WHOIS
WHOIS is a query and response protocol that is used for querying databases that store an Internet resource's registered users or assignees. These resources include domain names, IP address blocks and autonomous systems, but it is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The current iteration of the WHOIS protocol was drafted by the Internet Society, and is documented in.
Whois is also the name of the command-line utility on most UNIX systems used to make WHOIS protocol queries. In addition, WHOIS has a sister protocol called Referral Whois.
History
and her team were responsible for creating the first WHOIS directory in the early 1970s. Feinler set up a server in Stanford's Network Information Center which acted as a directory that could retrieve relevant information about people or entities. She and the team created domains, with Feinler's suggestion that domains be divided into categories based on the physical address of the computer.The process of registration was established in. WHOIS was standardized in the early 1980s to look up domains, people, and other resources related to domain and number registrations. As all registration was done by one organization at that time, one centralized server was used for WHOIS queries. This made looking up such information very easy.
At the time of the emergence of the internet from the ARPANET, the only organization that handled all domain registrations was the Defense Advanced Research Projects Agency of the United States government. The responsibility of domain registration remained with DARPA as the ARPANET became the Internet during the 1980s. UUNET began offering domain registration service; however, they simply handled the paperwork which they forwarded to the DARPA Network Information Center. Then the National Science Foundation directed that commercial, third-party entities would handle the management of Internet domain registration. InterNIC was formed in 1993 under contract with the NSF, consisting of Network Solutions, Inc., General Atomics and AT&T. The General Atomics contract was canceled after several years due to performance issues.
20th-century WHOIS servers were highly permissive and would allow wild-card searches. A WHOIS query of a person's last name would yield all individuals with that name. A query with a given keyword returned all registered domains containing that keyword. A query for a given administrative contact returned all domains the administrator was associated with. Since the advent of the commercialized Internet, multiple registrars and unethical spammers, such permissive searching is no longer available.
On December 1, 1999, management of the top-level domains ,, and was assigned to ICANN. At the time, these TLDs were converted to a thin WHOIS model. Existing WHOIS clients stopped working at that time. A month later, it had self-detecting Common Gateway Interface support so that the same program could operate a web-based WHOIS lookup, and an external TLD table to support multiple WHOIS servers based on the TLD of the request. This eventually became the model of the modern WHOIS client.
By 2005, there were many more generic top-level domains than there had been in the early 1980s. There are also many more country-code top-level domains. This has led to a complex network of domain name registrars and registrar associations, especially as the management of Internet infrastructure has become more internationalized. As such, performing a WHOIS query on a domain requires knowing the correct, authoritative WHOIS server to use. Tools to do WHOIS domain searches have become common and are offered by providers such as IONOS and Namecheap.
CRISP and IRIS
In 2003, an IETF committee was formed to create a new standard for looking up information on domain names and network numbers: Cross Registry Information Service Protocol. Between January 2005 and July 2006, the working name for this proposed new standard was Internet Registry Information Service The initial IETF Proposed Standards RFCs for IRIS can be found in the Further reading section of this article.The status of RFCs this group worked on can be found on the
the CRISP IETF Working Group concluded, after a final RFC 5144 was published by the group.
Note: The IETF CRISP working group is not to be confused with the Number Resource Organization's Team of the same name "Consolidated RIR IANA Stewardship Proposal Team".
WEIRDS and RDAP
In 2013, the IETF acknowledged that IRIS had not been a successful replacement for WHOIS. The primary technical reason for that appeared to be the complexity of IRIS. Further, non-technical reasons were deemed to lie in areas upon which the IETF does not pass judgment. Meanwhile, ARIN and RIPE NCC managed to serve WHOIS data via RESTful web services. The charter provided for separate specifications, for number registries first and for name registries to follow. The working group produced five proposed standard documents and an informational document.Protocol
The WHOIS protocol had its origin in the ARPANET NICNAME protocol and was based on the NAME/FINGER Protocol, described in . The NICNAME/WHOIS protocol was first described in in 1982 by Ken Harrenstien and Vic White of the Network Information Center at SRI International.WHOIS was originally implemented on the Network Control Protocol but found its major use when the TCP/IP suite was standardized across the ARPANET and later the Internet.
The protocol specification is the following :
Connect to the service host
TCP: service port 43 decimal
NCP: ICP to socket 43 decimal, establishing two 8-bit connections
Send a single "command line", ending with.
Receive information in response to the command line. The
server closes its connections as soon as the output is
finished.
The command line server query is normally a single name specification. i.e. the name of a resource. However, servers accept a query, consisting of only the question mark to return a description of acceptable command line formats. Substitution or wild-card formats also exist, e.g., appending a full-stop to the query name returns all entries beginning with the query name.
On the modern Internet, WHOIS services are typically communicated using the Transmission Control Protocol. Servers listen to requests on the well-known port number 43. Clients are simple applications that establish a communications channel to the server, transmit a text record with the name of the resource to be queried and await the response in form of a sequence of text records found in the database. This simplicity of the protocol also permits an application, and a command line interface user, to query a WHOIS server using the Telnet protocol.
Augmentations
In 2014, June ICANN published the recommendation for status codes, the "Extensible Provisioning Protocol domain status codes"| Status Code | Description |
| addPeriod | This grace period is provided after the initial registration of a domain name. If the registrar deletes the domain name during this period, the registry may provide credit to the registrar for the cost of the registration. |
| autoRenewPeriod | This grace period is provided after a domain name registration period expires and is extended automatically by the registry. If the registrar deletes the domain name during this period, the registry provides a credit to the registrar for the cost of the renewal. |
| inactive | This status code indicates that delegation information has not been associated with the domain. The domain is not activated in the DNS and will not resolve. |
| ok | This is the standard status for a domain, meaning it has no pending operations or prohibitions. |
| pendingCreate | This status code indicates that a request to create the domain has been received and is being processed. |
| pendingDelete | This status code may be mixed with redemptionPeriod or pendingRestore. In such case, depending on the status set in the domain name, otherwise, the pendingDelete status code indicates that the domain has been in redemptionPeriod status for 30 days and not restored. The domain will remain in this status for several days, after which time the domain will be dropped from the registry database. Once deletion occurs, the domain is available for re-registration in accordance with the registry's policies. |
| pendingRenew | This status code indicates that a request to renew the domain has been received and is being processed. |
| pendingRestore | This status code indicates that the registrar has asked the registry to restore the domain that was in redemptionPeriod status. The registry holds the domain in this status while waiting for the registrar to provide required restoration documentation. If the registrar fails to provide documentation to the registry operator within a set time period to confirm the restoration request, the domain will revert to redemptionPeriod status. |
| pendingTransfer | This status code indicates that a request to transfer the domain to a new registrar has been received and is being processed. |
| pendingUpdate | This status code indicates that a request to update the domain has been received and is being processed. |
| redemptionPeriod | This status code indicates that the registrar has asked the registry to delete the domain. The domain will be held in this status for 30 days. After five calendar days following the end of the redemptionPeriod, the domain is purged from the registry database and becomes available for registration. |
| renewPeriod | This grace period is provided after a domain name registration period is explicitly extended by the registrar. If the registrar deletes the domain name during this period, the registry provides a credit to the registrar for the cost of the renewal. |
| serverDeleteProhibited | This status code prevents the domain from being deleted. It is an uncommon status that is usually enacted during legal disputes, at the registrant's request, or when a redemptionPeriod status is in place. |
| serverHold | This status code is set by the domain's Registry Operator. The domain is not activated in the DNS. |
| serverRenewProhibited | This status code indicates the domain's Registry Operator will not allow the registrar to renew the domain. It is an uncommon status that is usually enacted during legal disputes or when the domain is subject to deletion. |
| serverTransferProhibited | This status code prevents the domain from being transferred from the current registrar to another. It is an uncommon status that is usually enacted during legal or other disputes, at the registrant's request, or when a redemptionPeriod status is in place. |
| serverUpdateProhibited | This status code locks the domain, preventing it from being updated. It is an uncommon status that is usually enacted during legal disputes, at the registrant's request, or when a redemptionPeriod status is in place. |
| transferPeriod | This grace period is provided after the successful transfer of a domain name from one registrar to another. If the new registrar deletes the domain name during this period, the registry provides a credit to the registrar for the cost of the transfer. |