The whois service

Stephane Bortzmeyer

$Date: 2004-11-25 16:10:39 $

Table of Contents

Why a whois service?
What is whois?
Policy issues with whois
whois software
The future
[Important]Important

whois is often used, not only to describe a very specific service running on TCP port 43, but to describe any kind of interface to get social information about a domain holder or contacts.

We will talk about whois only in its specific meaning here, avoiding the term whois when discussing a Web interface, for instance.

Why a whois service?

The registry holds a lot of social information about the domain names holders and about the contacts: names, postal and email addresses, phone numbers, etc. This information can be distributed to the outside.

The social information has a lot of operational uses: to find the contacts when you have a problem with a domain, for instance. Engineers use it when there is a network problem, anti-spam software use it to gather (not always carefully) email addresses to complain to, etc.

whois or whois-like services are also used by Intellectual Property lawyers, for instance to ask a cybersquatter to desist, or to harass domain names holders, pretending there is a trademark infringment.

What is whois?

whois, as a protocol, is specified in RFC 3912 (RFC means Request For Comments. The RFC are available on the IETF server.). The standard does not specify any policy.

The protocol itself is quite simple and anyone can write a whois client or server in one hour (see the RFC for details). But an useful whois server must do more: it musts connects to the datastore of the registry, in order to retrieve the social information. So, the information served by whois is a subset of the information stored in the database[1]. Here is a possible model, for a whois server whose data store is a relational DBMS:

Figure 1. Model of a whois server

The whois client queries the whois server which in turn queries the database.

This shows that a whois server is only a relay between the client and the data store.


whois works by accepting a request, expressed as a string[2], which typically identifies a domain name (such as example.com) or a person or entity (such as SB164-FRNIC which is a handle, an unique identifier automatically assigned to a person or a group).

In exchange, whois sends back a set of information, very often structured as a list of attribute-values pairs. For instance, "name: Bortzmeyer", "phone: 123 456 789", etc.

The actual output of the whois server depends on the server used: there is no standard of presentation and it is one of the big problems with RFC 3912. Here is the output of whois.nic.fr for a role (a group of persons) of handle HN16-FRNIC : 

role:        Hostmaster Netaktiv
address:     Netaktiv
address:     223, rue de Charenton
address:     75012 Paris
address:     France
phone:       +33 1 40 02 92 22
fax-no:      +33 1 40 02 01 02
e-mail:      hostmaster@netaktiv.com
nic-hdl:     HN16-FRNIC

and here is the output of whois.nic.de for the domain tageszeitung.de: 

domain:      tageszeitung.de
descr:       Koelmel Computer GmbH
descr:       Gutenbergstrasse 1-3
descr:       D-76437 Rastatt
descr:       Germany
nserver:     s15123983.rootmaster.info
nserver:     ns.schlund.de

and here the output of whois.dns.be for the domain ecolo.be: 

Domain:      ecolo
Status:      Registered
Registered:  Fri Jan 12 1996

Licensee:
   Name:     Philippe LESNE
   Company:  ECOLO-CEFE 
   Language: F 
   Address:  Rue du Seminaire 8
             5000 Namur
             Belgium
   Phone:    +32 81 22.78.71
   Fax:      +32 81 23.06.03
   Email:    hostmaster@ecolo.be

Each registry maintains its own whois server. There is no easy way to find out the name of the whois server for a given TLD, although whois.nic.TLD is common. The The Internet-Draft "Using DNS SRV records to locate whois servers" suggests way which is deployed in many European ccTLDs. It is implemented, for instance, in our whois client service.

.com and .net use a different system: the registry is a thin registry meaning that the registry does not hold the social information. Instead, the registrars hold it. Each must have its own whois server. In its reply, the whois server of the registry sends the name of the whois server of the registrar, the client is responsible for following it.

Policy issues with whois

Designing a whois service requires the handling of touchy policy issues. Most are not specific to whois: any registry information service would have the same problem.

whois software

Clients

Many whois clients exist. Since the protocol is so dumb, the client very often tries to be smart and to guess the proper whois server, by a combination of heuristics, hardwired tables, DNS SRV records, etc.

Here is a session with the whois client of the Debian operating system: 

% whois nic.fr

Tous droits reserves par copyright.
Voir http://www.nic.fr/outils/dbcopyright.html
Rights restricted by copyright.
See http://www.nic.fr/outils/dbcopyright.html

domain:      nic.fr
descr:       AFNIC
descr:       Immeuble International
descr:       2, rue Stephenson

And here with a domain in .com (the client follows the referral): 

% whois nic.com

Found a referral to whois.networksolutions.com.
...
Registrant:
NIC (NIC3-DOM)
   637 Wyckoff Ave #294
   Wyckoff, NJ 07430
   US

   Domain Name: NIC.COM

   Administrative Contact, Technical Contact:
      Semonche, Douglas C  (DS69)               dcs@NIC.COM
      637 WYCKOFF AVE # 294
      WYCKOFF, NJ 07481-1438
      US
      (201) 934-1445 fax: 123 123 1234

You can also force the client to go to a specific server: 

% whois -h whois.gandi.net ffti.org
% GANDI Registrar whois database for .COM, .NET, .ORG.
...

domain:         ffti.org
owner-address:  AFNIC NIC-FR
owner-address:  Immeuble International - 2,rue Stephenson - Montigny le Bretonneux
owner-address:  78181
owner-address:  Saint-Quentin-en-Yvelines
owner-address:  France
admin-c:        ANF2-GANDI

Here is an incomplete list of whois clients:

  • Debian whois (GNU whois)

  • RIPE whois

  • WhoisExtract is not a command-line client but a library to parse the various formats of whois servers.

  • Net::Xwhois, in the CPAN, a Perl library to parse the various formats of whois servers.

whois servers

It is very difficult to write a generic whois server since you depend a lot on the local policy and of the schema of the data store. The first two given here have a specific database. The last one, GenericWhois, has a separate backend that is not generic and must be written for each registry:

  • RIPE whois

  • swhoisd

  • GenericWhois, a generic whois server. It separates the front-end, which deals with the whois protocol, network issues, rate limiting, blacklisting, etc, and the back end which is highly registry-specific and deals with the business rules, the interface with the actual data store, etc.

The future

whois is a very old and obsolete protocol. However, no replacement is coming soon. Many attempts have been done: rwhois (RFC 2167, still used by ARIN and promoted by the RWhois project, which distributes a free software), whois++ (RFC 1835), LDAP (RFC 2798), etc. Most of them were failures (not always technical failures).

An IETF Working Group, CRISP (Cross Registry Information Service Protocol, works on a new and improved protocol. The current proposal, IRIS, is based on XML.


[1] You will often meet phrases like “whois database”. They come from the old days where this model was not understood as it is now. In these times, it was common for a registry to have several - and not always synchronized - databases, including one only for the whois service. Some whois servers still work that way.

[2] That string may include several words, some whois servers accept options.

For every question about generic NIC, please ask info@generic-nic.net.

(last rebuild by WML 2.0.11 (19-Aug-2006): Monday 10 November 2008)