HOME

TheInfoList



OR:

WHOIS (pronounced as the phrase "who is") is a query and response
protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technology ...
that is widely used for querying
database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases ...
s that store the registered users or assignees of an
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, p ...
resource, such as a
domain name A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. As ...
, an
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
block or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.RFC 3912, ''WHOIS Protocol Specification'', L. Daigle (September 2004) The current iteration of the WHOIS protocol was drafted by the
Internet Society The Internet Society (ISOC) is an American nonprofit advocacy organization founded in 1992 with local chapters around the world. Its mission is "to promote the open development, evolution, and use of the Internet for the benefit of all people ...
, and is documented in . Whois is also the name of the command-line utility on most
UNIX Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, ...
systems used to make WHOIS protocol queries. In addition WHOIS has a sister protocol called ''Referral Whois'' ( RWhois).


History

Elizabeth Feinler Elizabeth Jocelyn "Jake" Feinler (born March 2, 1931) is an American information scientist. From 1972 until 1989 she was director of the Network Information Systems Center at the Stanford Research Institute (SRI International). Her group operate ...
and her team (who had created the Resource Directory for
ARPANET The Advanced Research Projects Agency Network (ARPANET) was the first wide-area packet-switched network with distributed control and one of the first networks to implement the TCP/IP protocol suite. Both technologies became the technical fou ...
) were responsible for creating the first WHOIS directory in the early 1970s. Feinler set up a server in Stanford's Network Information Center (NIC) which acted as a directory that could retrieve relevant information about people or entities. She and the team created domains, with Feinler's suggestion that domains be divided into categories based on the physical address of the computer. The process of registration was established in . WHOIS was standardized in the early 1980s to look up domains, people, and other resources related to domain and number registrations. As all registration was done by one organization at that time, one centralized server was used for WHOIS queries. This made looking up such information very easy. At the time of the emergence of the internet from the ARPANET, the only organization that handled all domain registrations was the Defense Advanced Research Projects Agency (DARPA) of the United States government (created during 1958.). Responsibility of domain registration remained with DARPA as the ARPANET became the Internet during the 1980s. UUNET began offering domain registration service; however, they simply handled the paperwork which they forwarded to the DARPA Network Information Center (NIC). Then the
National Science Foundation The National Science Foundation (NSF) is an independent agency of the United States government that supports fundamental research and education in all the non-medical fields of science and engineering. Its medical counterpart is the National ...
directed that management of Internet domain registration would be handled by commercial, third-party entities.
InterNIC The Network Information Center (NIC), also known as InterNIC from 1993 until 1998, was the organization primarily responsible for Domain Name System (DNS) domain name allocations and X.500 directory services. From its inception in 1972 until O ...
was formed in 1993 under contract with the NSF, consisting of Network Solutions, Inc.,
General Atomics General Atomics is an American energy and defense corporation headquartered in San Diego, California, specializing in research and technology development. This includes physics research in support of nuclear fission and nuclear fusion energy. Th ...
and
AT&T AT&T Inc. is an American multinational telecommunications holding company headquartered at Whitacre Tower in Downtown Dallas, Texas. It is the world's largest telecommunications company by revenue and the third largest provider of mobile te ...
. The General Atomics contract was canceled after several years due to performance issues. 20th century WHOIS servers were highly permissive and would allow wild-card searches. A WHOIS query of a person's last name would yield all individuals with that name. A query with a given keyword returned all registered domains containing that keyword. A query for a given administrative contact returned all domains the administrator was associated with. Since the advent of the commercialized Internet, multiple registrars and unethical spammers, such permissive searching is no longer available. On December 1, 1999, management of the
top-level domain A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the root zone of the name space. For all domains in ...
s (TLDs) , , and was assigned to ICANN. At the time, these TLDs were converted to a thin WHOIS model. Existing WHOIS clients stopped working at that time. A month later, it had self-detecting
Common Gateway Interface In computing, Common Gateway Interface (CGI) is an interface specification that enables web servers to execute an external program, typically to process user requests. Such programs are often written in a scripting language and are commonly re ...
support so that the same program could operate a web-based WHOIS lookup, and an external TLD table to support multiple WHOIS servers based on the TLD of the request. This eventually became the model of the modern WHOIS client. By 2005, there were many more generic top-level domains than there had been in the early 1980s. There are also many more country-code top-level domains. This has led to a complex network of domain name registrars and registrar associations, especially as the management of Internet infrastructure has become more internationalized. As such, performing a WHOIS query on a domain requires knowing the correct, authoritative WHOIS server to use. Tools to do WHOIS domain searches have become common and are offered by providers such as IONOS and Namecheap.


CRISP and IRIS

In 2003, an
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
committee was formed to create a new standard for looking up information on domain names and network numbers: Cross Registry Information Service Protocol (CRISP). Between January 2005 and July 2006, the working name for this proposed new standard was
Internet Registry Information Service The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
(IRIS) The initial IETF Proposed Standards RFCs for IRIS are: * 3981 - * 3982 - * 3983 - * 4992 - The status of RFCs this group worked on can be found on th
IETF Tools site
As of March 2009, the CRISP IETF Working Group concluded, after a final RFC 5144 was published by the group . Note: The IETF CRISP working group is not to be confused with the Number Resource Organization's (NRO) Team of the same name "Consolidated RIR IANA Stewardship Proposal Team" (CRISP Team).


WEIRDS and RDAP

In 2013, the IETF acknowledged that IRIS had not been a successful replacement for WHOIS. The primary technical reason for that appeared to be the complexity of IRIS. Further, non-technical reasons were deemed to lie in areas upon which the IETF does not pass judgment. Meanwhile, ARIN and
RIPE NCC RIPE NCC (''Réseaux IP Européens'' Network Coordination Centre) is the regional Internet registry (RIR) for Europe, the Middle East and parts of Central Asia. Its headquarters are in Amsterdam, Netherlands, with a branch office in Dubai, UAE. ...
managed to serve WHOIS data via RESTful web services. The charter (drafted in February 2012) provided for separate specifications, for number registries first and for name registries to follow. The working group produced five proposed standard documents: * 7480 - * 7481 - * 7482 - * 7483 - * 7484 - and an informational document: * 7485 -


Protocol

The WHOIS protocol had its origin in the ARPANET ''NICNAME protocol'' and was based on the ''NAME/FINGER Protocol'', described in (1977). The NICNAME/WHOIS protocol was first described in in 1982 by Ken Harrenstien and Vic White of the Network Information Center at
SRI International SRI International (SRI) is an American nonprofit scientific research institute and organization headquartered in Menlo Park, California. The trustees of Stanford University established SRI in 1946 as a center of innovation to support economic ...
. WHOIS was originally implemented on the Network Control Protocol (NCP) but found its major use when the
TCP/IP The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suit ...
suite was standardized across the ARPANET and later the Internet. The protocol specification is the following (original quote):
Connect to the service host
   TCP: service port 43 decimal
   NCP: ICP to socket 43 decimal, establishing two 8-bit connections
Send a single "command line", ending with .
Receive information in response to the command line.  The
server closes its connections as soon as the output is
finished.
The ''command line'' server query is normally a single name specification. i.e. the name of a resource. However, servers accept a query, consisting of only the question mark (?) to return a description of acceptable command line formats. Substitution or ''wild-card'' formats also exist, e.g., appending a
full-stop The full stop (Commonwealth English), period (North American English), or full point , is a punctuation mark. It is used for several purposes, most often to mark the end of a declarative sentence (as distinguished from a question or exclamation ...
(period) to the query name returns all entries beginning with the query name. On the modern Internet, WHOIS services are typically communicated using the
Transmission Control Protocol The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly ...
(TCP). Servers listen to requests on the well-known
port number In computer networking, a port is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service. At the software level, within an operating system, a port is a logical construct that identifies a specific ...
43. Clients are simple applications that establish a communications channel to the server, transmit a text record with the name of the resource to be queried and await the response in form of a sequence of text records found in the database. This simplicity of the protocol also permits an application, and a command line interface user, to query a WHOIS server using the
Telnet Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control i ...
protocol.


Augmentations

In 2014, June ICANN published the recommendation for status codes, the "Extensible Provisioning Protocol (EPP) domain status codes"


Implementation

WHOIS lookups were traditionally performed with a
command line interface A command-line interpreter or command-line processor uses a command-line interface (CLI) to receive commands from a user in the form of lines of text. This provides a means of setting parameters for the environment, invoking executables and pro ...
application, but now many alternative web-based tools exist. A WHOIS database consists of a set of text records for each resource. These text records consists of various items of information about the resource itself, and any associated information of assignees, registrants, administrative information, such as creation and expiration dates. Two data models exist for storing resource information in a WHOIS database, the ''thick'' and the ''thin'' model.


Thin and thick lookups

WHOIS information can be stored and looked up according to either a ''thick'' or a ''thin'' data model: ; Thick: A Thick WHOIS server stores the complete WHOIS information from all the registrars for the particular set of data (so that one WHOIS server can respond with WHOIS information on all
.org The domain name .org is a generic top-level domain (gTLD) of the Domain Name System (DNS) used on the Internet. The name is truncated from ''organization''. It was one of the original domains established in 1985, and has been operated by th ...
domains, for example). ; Thin: A Thin WHOIS server stores only the name of the WHOIS server of the registrar of a domain, which in turn has the full details on the data being looked up (such as the
.com The domain name .com is a top-level domain (TLD) in the Domain Name System (DNS) of the Internet. Added at the beginning of 1985, its name is derived from the word ''commercial'', indicating its original intended purpose for domains registere ...
WHOIS servers, which refer the WHOIS query to the registrar where the domain was registered). The thick model usually ensures consistent data and slightly faster queries, since only one WHOIS server needs to be contacted. If a registrar goes out of business, a thick registry contains all important information (if the registrant entered correct data, and privacy features were not used to obscure the data) and registration information can be retained. But with a thin registry, the contact information might not be available, and it could be difficult for the rightful registrant to retain control of the domain. If a WHOIS client did not understand how to deal with this situation, it would display the full information from the registrar. Unfortunately, the WHOIS protocol has no standard for determining how to distinguish the thin model from the thick model. Specific details of which records are stored vary among
domain name registries Domain may refer to: Mathematics *Domain of a function, the set of input values for which the (total) function is defined **Domain of definition of a partial function **Natural domain of a partial function **Domain of holomorphy of a function * Do ...
. Some
top-level domain A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the root zone of the name space. For all domains in ...
s, including and , operate a thin WHOIS, requiring domain registrars to maintain their own customers' data. The other global top-level registries, including , operate a thick model. Each country-code top-level registry has its own national rules.


Software

The first applications written for the WHOIS information system were
command-line interface A command-line interpreter or command-line processor uses a command-line interface (CLI) to receive commands from a user in the form of lines of text. This provides a means of setting parameters for the environment, invoking executables and pro ...
tools for
Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...
and
Unix-like A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
operating systems (i.e. Solaris, Linux etc.). WHOIS client and server software is distributed as free
open-source software Open-source software (OSS) is computer software that is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose. Op ...
and binary distributions are included with all
Unix-like A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
systems. Various commercial Unix implementations may use a proprietary implementation (for example,
Solaris Solaris may refer to: Arts and entertainment Literature, television and film * ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem ** ''Solaris'' (1968 film), directed by Boris Nirenburg ** ''Solaris'' (1972 film), directed by ...
7). A WHOIS command line client passes a phrase given as an argument directly to the WHOIS server. Various free open source examples can still be found on sites such as sourceforge.net. However, most modern WHOIS tools implement command line flags or options, such as the -h option to access a specific server host, but default servers are preconfigured. Additional options may allow control of the
port number In computer networking, a port is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service. At the software level, within an operating system, a port is a logical construct that identifies a specific ...
to connect on, displaying additional debugging data, or changing recursion/referral behavior. Like most TCP/IP client–server applications, a WHOIS client takes the user input and then opens an
Internet socket The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
to its destination server. The WHOIS protocol manages the transmission of the query and reception of results.


Web

With the advent of the
World Wide Web The World Wide Web (WWW), commonly known as the Web, is an information system enabling documents and other web resources to be accessed over the Internet. Documents and downloadable media are made available to the network through web se ...
and especially the loosening up of the Network Solutions monopoly, looking up WHOIS information via the web has become quite common. At present, popular web-based WHOIS-queries may be conducted from ARIN,
RIPE Réseaux IP Européens (RIPE, French for "European IP Networks") is a forum open to all parties with an interest in the technical development of the Internet. The RIPE community's objective is to ensure that the administrative and technical coor ...
and
APNIC APNIC (the Asia Pacific Network Information Centre) is the regional Internet address registry ( RIR) for the Asia-Pacific region. It is one of the world's five RIRs and is part of the Number Resource Organization ( NRO). APNIC provides numb ...
. Most early web-based WHOIS clients were merely front-ends to a command-line client, where the resulting output just gets displayed on a web page with little, if any, clean-up or formatting. Currently, web based WHOIS clients usually perform the WHOIS queries directly and then format the results for display. Many such clients are proprietary, authored by domain name registrars. The need for web-based clients came from the fact that command-line WHOIS clients largely existed only in the Unix and large computing worlds.
Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
and Macintosh computers had no WHOIS clients installed by default, so registrars had to find a way to provide access to WHOIS data for potential customers. Many end-users still rely on such clients, even though command line and graphical clients exist now for most home PC platforms. Microsoft provides th
Sysinternals Suite
that includes a whois client at no cost.
CPAN The Comprehensive Perl Archive Network (CPAN) is a repository of over 250,000 software modules and accompanying documentation for 39,000 distributions, written in the Perl programming language by over 12,000 contributors. ''CPAN'' can denote eit ...
has several
Perl Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages. "Perl" refers to Perl 5, but from 2000 to 2019 it also referred to its redesigned "sister language", Perl 6, before the latter's name was offici ...
modules available that work with WHOIS servers. Many of them are not current and do not fully function with the current (2005) WHOIS server infrastructure. However, there is still much useful functionality to derive including looking up AS numbers and registrant contacts.


Servers

WHOIS services are mainly run by registrars and registries; for example the
Public Interest Registry Public Interest Registry is a not-for-profit based in Reston, Virginia, created by the Internet Society in 2002 to manage the .ORG top-level domain. It took over operation of .ORG in January 2003 and launched the .NGO and .ONG top-level domains in ...
(PIR) maintains the .ORG registry and associated WHOIS service.


Regional Internet registries

WHOIS servers operated by
regional Internet registries A regional Internet registry (RIR) is an organization that manages the allocation and registration of Internet number resources within a region of the world. Internet number resources include IP addresses and autonomous system (AS) numbers. ...
(RIR) can be queried directly to determine the
Internet service provider An Internet service provider (ISP) is an organization that provides services for accessing, using, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, non-profit, or otherwise private ...
responsible for a particular resource. The records of each of these registries are cross-referenced, so that a query to ARIN for a record which belongs to
RIPE Réseaux IP Européens (RIPE, French for "European IP Networks") is a forum open to all parties with an interest in the technical development of the Internet. The RIPE community's objective is to ensure that the administrative and technical coor ...
will return a placeholder pointing to the RIPE WHOIS server. This lets the WHOIS user making the query know that the detailed information resides on the RIPE server. In addition to the RIRs servers, commercial services exist, such as the
Routing Assets Database The Routing Assets Database (RADb), formerly known as the Routing Arbiter Database is a public database in which the operators of Internet networks publish authoritative declarations of routing policy for their Autonomous System (AS) which are, in ...
used by some large networks (e.g., large Internet providers that acquired other ISPs in several RIR areas).


Server discovery

There is currently no widely extended way for determining the responsible WHOIS server for a DNS domain, though a number of methods are in common use for
top-level domain A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the root zone of the name space. For all domains in ...
s (TLDs). Some registries use DNS SRV records (defined in RFC 2782) to allow clients to discover the address of the WHOIS server. Some WHOIS lookups require searching the procuring domain registrar to display domain owner details.


Query example

Normally the contact information of the resources assignee is returned. However, some registrars offer private registration, in which case the contact information of the registrar is shown instead. Some registry operators are wholesalers, meaning that they typically provide domain name services to a large number of retail registrars, who in turn offer them to consumers. For private registration, only the identity of the wholesale registrar may be returned. In this case, the identity of the individual as well as the retail registrar may be hidden. Below is an example of WHOIS data returned for an individual resource holder. This is the result of a WHOIS query of
example.com The domain names example.com, example.net, example.org, and example.edu are second-level domain names in the Domain Name System of the Internet. They are reserved by the Internet Assigned Numbers Authority (IANA) at the direction of the Internet ...
: whois example.com uerying whois.verisign-grs.com edirected to whois.iana.org uerying whois.iana.org hois.iana.org% IANA WHOIS server % for more information on IANA, visit http://www.iana.org % This query returned 1 object domain: EXAMPLE.COM organisation: Internet Assigned Numbers Authority created: 1992-01-01 source: IANA


Referral Whois

Referral Whois (RWhois) is an extension of the original Whois protocol and service. RWhois extends the concepts of Whois in a scalable, hierarchical fashion, potentially creating a system with a tree-like architecture. Queries are deterministically routed to servers based on hierarchical labels, reducing a query to the primary repository of information. Lookups of IP address allocations are often limited to the larger
Classless Inter-Domain Routing Classless Inter-Domain Routing (CIDR ) is a method for allocating IP addresses and for IP routing. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous classful network addressing architecture on the Internet. Its g ...
(CIDR) blocks (e.g., /24, /22, /16), because usually only the
regional Internet registries A regional Internet registry (RIR) is an organization that manages the allocation and registration of Internet number resources within a region of the world. Internet number resources include IP addresses and autonomous system (AS) numbers. ...
(RIRs) and
domain registrars A domain name registrar is a company that manages the reservation of Internet domain names. A domain name registrar must be accredited by a generic top-level domain (gTLD) registry or a country code top-level domain (ccTLD) registry. A registra ...
run RWhois or Whois servers, although RWhois is intended to be run by even smaller
local Internet registries A regional Internet registry (RIR) is an organization that manages the allocation and registration of Internet number resources within a region of the world. Internet number resources include IP addresses and autonomous system (AS) numbers. ...
, to provide more granular information about IP address assignment. RWhois is intended to replace Whois, providing an organized hierarchy of referral services where one could connect to any RWhois server, request a look-up and be automatically re-directed to the correct server(s). However, while the technical functionality is in place, adoption of the RWhois standard has been weak. RWhois services are typically communicated using the
Transmission Control Protocol The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly ...
(TCP). Servers listen to requests on the well-known
port number In computer networking, a port is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service. At the software level, within an operating system, a port is a logical construct that identifies a specific ...
4321. Rwhois was first specified in in 1994 by Network Solutions, but the specification was superseded in 1997 by . The referral features of RWhois are different than the feature of a Whois server to refer responses to another server, which RWhois also implements.


Criticism

One criticism of WHOIS is the lack of full access to the data. Few parties have realtime access to the complete databases. Others cite the competing goal of
domain privacy Domain privacy (often called Whois privacy) is a service offered by a number of domain name registrars. A user buys privacy from the company, who in turn replaces the user's information in the WHOIS with the information of a forwarding service (for ...
as a criticism, although this problem is strongly mitigated by domain privacy services. Currently, the ''Internet Corporation for Assigned Names and Numbers'' ( ICANN) broadly requires that the
mail The mail or post is a system for physically transporting postcards, letter (message), letters, and parcel (package), parcels. A postal service can be private or public, though many governments place restrictions on private systems. Since the mid ...
ing
address An address is a collection of information, presented in a mostly fixed format, used to give the location of a building, apartment, or other structure or a plot of land, generally using political boundaries and street names as references, along ...
,
phone number A telephone number is a sequence of digits assigned to a landline telephone subscriber station connected to a telephone line or to a wireless electronic telephony device, such as a radio telephone or a mobile telephone, or to other devices f ...
and
e-mail address An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineer ...
of those owning or administering a domain name to be made publicly available through the "WHOIS" directories. The registrant's (domain owner's) contact details, such as address and telephone number, are easily accessible to anyone who queries a WHOIS server. However, that policy enables spammers, direct marketers, identity thieves or other attackers to loot the directory for personal information about these people. Although ICANN has been exploring changing WHOIS to enable greater privacy, there is a lack of consensus among major stakeholders as to what type of change should be made. Some domain registrars offer private registrations (also known as domain privacy), by which the contact information of the registrar is shown instead of the customer's. With the offer of private registration from many registrars, some of the risk has been mitigated. Studies have shown that spammers can and do harvest plain-text email addresses from WHOIS servers."SAC 023: Is the WHOIS Service a Source for email Addresses for Spammers?"
ICANN Security and Stability Advisory Committee, October 2007
For this reason, some WHOIS servers and websites offering WHOIS queries have implemented rate-limiting systems, such as web-based
CAPTCHA A CAPTCHA ( , a contrived acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart") is a type of challenge–response test used in computing to determine whether the user is human. The term was coined in 2003 b ...
and limited amounts of search queries per user
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
. The WHOIS requirements conflict with the General Data Protection Regulation (GDPR), effective in the European Union 25 May 2018, which places strict regulations on the processing and publication of personally identifiable information. ICANN stated in November 2017 that it would not reprimand "noncompliance with contractual obligations related to the handling of registration data" if registrars provide alternative solutions for compliance with its rules, until the WHOIS requirements are updated to take GDPR into account. The WHOIS protocol was not written with an international audience in mind. A WHOIS server and/or client cannot determine the text encoding in effect for the query or the database content. Many servers were originally using US-
ASCII ASCII ( ), abbreviated from American Standard Code for Information Interchange, is a character encoding standard for electronic communication. ASCII codes represent text in computers, telecommunications equipment, and other devices. Because of ...
and Internationalization concerns were not taken into consideration until much later. This might impact the usability or usefulness of the WHOIS protocol in countries outside the USA. In the case of
internationalized domain names An internationalized domain name (IDN) is an Internet domain name that contains at least one label displayed in software applications, in whole or in part, in non-latin script or alphabet, such as Arabic, Bengali, Chinese (Mandarin, simplified ...
it is the responsibility of the client application to perform the translation of the domain name between its native language script and the DNS name in
punycode Punycode is a representation of Unicode with the limited ASCII character subset used for Internet hostnames. Using Punycode, host names containing Unicode characters are transcoded to a subset of ASCII consisting of letters, digits, and hyphens, wh ...
.


Accuracy of information

In cases where the registrant's (Domain Owner) identity is public, anyone can easily confirm the status of a domain via WHOIS. In the case of private registrations, ascertaining registration information may be more difficult. If a registrant, who acquired a domain name, wants to verify the registrar has completed the registration process, three steps may be required: # Perform a WHOIS and confirm that the resource is at least registered with ICANN, # Determine the name of the wholesale registrar, and # Contact the wholesaler and obtain the name of the retail registrar. This provides some confidence that the retailer actually registered the name. But if the registrar goes out of business, as with the failure of
RegisterFly RegisterFly was a New Jersey (U.S.) based internet hosting and domain name registrar that had their ICANN-accredited status terminated in March 2007.ICANN BloFAQs for RegisterFly customers April 3, 2007 History RegisterFly formerly acted as a r ...
in 2007, the rightful domain holder with privacy-protected registrations may have difficulty regaining the administration of their domain name. Registrants using "private registration" can attempt to protect themselves by using a registrar that places customer data in escrow with a third party. ICANN requires that every registrant of a domain name be given the opportunity to correct any inaccurate contact data associated with their domain. For this reason, registrars are required to periodically send the holder the contact information on record for verification, but they do not provide any guarantee about the accuracy of information if the registrant provided inaccurate information.


Law and policy

WHOIS has generated policy issues in the United States federal government. As noted above, WHOIS creates a
privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...
issue which is also tied to
free speech Freedom of speech is a principle that supports the freedom of an individual or a community to articulate their opinions and ideas without fear of retaliation, censorship, or legal sanction. The right to freedom of expression has been recog ...
and
anonymity Anonymity describes situations where the acting person's identity is unknown. Some writers have argued that namelessness, though technically correct, does not capture what is more centrally at stake in contexts of anonymity. The important idea he ...
. However, WHOIS is an important tool for law enforcement officers investigating violations like
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...
and
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
to track down the holders of domain names. As a result, law enforcement agencies have sought to make WHOIS records both open and verified: *The
Federal Trade Commission The Federal Trade Commission (FTC) is an independent agency of the United States government whose principal mission is the enforcement of civil (non-criminal) antitrust law and the promotion of consumer protection. The FTC shares jurisdiction ov ...
has testified about how inaccurate WHOIS records thwart their investigations. *Congressional hearings have been conducted about the importance of WHOIS in 2001, 2002 and 2006. *The ''Fraudulent Online Identity Sanctions Act'' "make it a violation of trademark and copyright law if a person knowingly provided, or caused to be provided, materially false contact information in making, maintaining, or renewing the registration of a domain name used in connection with the violation," where the latter "violation" refers to a prior violation of trademark or copyright law. The act does not make the submission of false WHOIS data illegal in itself, only if used to shield oneself from prosecution for crimes committed using that domain name.


ICANN proposal to abolish WHOIS

The Expert Working Group (EWG) of the Internet Corporation for Assigned Names and Numbers ( ICANN) recommended on 24 June 2013 that WHOIS should be scrapped. It recommends that WHOIS be replaced with a system that keeps information secret from most Internet users, and only discloses information for "permissible purposes". ICANN's list of permissible purposes includes domain-name research, domain-name sale and purchase, regulatory enforcement, personal data protection, legal actions, and abuse mitigation. Although WHOIS has been a key tool of journalists in determining who was disseminating certain information on the Internet, the use of WHOIS by the free press is not included in ICANN's proposed list of permissible purposes. The EWG collected public input on the initial report until 13 September 2013. Its final report was issued on 6 June 2014, without meaningful changes to the recommendations. , ICANN is in the "process of re-inventing WHOIS," working on "ICANN WHOIS Beta."


Standards documents

* – NICNAME/WHOIS (1982, obsolete) * – NICNAME/WHOIS (1985, obsolete) * – WHOIS protocol specification (2004, current)


See also

*
Domain name registry A domain name registry is a database of all domain names and the associated registrant information in the top level domains of the Domain Name System (DNS) of the Internet that enables third party entities to request administrative control of a do ...
*
Regional Internet registry A regional Internet registry (RIR) is an organization that manages the allocation and registration of Internet number resources within a region of the world. Internet number resources include IP addresses and autonomous system (AS) numbers. ...
*
Routing Assets Database The Routing Assets Database (RADb), formerly known as the Routing Arbiter Database is a public database in which the operators of Internet networks publish authoritative declarations of routing policy for their Autonomous System (AS) which are, in ...
*
Routing Policy Specification Language The Routing Policy Specification Language (RPSL) is a language commonly used by Internet Service Providers to describe their routing policies. The routing policies are stored at various whois databases including RIPE, RADB and APNIC. ISPs (using a ...
*
Shared Whois Project The Shared Whois Project (SWIP) is the process used to submit, maintain and update information to ensure up-to-date and efficient maintenance of WHOIS records, as structured in RFC 1491. The process updates WHOIS to contain information regarding w ...
* Registration Data Access Protocol


References


Sources

*


External links


IANA WHOIS Service

The Internet Corporation for Assigned Names and Numbers

The Internet Assigned Numbers Authority

XML Whois Server list

ICANN Whois Inaccuracy Complaint Form

Whois status codes
{{DEFAULTSORT:Whois Internet protocols Internet Standards