The WHOIS protocol "pronounced who is" is used to query databases that contains information about the registration of domain name, ip addresses and as numbers. The specification for WHOIS was first outlined in Request for Comments RFC 812 by Ken Harrenstien and Vic White and was later expanded upon in RFC 954 by K. Harrenstien, M. Stahl and E. Feinler. The latest specification is outlined in Request for Comments RFC 3912 by L. Daigle. This page will cover how the WHOIS protocol is used to query the Domain Name System (DNS) for information about domain names. The Domain Name System (DNS) is an essential system for the operation of the Internet, allowing users to use alphanumeric strings (domain names) to easily find Internet services / resources. The Domain Name System (DNS) is comprised of a hierarchy of domain names, the information about these domain names is stored in DNS records on databases that use a thick or thin registry model. These DNS databases are operated by DNS registries and registrars. ICANN, the ultimate authority for the Domain Name System (DNS), requires DNS registries and registrars to provide a WHOIS service on port 43 and an interactive WHOIS online search tool so that users can query the databases that store domain name information. The WHOIS search tools provided by DNS registries and registrars uses a client-server model that uses the WHOIS protocol to query and return results.
As stated, to find out information about a domain name a WHOIS search tool / client is required to query a database that stores DNS records. WHOIS search tools differ in their scope, but they are located at the IANA website and the website of organisations who operate DNS registries and registrars. The IANA WHOIS service is located at iana.org/whois and is the ultimate authority for locating WHOIS information. How a WHOIS search query is processed by the WHOIS protocol will depend upon whether the domain name is located within a thin or thick database model. WHOIS queries are more complex than they originally were: due to the increase of Top Level Domains. A completed WHOIS search on the IANA WHOIS service will only provide information about the Top Level Domain operator: this is because IANA only manages the root zone of the Domain Name System and only stores information about the Top Level Domain operators. If a user searched IANA for a uk Top Level Domain, like bbc.co.uk, the result would be the following:
organisation: Nominet UK
address: Minerva House
address: Edmund Halley Road
address: Oxford Science Park
address: Oxford OX4 4DQ
address: United Kingdom
nserver: DNS1.NIC.UK 188.8.131.52 2a01:618:400:0:0:0:0:1
nserver: DNS2.NIC.UK 184.108.40.206 2401:fd80:400:0:0:0:0:1
nserver: DNS3.NIC.UK 220.127.116.11 2a01:618:404:0:0:0:0:1
nserver: DNS4.NIC.UK 2401:fd80:404:0:0:0:0:1 18.104.22.168
nserver: NSA.NIC.UK 22.214.171.124 2001:502:ad09:0:0:0:0:3
nserver: NSB.NIC.UK 126.96.36.199
nserver: NSC.NIC.UK 188.8.131.52
nserver: NSD.NIC.UK 184.108.40.206
The result is directing the user to visit the Nominet website - the registry for the uk Top Level Domain - to perform a WHOIS search there. A completed search result for a uk Top Level Domain using the Nominet WHOIS search tool is as follows:
British Broadcasting Corporation
UK Corporation by Royal Charter
British Broadcasting Corporation
Registered on: before Aug-1996
Expiry date: 13-Dec-2025
Last updated: 29-Oct-2016
Registered until expiry date.
ns3.bbc.co.uk 220.127.116.11 2610:a1:1015::17
ns4.bbc.co.uk 18.104.22.168 2001:502:4612::17
Some of the result fields returned - for the bbc.co.uk search - have been omitted. What it highlights, however, is that WHOIS search tools differ in their scope. Some WHOIS search tools are capable of searching multiple Top Level Domain registries and returning a far more extensive search result. Whereas some WHOIS search tools, like the IANA and Nominet tools, will only perform a WHOIS search on a specific database in the Domain Name System (DNS); such as the root zone or a specific top level domain.
WHOIS is not without it's critics, one of the criticisms leveled at it is the lack of privacy it provides and that email spammers harvest email addresses from WHOIS servers. ICANN is currently in the process of either replacing or overhauling WHOIS.