Using the whois Command on Linux: A Comprehensive Guide
Discover the power of the whois command on Linux! Unearth ownership details of internet domains effortlessly through your command line Harness the potential of whois for domain names, IP addresses, and automation Install whois today and delve into the world of convenience and information
Some Noticeable Information
The domain ownership details and information about domain owners are stored within the whois system. The registration and ownership of domain names are overseen by the Internet Corporation for Assigned Names and Numbers (ICANN). However, the actual records are managed by various registries, which are separate entities.
"A whois record includes contact information for the registrant (owner) and the registrar (organization that registered the domain name), as well as the registration date, last update, and expiration date.
With the Linux whois command, you can perform lookups directly from the command line, which is useful for systems without a graphical user interface or for shell scripts. The command can be installed on Ubuntu, Fedora, and Manjaro using specific commands provided."
Rewritten version:
"A whois record contains contact details of both the registrant (owner) and the registrar (the organization responsible for registering the domain name), along with information about the registration date, last update, and expiration date.
By utilizing the Linux whois command, you can directly conduct lookups through the command line, making it valuable for systems lacking graphical user interfaces or to incorporate into shell scripts. To install the command, you can utilize specific commands provided for Ubuntu, Fedora, and Manjaro."
A whois lookup will tell you a lot of information about who owns an internet domain. On Linux, you can run whois lookups from the command line. We'll walk you through it.
The whois System
The whois system comprises records that provide information about domain ownership and owners. The Internet Corporation for Assigned Names and Numbers (ICANN) governs domain name registration and ownership, while multiple companies, known as registries, maintain the list of records.
Accessing the list of records is open to anyone. Upon querying, a registry will process your request and provide relevant details from the corresponding whois record.
Before we go any further, it's important that you're familiar with the following terms:
Registry: A company that manages a list containing a set of domain names (there are many of these).
Registrant: The legal owner of the domain; it's registered to this person.
Registrar: A registrant uses a registrar to make his or her registration.
The contact information of the individual, company, or entity that registered the domain name is included in a whois record. The level of information varies among registrations and different registries may provide varying amounts of information.
The following details are usually found in a typical whois record:
The name and contact information of the registrant: The owner of the domain.
The name and contact information of the registrar: The organization that registered the domain name.
The registration date.
When the information was last updated.
The expiry date.
You have the option to make whois requests online, but using the Linux whois command, you can carry out lookups directly from the command line. This is advantageous when conducting a lookup from a computer lacking a graphical user interface or when doing so from a shell script.
Installing whois
The whois command was already installed on Ubuntu 20.04. If you need to install it on your version of Ubuntu, you can do so with the following command:
sudo apt-get install whois
On Fedora, use the command below:
sudo dnf install whois
And finally, on Manjaro, type the following:
sudo pacman -Syu whois
Using whois with a Domain Name
You can use the whois command with domain names or Internet Protocol (IP) addresses. A slightly different set of information is returned for each of these.
We'll use a domain name for our first example:
whois cnn.com
The whois registry response begins with a concise summary before providing additional details. Below is an example that excludes trademark statements and terms of use:
Domain Name: CNN.COM
Registry Domain ID: 3269879_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.corporatedomains.com
Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html
Updated Date: 2018-04-10T16:43:38Z
Creation Date: 1993-09-22T04:00:00Z
Registry Expiry Date: 2026-09-21T04:00:00Z
Registrar: CSC Corporate Domains, Inc.
Registrar IANA ID: 299
Registrar Abuse Contact Email: domainabuse@cscglobal.com
Registrar Abuse Contact Phone: 8887802723
Domain Status: clientTransferProhibited
Domain Status: serverDeleteProhibited
Domain Status: serverTransferProhibited
Domain Status: serverUpdateProhibited
Name Server: NS-1086.AWSDNS-07.ORG
Name Server: NS-1630.AWSDNS-11.CO.UK
Name Server: NS-47.AWSDNS-05.COM
Name Server: NS-576.AWSDNS-08.NET
DNSSEC: unsigned
The Internet Assigned Numbers Authority (IANA) is responsible for overseeing and coordinating various aspects including top-level Domain Name System zones, IP protocol addressing systems, and the list of registries. The specific registry being referred to in this context is identified as "IANA ID: 299."
The "domain status" lines indicate the current state of the domain, which can exist in multiple states simultaneously. These states are defined within the Extensible Provisioning Protocol framework. While some of these states are infrequently encountered, others are limited to specific scenarios such as legal disputes.
The following states are attached to this registration:
clientTransferProhibited: The domain's registry will reject requests to transfer the domain from the current registrar to another.
serverDeleteProhibited: The domain cannot be deleted.
serverTransferProhibited: The domain cannot be transferred to another registrar.
serverUpdateProhibited: The domain is not permitted to undergo any updates.
The last three restrictions are typically implemented either when specifically requested by the registrant or during an ongoing legal dispute. In the case of CNN, it is likely that they requested these restrictions in order to secure and protect their domain.
"!DNSSEC" refers to Domain Name System Security Extensions, a system that enables a DNS name resolver to verify, through cryptographic means, the authenticity and integrity of the data obtained from the DNS zone, ensuring that it has not been altered or compromised.
Domain Name: cnn.com
Registry Domain ID: 3269879_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.corporatedomains.com
Registrar URL: www.cscprotectsbrands.com
Updated Date: 2018-04-10T16:43:38Z
Creation Date: 1993-09-22T04:00:00Z
Registrar Registration Expiration Date: 2026-09-21T04:00:00Z
Registrar: CSC CORPORATE DOMAINS, INC.
Registrar IANA ID: 299
Registrar Abuse Contact Email: domainabuse@cscglobal.com
Registrar Abuse Contact Phone: +1.8887802723
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: serverDeleteProhibited http://www.icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited http://www.icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited http://www.icann.org/epp#serverUpdateProhibited
Registry Registrant ID:
Registrant Name: Domain Name Manager
Registrant Organization: Turner Broadcasting System, Inc.
Registrant Street: One CNN Center
Registrant City: Atlanta
Registrant State/Province: GA
Registrant Postal Code: 30303
Registrant Country: US
Registrant Phone: +1.4048275000
Registrant Phone Ext:
Registrant Fax: +1.4048271995
Registrant Fax Ext:
Registrant Email: tmgroup@turner.com
Registry Admin ID:
Admin Name: Domain Name Manager
Admin Organization: Turner Broadcasting System, Inc.
Admin Street: One CNN Center
Admin City: Atlanta
Admin State/Province: GA
Admin Postal Code: 30303
Admin Country: US
Admin Phone: +1.4048275000
Admin Phone Ext:
Admin Fax: +1.4048271995
Admin Fax Ext:
Admin Email: tmgroup@turner.com
Registry Tech ID:
Tech Name: TBS Server Operations
Tech Organization: Turner Broadcasting System, Inc.
Tech Street: One CNN Center
Tech City: Atlanta
Tech State/Province: GA
Tech Postal Code: 30303
Tech Country: US
Tech Phone: +1.4048275000
Tech Phone Ext:
Tech Fax: +1.4048271593
Tech Fax Ext:
Tech Email: hostmaster@turner.com
Name Server: ns-576.awsdns-08.net
Name Server: ns-1086.awsdns-07.org
Name Server: ns-47.awsdns-05.com
Name Server: ns-1630.awsdns-11.co.uk
DNSSEC: unsigned
The registrant is listed as "Domain Name Manager," which indicates that the registrar has registered the domain on behalf of a company. This is a common practice where the registrar maintains a generic name for this purpose. However, based on the registrant's address being "1 CCN Center," it is clear who the actual registrant is.
Using whois with an IP Address
Using whois with an IP address is just as simple as using it with a domain name. Just specify an IP address after whois, like so:
whois 205.251.242.103
This is the output returned by whois:
NetRange: 205.251.192.0 - 205.251.255.255
CIDR: 205.251.192.0/18
NetName: AMAZON-05
NetHandle: NET-205-251-192-0-1
Parent: NET205 (NET-205-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS16509, AS39111, AS7224
Organization: Amazon.com, Inc. (AMAZON-4)
RegDate: 2010-08-27
Updated: 2015-09-24
Ref: https://rdap.arin.net/registry/ip/205.251.192.0
The second section provides information about Amazon.com, Inc. and its registered details with the registry.
OrgName: Amazon.com, Inc.
OrgId: AMAZON-4
Address: 1918 8th Ave
City: SEATTLE
StateProv: WA
PostalCode: 98101-1244
Country: US
RegDate: 1995-01-23
Updated: 2020-03-31
Ref: https://rdap.arin.net/registry/entity/AMAZON-4
The third section provides contact information for reporting abuse related to Amazon EC2 services.
OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-266-4064
OrgAbuseEmail: abuse@amazonaws.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
The fourth section provides contact information for network operations related to Amazon AWS.
OrgNOCHandle: AANO1-ARIN
OrgNOCName: Amazon AWS Network Operations
OrgNOCPhone: +1-206-266-4064
OrgNOCEmail: amzn-noc-contact@amazon.com
OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
The final sections provide contact information for IP routing and technical support related to Amazon AWS.
OrgRoutingHandle: ADR29-ARIN
OrgRoutingName: AWS Dogfish Routing
OrgRoutingPhone: +1-206-266-4064
OrgRoutingEmail: aws-dogfish-routing-poc@amazon.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/ADR29-ARIN
OrgRoutingHandle: IPROU3-ARIN
OrgRoutingName: IP Routing
OrgRoutingPhone: +1-206-266-4064
OrgRoutingEmail: aws-routing-poc@amazon.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-266-4064
OrgTechEmail: amzn-noc-contact@amazon.com
OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
RTechHandle: ROLEA19-ARIN
RTechName: Role Account
RTechPhone: +1-206-266-4064
RTechEmail: ipmanagement@amazon.com
RTechRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN
RAbuseHandle: ROLEA19-ARIN
RAbuseName: Role Account
RAbusePhone: +1-206-266-4064
RAbuseEmail: ipmanagement@amazon.com
RAbuseRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN
RNOCHandle: ROLEA19-ARIN
RNOCName: Role Account
RNOCPhone: +1-206-266-4064
RNOCEmail: ipmanagement@amazon.com
RNOCRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN
The second section provides the registrant's details including the address and name, which belongs to Amazon.com, Inc. The "Ref:" field in JSON format contains this information as the web address.
The remaining sections consist of contact details that enable you to report any concerns related to abuse, network operation, traffic routing, and similar matters.
Using whois in a Script
To use whois in a script, let's assume we have a set of domains for which we need to check the expiration dates. We can accomplish this with a small shell script.
Type the following content into an editor and save it as "get-expiry.sh":
```
#!/bin/bash
DOMAIN_LIST="howtogeek.com reviewgeek.com lifesavvy.com cloudsavvyit.com"
echo "Expiration dates:"
for domain in $DOMAIN_LIST
do
echo -n "$domain :: "
whois $domain | grep 'Expiration' | awk '{print $5}'
done
```
Set the script to have executable permissions by using the chmod command, as shown below:
chmod +x get-expiry.sh
Run the script by calling it by name:
/get-expiry.sh
The response from whois is searched using grep to locate lines containing the term "Expiration," and then awk is used to extract the fifth item from those lines.
Convenience and Automation
Yes, it is possible to conduct online whois lookups. Nevertheless, having the option of utilizing the whois command in the terminal window and scripts brings about convenience, adaptability, and enables automation of certain tasks.
Editor's P/S
As a Gen Z netizen, I find the whois command to be an incredibly useful tool for discovering ownership details of internet domains. With just a few simple commands, I can quickly and easily find out who owns a particular domain, as well as their contact information. This information can be helpful for a variety of purposes, such as determining the legitimacy of a website or tracking down the owner of a domain that is being used for malicious purposes.
Overall, I believe that the whois command is a valuable resource for anyone who wants to learn more about the ownership of internet domains. It is a powerful tool that can be used for a variety of purposes, and I encourage other Gen Z netizens to learn how to use it.
