Bortzmeyer Stephane $Date: 2004-11-25 16:10:39 $ whois is often used, not only to describe a very specific service running on TCP port 43, but to describe any kind of interface to get social information about a domain holder or contacts. We will talk about whois only in its specific meaning here, avoiding the term whois when discussing a Web interface, for instance.

The registry holds a lot of social information about the domain names holders and about the contacts: names, postal and email addresses, phone numbers, etc. This information can be distributed to the outside. The social information has a lot of operational uses: to find the contacts when you have a problem with a domain, for instance. Engineers use it when there is a network problem, anti-spam software use it to gather (not always carefully) email addresses to complain to, etc. whois or whois-like services are also used by Intellectual Property lawyers, for instance to ask a cybersquatter to desist, or to harass domain names holders, pretending there is a trademark infringment.

whois, as a protocol, is specified in . The standard does not specify any policy. The protocol itself is quite simple and anyone can write a whois client or server in one hour (see the RFC for details). But an useful whois server must do more: it musts connects to the datastore of the registry, in order to retrieve the social information. So, the information served by whois is a subset of the information stored in the databaseYou will often meet phrases like whois database. They come from the old days where this model was not understood as it is now. In these times, it was common for a registry to have several - and not always synchronized - databases, including one only for the whois service. Some whois servers still work that way. . Here is a possible model, for a whois server whose data store is a relational DBMS:

The whois client queries the whois server which in turn queries the database. This shows that a whois server is only a relay between the client and the data store.

whois works by accepting a request, expressed as a stringThat string may include several words, some whois servers accept options. , which typically identifies a domain name (such as example.com) or a person or entity (such as SB164-FRNIC which is a handle, an unique identifier automatically assigned to a person or a group). In exchange, whois sends back a set of information, very often structured as a list of attribute-values pairs. For instance, "name: Bortzmeyer", "phone: 123 456 789", etc. The actual output of the whois server depends on the server used: there is no standard of presentation and it is one of the big problems with . Here is the output of whois.nic.fr for a role (a group of persons) of handle HN16-FRNIC : role: Hostmaster Netaktiv address: Netaktiv address: 223, rue de Charenton address: 75012 Paris address: France phone: +33 1 40 02 92 22 fax-no: +33 1 40 02 01 02 e-mail: hostmaster@netaktiv.com nic-hdl: HN16-FRNIC and here is the output of whois.nic.de for the domain tageszeitung.de: domain: tageszeitung.de descr: Koelmel Computer GmbH descr: Gutenbergstrasse 1-3 descr: D-76437 Rastatt descr: Germany nserver: s15123983.rootmaster.info nserver: ns.schlund.de and here the output of whois.dns.be for the domain ecolo.be: Domain: ecolo Status: Registered Registered: Fri Jan 12 1996 Licensee: Name: Philippe LESNE Company: ECOLO-CEFE Language: F Address: Rue du Seminaire 8 5000 Namur Belgium Phone: +32 81 22.78.71 Fax: +32 81 23.06.03 Email: hostmaster@ecolo.be Each registry maintains its own whois server. There is no easy way to find out the name of the whois server for a given TLD, although whois.nic.TLD is common. The The Internet-Draft "Using DNS SRV records to locate whois servers" suggests way which is deployed in many European ccTLDs. It is implemented, for instance, in our whois client service. .com and .net use a different system: the registry is a thin registry meaning that the registry does not hold the social information. Instead, the registrars hold it. Each must have its own whois server. In its reply, the whois server of the registry sends the name of the whois server of the registrar, the client is responsible for following it.

Designing a whois service requires the handling of touchy policy issues. Most are not specific to whois: any registry information service would have the same problem. Privacy of users: what should we publish? See for instance Privacy Aspects of the NEEDS project, the legal framework in Europe, DIRECTIVE OF THE EUROPEAN PARLIAMENT AND of the council concerning the processing of personal data and the protection of privacy in the electronic communications sector, .name Whois Proposal or ICANN ideas. Correctness of the data: how to ensure it? Legal local rules: what are their consequences?

Many whois clients exist. Since the protocol is so dumb, the client very often tries to be smart and to guess the proper whois server, by a combination of heuristics, hardwired tables, DNS SRV records, etc. Here is a session with the whois client of the Debian operating system: % whois nic.fr Tous droits reserves par copyright. Voir http://www.nic.fr/outils/dbcopyright.html Rights restricted by copyright. See http://www.nic.fr/outils/dbcopyright.html domain: nic.fr descr: AFNIC descr: Immeuble International descr: 2, rue Stephenson And here with a domain in .com (the client follows the referral): % whois nic.com Found a referral to whois.networksolutions.com. ... Registrant: NIC (NIC3-DOM) 637 Wyckoff Ave #294 Wyckoff, NJ 07430 US Domain Name: NIC.COM Administrative Contact, Technical Contact: Semonche, Douglas C (DS69) dcs@NIC.COM 637 WYCKOFF AVE # 294 WYCKOFF, NJ 07481-1438 US (201) 934-1445 fax: 123 123 1234 You can also force the client to go to a specific server: % whois -h whois.gandi.net ffti.org % GANDI Registrar whois database for .COM, .NET, .ORG. ... domain: ffti.org owner-address: AFNIC NIC-FR owner-address: Immeuble International - 2,rue Stephenson - Montigny le Bretonneux owner-address: 78181 owner-address: Saint-Quentin-en-Yvelines owner-address: France admin-c: ANF2-GANDI Here is an incomplete list of whois clients: Debian whois (GNU whois) RIPE whois WhoisExtract is not a command-line client but a library to parse the various formats of whois servers. Net::Xwhois, in the CPAN, a Perl library to parse the various formats of whois servers.

It is very difficult to write a generic whois server since you depend a lot on the local policy and of the schema of the data store. The first two given here have a specific database. The last one, GenericWhois, has a separate backend that is not generic and must be written for each registry: RIPE whois swhoisd GenericWhois, a generic whois server. It separates the front-end, which deals with the whois protocol, network issues, rate limiting, blacklisting, etc, and the back end which is highly registry-specific and deals with the business rules, the interface with the actual data store, etc.

whois is a very old and obsolete protocol. However, no replacement is coming soon. Many attempts have been done: rwhois (, still used by ARIN and promoted by the RWhois project, which distributes a free software), whois++ (), LDAP (), etc. Most of them were failures (not always technical failures). An IETF Working Group, CRISP (Cross Registry Information Service Protocol, works on a new and improved protocol. The current proposal, IRIS, is based on XML.