Using the whois Command on Linux: A Comprehensive Guide

Using the whois Command on Linux: A Comprehensive Guide

Discover the power of the whois command on Linux! Unearth ownership details of internet domains effortlessly through your command line Harness the potential of whois for domain names, IP addresses, and automation Install whois today and delve into the world of convenience and information

Some Noticeable Information

The domain ownership details and information about domain owners are stored within the whois system. The registration and ownership of domain names are overseen by the Internet Corporation for Assigned Names and Numbers (ICANN). However, the actual records are managed by various registries, which are separate entities.

"A whois record includes contact information for the registrant (owner) and the registrar (organization that registered the domain name), as well as the registration date, last update, and expiration date.

With the Linux whois command, you can perform lookups directly from the command line, which is useful for systems without a graphical user interface or for shell scripts. The command can be installed on Ubuntu, Fedora, and Manjaro using specific commands provided."

Rewritten version:

"A whois record contains contact details of both the registrant (owner) and the registrar (the organization responsible for registering the domain name), along with information about the registration date, last update, and expiration date.

By utilizing the Linux whois command, you can directly conduct lookups through the command line, making it valuable for systems lacking graphical user interfaces or to incorporate into shell scripts. To install the command, you can utilize specific commands provided for Ubuntu, Fedora, and Manjaro."

A whois lookup will tell you a lot of information about who owns an internet domain. On Linux, you can run whois lookups from the command line. We'll walk you through it.

The whois System

The whois system comprises records that provide information about domain ownership and owners. The Internet Corporation for Assigned Names and Numbers (ICANN) governs domain name registration and ownership, while multiple companies, known as registries, maintain the list of records.

Accessing the list of records is open to anyone. Upon querying, a registry will process your request and provide relevant details from the corresponding whois record.

Before we go any further, it's important that you're familiar with the following terms:

Registry: A company that manages a list containing a set of domain names (there are many of these).

Registrant: The legal owner of the domain; it's registered to this person.

Registrar: A registrant uses a registrar to make his or her registration.

The contact information of the individual, company, or entity that registered the domain name is included in a whois record. The level of information varies among registrations and different registries may provide varying amounts of information.

The following details are usually found in a typical whois record:

The name and contact information of the registrant: The owner of the domain.

The name and contact information of the registrar: The organization that registered the domain name.

The registration date.

When the information was last updated.

The expiry date.

You have the option to make whois requests online, but using the Linux whois command, you can carry out lookups directly from the command line. This is advantageous when conducting a lookup from a computer lacking a graphical user interface or when doing so from a shell script.

Installing whois

The whois command was already installed on Ubuntu 20.04. If you need to install it on your version of Ubuntu, you can do so with the following command:

sudo apt-get install whois

Using the whois Command on Linux: A Comprehensive Guide

On Fedora, use the command below:

sudo dnf install whois

Using the whois Command on Linux: A Comprehensive Guide

And finally, on Manjaro, type the following:

sudo pacman -Syu whois

Using the whois Command on Linux: A Comprehensive Guide

Using whois with a Domain Name

You can use the whois command with domain names or Internet Protocol (IP) addresses. A slightly different set of information is returned for each of these.

We'll use a domain name for our first example:

whois cnn.com

Using the whois Command on Linux: A Comprehensive Guide

The whois registry response begins with a concise summary before providing additional details. Below is an example that excludes trademark statements and terms of use:

Using the whois Command on Linux: A Comprehensive Guide

Domain Name: CNN.COM

Registry Domain ID: 3269879_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.corporatedomains.com

Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html

Updated Date: 2018-04-10T16:43:38Z

Creation Date: 1993-09-22T04:00:00Z

Registry Expiry Date: 2026-09-21T04:00:00Z

Registrar: CSC Corporate Domains, Inc.

Registrar IANA ID: 299

Registrar Abuse Contact Email: domainabuse@cscglobal.com

Registrar Abuse Contact Phone: 8887802723

Domain Status: clientTransferProhibited

Domain Status: serverDeleteProhibited

Domain Status: serverTransferProhibited

Domain Status: serverUpdateProhibited

Name Server: NS-1086.AWSDNS-07.ORG

Name Server: NS-1630.AWSDNS-11.CO.UK

Name Server: NS-47.AWSDNS-05.COM

Name Server: NS-576.AWSDNS-08.NET

DNSSEC: unsigned

The Internet Assigned Numbers Authority (IANA) is responsible for overseeing and coordinating various aspects including top-level Domain Name System zones, IP protocol addressing systems, and the list of registries. The specific registry being referred to in this context is identified as "IANA ID: 299."

The "domain status" lines indicate the current state of the domain, which can exist in multiple states simultaneously. These states are defined within the Extensible Provisioning Protocol framework. While some of these states are infrequently encountered, others are limited to specific scenarios such as legal disputes.

The following states are attached to this registration:

clientTransferProhibited: The domain's registry will reject requests to transfer the domain from the current registrar to another.

serverDeleteProhibited: The domain cannot be deleted.

serverTransferProhibited: The domain cannot be transferred to another registrar.

serverUpdateProhibited: The domain is not permitted to undergo any updates.

The last three restrictions are typically implemented either when specifically requested by the registrant or during an ongoing legal dispute. In the case of CNN, it is likely that they requested these restrictions in order to secure and protect their domain.

"!DNSSEC" refers to Domain Name System Security Extensions, a system that enables a DNS name resolver to verify, through cryptographic means, the authenticity and integrity of the data obtained from the DNS zone, ensuring that it has not been altered or compromised.

Domain Name: cnn.com

Registry Domain ID: 3269879_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.corporatedomains.com

Registrar URL: www.cscprotectsbrands.com

Updated Date: 2018-04-10T16:43:38Z

Creation Date: 1993-09-22T04:00:00Z

Registrar Registration Expiration Date: 2026-09-21T04:00:00Z

Registrar: CSC CORPORATE DOMAINS, INC.

Registrar IANA ID: 299

Registrar Abuse Contact Email: domainabuse@cscglobal.com

Registrar Abuse Contact Phone: +1.8887802723

Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited

Domain Status: serverDeleteProhibited http://www.icann.org/epp#serverDeleteProhibited

Domain Status: serverTransferProhibited http://www.icann.org/epp#serverTransferProhibited

Domain Status: serverUpdateProhibited http://www.icann.org/epp#serverUpdateProhibited

Registry Registrant ID:

Registrant Name: Domain Name Manager

Registrant Organization: Turner Broadcasting System, Inc.

Registrant Street: One CNN Center

Registrant City: Atlanta

Registrant State/Province: GA

Registrant Postal Code: 30303

Registrant Country: US

Registrant Phone: +1.4048275000

Registrant Phone Ext:

Registrant Fax: +1.4048271995

Registrant Fax Ext:

Registrant Email: tmgroup@turner.com

Registry Admin ID:

Admin Name: Domain Name Manager

Admin Organization: Turner Broadcasting System, Inc.

Admin Street: One CNN Center

Admin City: Atlanta

Admin State/Province: GA

Admin Postal Code: 30303

Admin Country: US

Admin Phone: +1.4048275000

Admin Phone Ext:

Admin Fax: +1.4048271995

Admin Fax Ext:

Admin Email: tmgroup@turner.com

Registry Tech ID:

Tech Name: TBS Server Operations

Tech Organization: Turner Broadcasting System, Inc.

Tech Street: One CNN Center

Tech City: Atlanta

Tech State/Province: GA

Tech Postal Code: 30303

Tech Country: US

Tech Phone: +1.4048275000

Tech Phone Ext:

Tech Fax: +1.4048271593

Tech Fax Ext:

Tech Email: hostmaster@turner.com

Name Server: ns-576.awsdns-08.net

Name Server: ns-1086.awsdns-07.org

Name Server: ns-47.awsdns-05.com

Name Server: ns-1630.awsdns-11.co.uk

DNSSEC: unsigned

The registrant is listed as "Domain Name Manager," which indicates that the registrar has registered the domain on behalf of a company. This is a common practice where the registrar maintains a generic name for this purpose. However, based on the registrant's address being "1 CCN Center," it is clear who the actual registrant is.

Using whois with an IP Address

Using whois with an IP address is just as simple as using it with a domain name. Just specify an IP address after whois, like so:

whois 205.251.242.103

Using the whois Command on Linux: A Comprehensive Guide

This is the output returned by whois:

NetRange: 205.251.192.0 - 205.251.255.255

CIDR: 205.251.192.0/18

NetName: AMAZON-05

NetHandle: NET-205-251-192-0-1

Parent: NET205 (NET-205-0-0-0-0)

NetType: Direct Allocation

OriginAS: AS16509, AS39111, AS7224

Organization: Amazon.com, Inc. (AMAZON-4)

RegDate: 2010-08-27

Updated: 2015-09-24

Ref: https://rdap.arin.net/registry/ip/205.251.192.0

The second section provides information about Amazon.com, Inc. and its registered details with the registry.

OrgName: Amazon.com, Inc.

OrgId: AMAZON-4

Address: 1918 8th Ave

City: SEATTLE

StateProv: WA

PostalCode: 98101-1244

Country: US

RegDate: 1995-01-23

Updated: 2020-03-31

Ref: https://rdap.arin.net/registry/entity/AMAZON-4

The third section provides contact information for reporting abuse related to Amazon EC2 services.

OrgAbuseHandle: AEA8-ARIN

OrgAbuseName: Amazon EC2 Abuse

OrgAbusePhone: +1-206-266-4064

OrgAbuseEmail: abuse@amazonaws.com

OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN

The fourth section provides contact information for network operations related to Amazon AWS.

OrgNOCHandle: AANO1-ARIN

OrgNOCName: Amazon AWS Network Operations

OrgNOCPhone: +1-206-266-4064

OrgNOCEmail: amzn-noc-contact@amazon.com

OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN

The final sections provide contact information for IP routing and technical support related to Amazon AWS.

OrgRoutingHandle: ADR29-ARIN

OrgRoutingName: AWS Dogfish Routing

OrgRoutingPhone: +1-206-266-4064

OrgRoutingEmail: aws-dogfish-routing-poc@amazon.com

OrgRoutingRef: https://rdap.arin.net/registry/entity/ADR29-ARIN

OrgRoutingHandle: IPROU3-ARIN

OrgRoutingName: IP Routing

OrgRoutingPhone: +1-206-266-4064

OrgRoutingEmail: aws-routing-poc@amazon.com

OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN

OrgTechHandle: ANO24-ARIN

OrgTechName: Amazon EC2 Network Operations

OrgTechPhone: +1-206-266-4064

OrgTechEmail: amzn-noc-contact@amazon.com

OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN

RTechHandle: ROLEA19-ARIN

RTechName: Role Account

RTechPhone: +1-206-266-4064

RTechEmail: ipmanagement@amazon.com

RTechRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN

RAbuseHandle: ROLEA19-ARIN

RAbuseName: Role Account

RAbusePhone: +1-206-266-4064

RAbuseEmail: ipmanagement@amazon.com

RAbuseRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN

RNOCHandle: ROLEA19-ARIN

RNOCName: Role Account

RNOCPhone: +1-206-266-4064

RNOCEmail: ipmanagement@amazon.com

RNOCRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN

The second section provides the registrant's details including the address and name, which belongs to Amazon.com, Inc. The "Ref:" field in JSON format contains this information as the web address.

The remaining sections consist of contact details that enable you to report any concerns related to abuse, network operation, traffic routing, and similar matters.

Using whois in a Script

To use whois in a script, let's assume we have a set of domains for which we need to check the expiration dates. We can accomplish this with a small shell script.

Type the following content into an editor and save it as "get-expiry.sh":

```

#!/bin/bash

DOMAIN_LIST="howtogeek.com reviewgeek.com lifesavvy.com cloudsavvyit.com"

echo "Expiration dates:"

for domain in $DOMAIN_LIST

do

echo -n "$domain :: "

whois $domain | grep 'Expiration' | awk '{print $5}'

done

```

Set the script to have executable permissions by using the chmod command, as shown below:

chmod +x get-expiry.sh

Using the whois Command on Linux: A Comprehensive Guide

Run the script by calling it by name:

/get-expiry.sh

Using the whois Command on Linux: A Comprehensive Guide

The response from whois is searched using grep to locate lines containing the term "Expiration," and then awk is used to extract the fifth item from those lines.

Convenience and Automation

Yes, it is possible to conduct online whois lookups. Nevertheless, having the option of utilizing the whois command in the terminal window and scripts brings about convenience, adaptability, and enables automation of certain tasks.

Linux Commands

Files

tar · pv · cat · tac · chmod · grep · diff · sed · ar · man · pushd · popd · fsck · testdisk · seq · fd · pandoc · cd · $PATH · awk · join · jq · fold · uniq · journalctl · tail · stat · ls · fstab · echo · less · chgrp · chown · rev · look · strings · type · rename · zip · unzip · mount · umount · install · fdisk · mkfs · rm · rmdir · rsync · df · gpg · vi · nano · mkdir · du · ln · patch · convert · rclone · shred · srm · scp · gzip · chattr · cut · find · umask · wc · tr

Processes

alias · screen · top · nice · renice · progress · strace · systemd · tmux · chsh · history · at · batch · free · which · dmesg · chfn · usermod · ps · chroot · xargs · tty · pinky · lsof · vmstat · timeout · wall · yes · kill · sleep · sudo · su · time · groupadd · usermod · groups · lshw · shutdown · reboot · halt · poweroff · passwd · lscpu · crontab · date · bg · fg · pidof · nohup · pmap

Networking

netstat · ping · traceroute · ip · ss · whois · fail2ban · bmon · dig · finger · nmap · ftp · curl · wget · who · whoami · w · iptables · ssh-keygen · ufw · arping · firewalld

Editor's P/S

As a Gen Z netizen, I find the whois command to be an incredibly useful tool for discovering ownership details of internet domains. With just a few simple commands, I can quickly and easily find out who owns a particular domain, as well as their contact information. This information can be helpful for a variety of purposes, such as determining the legitimacy of a website or tracking down the owner of a domain that is being used for malicious purposes.

Overall, I believe that the whois command is a valuable resource for anyone who wants to learn more about the ownership of internet domains. It is a powerful tool that can be used for a variety of purposes, and I encourage other Gen Z netizens to learn how to use it.