What is WHOIS?

WHOIS is a standard/protocol that was created with one of the purposes being the storage of information on the ownership of a specific domain. If you need to know who owns a domain or how to contact them, you can query a hosted WHOIS database by submitting a request to one of the WHOIS servers responsible for serving the owner information for a specific TLD (Top Level Domain). Examples of common TLDs are .com, .net, .org. There are also designated country TLDs and TLDs for other purposes. You can see a detailed list on Wikipedia.

You can perform WHOIS lookups via online web utilities or more commonly, through the use of the Unix JWhois client, which comes installed on most Linux distributions and OS X. If you would like to use the client and primarily use Windows, you can use Cygwin and choose the 'whois' package as part of the installation process.

How does my client know what WHOIS server to query?

For the most part, the client knows which server to use based on static configuration, where each TLD has a server to perform WHOIS lookups towards. For JWhois, there would be a block of configuration in the jwhois.conf global configuration file under the whois-servers section, where you specify the TLD(s) using regular expressions followed by the given server for that TLD match. Examples:

"\\.com$" = "whois.verisign-grs.com";
"\\.edu$" = "whois.educause.edu";
"\\.gov$" = "whois.nic.gov";

However, with the increasing number of TLDs, it is not scalable to have all these mappings in a local configuration file. Of course, the client fails back to a default WHOIS server to query, in case there is no mapping for a given uncommon TLD but this will fail if the information requested does not exist on that server. So for a new TLD, WHOIS lookups for that TLD will likely fail on any fresh whois installation and most online WHOIS web clients out there without manual WHOIS server specification.

Querying uncommon TLDs

Luckily the JWhois client allows you to also specify the server that you want to query for a given lookup but you would need to know of this server beforehand. The Internet Assigned Numbers Authority (IANA) maintains a database of information for each TLD, served conveniently to you on this web page. Each page will give you a load of information on that specific TLD, including the WHOIS server. So querying a specific domain name using the Unix JWhois client would look like this for the 'bingo' TLD (using the -h flag to specify a specific WHOIS server):

$ whois -h whois.donuts.co example.bingo
[Querying whois.donuts.co]
(.. Omitting query results ..)

One step further: automating the WHOIS server lookup

When browsing the IANA Root Zone Database, I noticed that the URIs for all of the TLDs used the same format; "/domains/root/db/(TLD_HERE).html". This allows for easy web scraping, using a simple script.

I wrote a Python script, 'Phois', that takes a domain argument as JWhois does. However unlike JWhois which checks the domain name against its configuration file for the WHOIS server, Phois strips the TLD from the query, caches the IANA page for that TLD, scrapes the WHOIS server from there, then performs a normal WHOIS lookup but by specifying the WHOIS server to perform the lookup on. You can find this Phois script on my GitHub and can simply git clone it and pip install. Alternatively, you can throw it in your "/usr/bin" directory or another executable directory in the $PATH on your machine as long as you have the Python pre-reqs installed (don't forget to make the script executable; chmod +x). It works like so:

$ phois watermelon.ninja
[Querying whois.unitedtld.com]
[whois.unitedtld.com]
(.. Omitting query results ..)

Let me know what you think!