Get domain whois information with telnet

1 Flares Filament.io 1 Flares ×

Whois is often used to find out the details of the owners or the registrants of a domain name. The details includes name, address, telephone number etc. Whenever a domain is registered by a user, the user has to fill out own details at the domain registrar. These details are fed into the whois system, which can be fetched later through whois queries.

The whois data is supposed to be available publicly. But users might fill out fake information to avoid revealing actual identities. Now a days domains also have a privary protection feature that hides the whois information from the public if the registrant wishes to do so.

According to the wikipedia article :

WHOIS (pronounced as the phrase who is) is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The Whois protocol is documented in RFC 3912.

So basically whois is a protocol to query and fetch registration details of a domain name or ip allocation. There are lots of online websites that provide free whois service. Simply logon to them and enter the domain name and they would show the whois information. Another way to get the whois information by using some program that can contact these whois servers and fetch the necessary data.

On linux for example there is a commandline utility called whois that does this task. Try it out like this

$ whois microsoft.com

And you should get to see plenty of information like the registrar and other details. Try it on other domains of your choice and check the results. So basically whois serves as a register book that keeps record of every registered domain and details of those who registered it. This is necessary and useful.

Apart from the terminal program whois there are plenty of other utilities available for both windows and linux that can do the same thing.

In this post we are going to try to fetch the whois information from the commandline using the telnet command. This is a useful exercise for those who want to understand how exactly does the communication of whois protocol work.

Lets say the domain name we wish to query for is :
binarytides.com

OK, before moving further lets get on to some theory about how and where the whois data is stored.







1. Every domains whois data is stored in its registrars whois server. The registrar is the company/organisation that registered the domain. For example godaddy. There is no single server that holds the whois data of all domains.

2. There are parent or tld whois servers that hold information about the above mentioned actual whois server of a domain. These tld whois servers are separate for each tld, like com, org, net and so on.

So in our case(binarytides.com) its a 'com' domain. Therefore we need to contact the parent whois server for com domains and ask them the real whois server of binarytides.com

3. Next question is, how to get the parent whois server for a given tld. There are 2 ways to do this. Either do a whois query on 'whois.iana.org' on port 43 and ask them for the whois server of 'com' domains.

Or, simply connect to 'com.whois-servers.net' It will take you to the whois server of com domains. Yes you guessed it right, for org it would be org.whois-servers.net. Its the extension prefixed to '.whois-servers.net'.

Now the second method is cheaper since it involves 1 less query. In this example however I am going to show you both the methods.

So that was the short and simple theory. Also note that whois protocol works on tcp/ip port number 43. Just like http server works on port 80. Now lets proceed with the rest of the steps to extract the whois data for binarytides.com

Get parent whois server for com domains

The domain here is a .com domain , so first we need to find out the registry which holds whois data for .com domains

desktop:~$ telnet whois.iana.org 43
Trying 192.0.47.59...
Connected to ianawhois.vip.icann.org.
Escape character is '^]'.

Now we are connected to whois.iana.org. Now enter 'com' and hit enter

com
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object

domain:       COM

organisation: VeriSign Global Registry Services
address:      21345 Ridgetop Circle
address:      Dulles Virginia 20166
address:      United States

contact:      administrative
name:         Registry Customer Service
organisation: VeriSign Global Registry Services
address:      21345 Ridgetop Circle
address:      Dulles Virginia 20166
address:      United States
phone:        +1 703 925-6999
fax-no:       +1 703 421-5828
e-mail:       info@verisign-grs.com

contact:      technical
name:         Registry Customer Service
organisation: VeriSign Global Registry Services
address:      21345 Ridgetop Circle
address:      Dulles Virginia 20166
address:      United States
phone:        +1 703 925-6999
fax-no:       +1 703 421-5828
e-mail:       info@verisign-grs.com

nserver:      A.GTLD-SERVERS.NET 192.5.6.30 2001:503:a83e:0:0:0:2:30
nserver:      B.GTLD-SERVERS.NET 192.33.14.30 2001:503:231d:0:0:0:2:30
nserver:      C.GTLD-SERVERS.NET 192.26.92.30
nserver:      D.GTLD-SERVERS.NET 192.31.80.30
nserver:      E.GTLD-SERVERS.NET 192.12.94.30
nserver:      F.GTLD-SERVERS.NET 192.35.51.30
nserver:      G.GTLD-SERVERS.NET 192.42.93.30
nserver:      H.GTLD-SERVERS.NET 192.54.112.30
nserver:      I.GTLD-SERVERS.NET 192.43.172.30
nserver:      J.GTLD-SERVERS.NET 192.48.79.30
nserver:      K.GTLD-SERVERS.NET 192.52.178.30
nserver:      L.GTLD-SERVERS.NET 192.41.162.30
nserver:      M.GTLD-SERVERS.NET 192.55.83.30
ds-rdata:     30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766

whois:        whois.verisign-grs.com

status:       ACTIVE
remarks:      Registration information: http://www.verisign-grs.com

created:      1985-01-01
changed:      2011-03-31
source:       IANA

Connection closed by foreign host.

So we have the output with some useful information. The line of interest is :

whois:        whois.verisign-grs.com

It says that for com domains whois.verisign-grs.com is the parent whois server for 'com' domains.

Connect to tld whois server and get the actual whois server

Now that we have the tld whois server, we shall connect to it and get the actual whois server for the domain. The next query is also a whois query like before.

$ telnet whois.verisign-grs.com 43
Trying 199.7.57.74...
Connected to whois.verisign-grs.com.
Escape character is '^]'.

Note : If we were to omit the previous step, then without knowing 'whois.verisign-grs.com' we could straight away connect to 'com.whois-servers.net' in this step and it would connect us to the same server

$ telnet com.whois-servers.net 43
Trying 199.7.52.74...
Connected to whois.verisign-grs.com.
Escape character is '^]'.

Saw the name ? its the same server.

Now we are connected to the server. Type the domain name (without www) and hit enter.

binarytides.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: BINARYTIDES.COM
   Registrar: NETLYNX, INC.
   Whois Server: whois.netlynx.com
   Referral URL: http://www.netlynx.com
   Name Server: OMIKRO1.ALLWEBSERVER.COM
   Name Server: OMIKRO2.ALLWEBSERVER.COM
   Status: ok
   Updated Date: 14-jun-2011
   Creation Date: 30-jun-2009
   Expiration Date: 30-jun-2012

>>> Last update of whois database: Sat, 22 Oct 2011 13:59:39 UTC <<<

........TRUNCATED

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.Connection closed by foreign host.

Now we have the actual whois server of the domain. The line of interest is :

Whois Server: whois.netlynx.com

Get domain whois information

So we have to repeat the above process with this final whois server whois.netlynx.com

desktop:~$ telnet whois.netlynx.com 43
Trying 67.15.47.4...
Connected to whois.netlynx.com.
Escape character is '^]'.

Now we are connected with the whois server. Type the domain name binarytides.com and hit enter

binarytides.com
Registration Service Provided By: OMIKROSYS
Contact: +91.123456

Domain Name: BINARYTIDES.COM 

Registrant:
    PrivacyProtect.org
    Domain Admin        (contact@privacyprotect.org)
    ID#10760, PO Box 16
    Note - All Postal Mails Rejected, visit Privacyprotect.org
    Nobby Beach
    null,QLD 4218
    AU
    Tel. +45.36946676

Creation Date: 30-Jun-2009  
Expiration Date: 30-Jun-2012

Domain servers in listed order:
    omikro1.allwebserver.com
    omikro2.allwebserver.com


Administrative Contact:
    PrivacyProtect.org
    Domain Admin        (contact@privacyprotect.org)
    ID#10760, PO Box 16
    Note - All Postal Mails Rejected, visit Privacyprotect.org
    Nobby Beach
    null,QLD 4218
    AU
    Tel. +45.36946676

Technical Contact:
    PrivacyProtect.org
    Domain Admin        (contact@privacyprotect.org)
    ID#10760, PO Box 16
    Note - All Postal Mails Rejected, visit Privacyprotect.org
    Nobby Beach
    null,QLD 4218
    AU
    Tel. +45.36946676

Billing Contact:
    PrivacyProtect.org
    Domain Admin        (contact@privacyprotect.org)
    ID#10760, PO Box 16
    Note - All Postal Mails Rejected, visit Privacyprotect.org
    Nobby Beach
    null,QLD 4218
    AU
    Tel. +45.36946676

Status:ACTIVE

......TRUNCATED

Connection closed by foreign host.

So now we have all the necessary whois information available.

Whois command

The whois command on linux can be used to make this telnet query. Here is an example

$ whois -h com.whois-servers.net stackoverflow.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: STACKOVERFLOW.COM
   Registrar: NAME.COM LLC
   Whois Server: whois.name.com
   Referral URL: http://www.name.com
   Name Server: NS1.SERVERFAULT.COM
   Name Server: NS2.SERVERFAULT.COM
   Name Server: NS3.SERVERFAULT.COM
   Name Server: NS4.SERVERFAULT.COM
   Status: clientTransferProhibited
   Updated Date: 19-mar-2013
   Creation Date: 26-dec-2003
   Expiration Date: 26-dec-2015

>>> Last update of whois database: Thu, 02 May 2013 15:57:21 UTC <<<

The above example queries com.whois-servers.net for the search term "stackoverflow.com". The query returns the actual whois server of stackoverflow.com

Next query the whois server 'whois.name.com'

$ whois -h whois.name.com stackoverflow.com

__   _                             ____                
| \ | | __ _ _ __ ___   ___       / ___|___  _ __ ___  
|  \| |/ _` | '_ ` _ \ / _ \     | |   / _ \| '_ ` _ \ 
| |\  | (_| | | | | | |  __/  _  | |__| (_) | | | | | |
|_| \_|\__,_|_| |_| |_|\___| (_)  \____\___/|_| |_| |_|
      On a first name basis with the rest of the world.


Get your <a href="http://www.name.com">domains</a> at Name.com.


Domain Name:     stackoverflow.com
Registrar:       Name.com LLC

Expiration Date: 2015-12-26 19:18:07
Creation Date:   2003-12-26 19:18:07

Name Servers:
        ns1.serverfault.com
        ns2.serverfault.com
        ns3.serverfault.com
        ns4.serverfault.com

REGISTRANT CONTACT INFO
Stack Exchange, Inc.
Sysadmin Team
1 Exchange Plaza
Floor 26
New York
NY
10006
US
Phone:         +1.2122328280
Email Address: sysadmin-team@stackoverflow.com
...............

So now we have the final and full whois information of stackoverflow.com available.

Last Updated On : 2nd May 2013

Subscribe to get updates delivered to your inbox

1 Flares Twitter 1 Facebook 0 Google+ 0 LinkedIn 0 StumbleUpon 0 Filament.io 1 Flares ×