode: 98101-1244
Country: US
RegDate: 1995-01-23
Updated: 2020-03-31
Ref: https://rdap.arin.net/registry/entity/AMAZON-4

OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-266-4064 
OrgAbuseEmail: abuse@amazonaws.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN

OrgNOCHandle: AANO1-ARIN
OrgNOCName: Amazon AWS Network Operations
OrgNOCPhone: +1-206-266-4064 
OrgNOCEmail: amzn-noc-contact@amazon.com
OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN

OrgRoutingHandle: ADR29-ARIN
OrgRoutingName: AWS Dogfish Routing
OrgRoutingPhone: +1-206-266-4064 
OrgRoutingEmail: aws-dogfish-routing-poc@amazon.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/ADR29-ARIN

OrgRoutingHandle: IPROU3-ARIN
OrgRoutingName: IP Routing
OrgRoutingPhone: +1-206-266-4064 
OrgRoutingEmail: aws-routing-poc@amazon.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN

OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-266-4064 
OrgTechEmail: amzn-noc-contact@amazon.com
OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN

RTechHandle: ROLEA19-ARIN
RTechName: Role Account
RTechPhone: +1-206-266-4064 
RTechEmail: ipmanagement@amazon.com
RTechRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN

RAbuseHandle: ROLEA19-ARIN
RAbuseName: Role Account
RAbusePhone: +1-206-266-4064 
RAbuseEmail: ipmanagement@amazon.com
RAbuseRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN

RNOCHandle: ROLEA19-ARIN
RNOCName: Role Account
RNOCPhone: +1-206-266-4064 
RNOCEmail: ipmanagement@amazon.com
RNOCRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN

The first section contains information about the organization that owns the IP address we were looking for (in this case, one of many owned by Amazon). We also get some identifiers used to identify Amazon.com, Inc. internally from the registry.

The second section contains the address and name of the registrant, Amazon.com, Inc. The URL in the “Ref:” field contains this information in JSON (JavaScript Object Notation) format.

The other sections contain contact information that lets you report problems regarding abuse, network operation, traffic routing and so on.

Use whois in a script

To use whois in a script, let’s assume that we have a set of domains for which we must check the expiration date. We can accomplish this with a small scale script.

Write this in an editor and save it as “get-expiry.sh”:

#!/bin/bash

DOMAIN_LIST="howtogeek.com reviewgeek.com lifesavvy.com cloudsavvyit.com"

echo "Expiration dates:"

for domain in $DOMAIN_LIST
do
  echo -n "$domain :: "
  whois $domain | grep 'Expiration' | awk '{print $5}'
done

Set the script to have executable permissions chmod as shown below:

chmod +x get-expiry.sh

chmod + x get-expiry.sh in a terminal window.

Run the script by calling it by name:

./get-expiry.sh

./get-expiry.sh in a terminal window.

The expiration date for each domain is extracted from the response from whois by using grep to find rows containing the string “Expiration” and use awk to print the fifth object from that row.

RELATED: How to use the awk command on Linux

Convenience and automation

Yes, you can also perform whois lookup online. But with whois The command available in the terminal window and scripts offer convenience, flexibility and allow you to automate part of your workload.




Source link