- What is AI networking? How it automates your infrastructure (but faces challenges)
- I traveled with a solar panel that's lighter than a MacBook, and it's my new backpack essential (and now get 23% off for Black Friday)
- Windows 11 24H2 hit by a brand new bug, but there's a workaround
- This Samsung OLED spoiled every other TV for me, and it's $1,400 off for Black Friday
- How to Protect Your Social Media Passwords with Multi-factor Verification | McAfee Blog
Using whois/jwhois on Linux
The whois and jwhois commands allow you to retrieve a lot of information on Internet domains–likely a lot more than you might imagine. Here’s how these commands work and how they can be useful.
To get started, you probably already use nslookup to check on domain names. When you do, you’ll see output like this:
$ nslookup networkworld.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: networkworld.com Address: 151.101.2.165 Name: networkworld.com Address: 151.101.66.165 Name: networkworld.com Address: 151.101.194.165 Name: networkworld.com Address: 151.101.130.165
The nslookup command queries name servers, so its output provides IP addresses for the queried domain and verifies the domain name is valid, but whois commands provide extensive details on the domain registration, domain status, responsible organizations, their locations, etc., giving you a lot more insight into domains.
What whois commands do
The whois and the jwhois commands work pretty much the same way. The jwhois command is newer, more configurable, and maybe even faster than whois. Both query WHOIS servers from the Linux command line. WHOIS services are mainly run by registrars and registries, and they manage a lot of details on each domain registration. WHOIS is itself a query and response protocol that plays a very important role on the Internet.
WHOIS servers are servers set up by a ICANN accredited registrars to acquire and maintain up-to-date information about domains that are registered within it. There appear to be hundreds of such servers scattered around the globe, many for generic domains like .com and .org. but also for a large number of not-so-obvious domain extensions. Here’s a list of what you might find when you look into them:
ac biz cn.com gb id li na pro su uk.com ad bj co gb.com ie london name pt sx uk.net ae bo co.nl gb.net il lt nc pub sy ac.uk aero br com qc.com im lu net pw tc gov.uk af br.com coop ge in lv nf qa tel us ag bt cx gg info ly ng re tf us.com ai bw cy gi ing ma nl ro th uy al by cz gl ink mc no rs tj uy.com am bz de gm int md no.com ru tk uz as bzh dk gov io me nu sa tl va asia ca dm gr iq mg nz sa.com tm vc at cat dz gs ir mil om sb tn ve au cc ec gy is mk ong sc to vg aw cd edu hamburg it ml ooo se top vu ax ceo ee hiphop je mo org se.com tp wang az cf eg hk jobs mobi paris se.net tr wf ba ch es hm jp ms pe sg travel wiki bar ci eu hn ke mt pf sh tw ws be ck eu.com host kg mu pics si tv xxx berlin cl eus hr ki museum pl sk tz xyz best cloud fi ht kr mx pm sm ua yu bg club fo hu kz my pr st ug za.com bi cn fr hu.com la mz press so uk
To determine the WHOIS server responsible for any domain, you can run commands like these:
$ whois uushenandoah.org | head -2 [Querying whois.pir.org] <== [whois.pir.org] $ whois networkworld.com | head -2 [Querying whois.verisign-grs.com] <== [Redirected to whois.markmonitor.com] $ whois amazon.com | head -2 [Querying whois.verisign-grs.com] <== [Redirected to.com whois.markmonitor.com] $ whois info.pr | head -2 [Querying whois.nic.pr] <== [whois.nic.pr]
The pr domain shown in the last example above is, as you might have guessed, in Puerto Rico.
If you were to look up information on NetworkWorld.com, you would see something like what you see below–and this is just the first 25 lines of the 82 available for display. You can see that considerable detail is provided.
$ whois networkworld.com | head -25 [Querying whois.verisign-grs.com] [Redirected to whois.markmonitor.com] [Querying whois.markmonitor.com] [whois.markmonitor.com] Domain Name: networkworld.com Registry Domain ID: 293248_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2021-06-24T09:04:42+0000 Creation Date: 1995-07-27T07:00:00+0000 Registrar Registration Expiration Date: 2022-07-25T07:00:00+0000 Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2083895770 Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited) Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited) Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited) Registrant Organization: International Data Group, Inc. Registrant State/Province: MA Admin Country: US Admin Email: Select Request Email Form at https://domains.markmonitor.com/whois/networkworld.com Tech Organization: Network World, Inc. Tech State/Province: MA Tech Country: US
This is all public information. Case is unimportant; Querying networkworld.com, NetworkWorld.CoM or NETWORKWORLD.COM will yield the same results.
The whois and jwhois commands search WHOIS servers for whatever domain you inquire about. If you mistype the domain name, you can expect to see a message like this:
$ whois networkwhirled.com | head -4 [Querying whois.verisign-grs.com] [whois.verisign-grs.com] No match for domain "NETWORKWHIRLED.COM". <== no match >>> Last update of whois database: 2021-12-05T19:46:37+0000 <<<
The last update date and time illustrate how frequently updates are made. More than likely, it will display the current date.
NOTE: The terms of use in whois command output includes a warning that users are not authorized to run high-volume electronic processes and that you can only use the data provided for lawful purposes. Limits might be imposed if you make too many queries in a single day.
whois or jwhois?
Which command will be available on your system depends on your system.
On my Fedora, /usr/bin/whois is a symbolic link to /etc/alternatives/whois,which symbolically links to /usr/bin/jwhois. So, I can use either command, but either way I’m running jwhois.
$ which whois /usr/bin/whois $ ls -l /usr/bin/whois lrwxrwxrwx. 1 root root 23 Oct 19 2020 /usr/bin/whois -> /etc/alternatives/whois $ ls -l /etc/alternatives/whois lrwxrwxrwx. 1 root root 15 Oct 19 2020 /etc/alternatives/whois -> /usr/bin/jwhois
My Linux Mint system uses only whois.
$ which whois /usr/bin/whois $ ls -l /usr/bin/whois -rwxr-xr-x 1 root root 160480 Feb 16 2020 /usr/bin/whois $ which jwhois $ <== no jwhois exists
In addition, I had to install whois on Linux Mint using the command below since it wasn’t initially available.
$ sudo apt install whois
Wrap-Up
For more details on how DNS and how it works try:
What DNS is and how does it work
For a list of WHOIS servers, visit this site:
Copyright © 2021 IDG Communications, Inc.