A whois lookup will give you a lot of information on who owns an internet domain. En Linux, you can run whois lookups from the command line. We will guide you through it.
El sistema whois
The whois system is a list of records that contains details about the ownership of the domains and the owners. the Internet Corporation for Assigned Names and Numbers (ICANN) regulates the registration and ownership of domain names, but the list of records is in the hands of many companies, recognized as records.
Anyone can consult the list of records. When i do, one of the registries will handle your request and send you the details of the respective whois record.
before continuing, it is essential that you are familiar with the following terms:
- Record: A company that manages a list that contains a set of domain names (there are many of these).
- Registering: The legal owner of the domain; is registered in the name of this person.
- Recorder: A registrant uses a registrar to register.
A whois record contains all the contact information associated with the person, company or other entity that registered the domain name. Some records contain more information than others, and some records return different amounts of information.
A typical whois record will contain the following information:
- The name and contact information of the registrant: The domain owner.
- The name and contact information of the registrar: The organization that registered the domain name.
- The registration date.
- When the information was last updated.
- The expiration date.
You can make whois requests on the web, but, with Linux whois
command, you can search directly from the command line. This is useful if you need to search from a computer without a graphical user interface., or if you want to do it from a shell script.
Whois installation
the whois
The command was already installed in Ubuntu 20.04. If you need to install it on your Ubuntu version, you can do it with the following command:
sudo apt-get install whois
In Fedora, use the following command:
sudo dnf install whois
And finally, in Manjaro, write the following:
sudo pacman -Syu whois
Use whois with a domain name
You can use the whois
command with domain names or internet protocol (IP addresses. A slightly different set of information is returned for each of these.
We will use a domain name for our first example:
whois cnn.com
The whois registry solution begins with a summary and then repeats with additional information included. Hemos incluido un ejemplo a continuación con las declaraciones de marca registrada y los términos de uso eliminados:
Domain Name: CNN.COM Registry Domain ID: 3269879_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.corporatedomains.com Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html Updated Date: 2018-04-10T16:43:38Z Creation Date: 1993-09-22T04:00:00Z Registry Expiry Date: 2026-09-21T04:00:00Z Registrar: CSC Corporate Domains, Inc. Registrar IANA ID: 299 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: 8887802723 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS-1086. AWSDNS-07.ORG Name Server: NS-1630.AWSDNS-11.CO.UK Name Server: NS-47. AWSDNS-05.COM Name Server: NS-576. AWSDNS-08.NET DNSSEC: Unsigned
This is reasonably self-explanatory.. We see various details about the registrar and the registry, including contact details, the registration dates, etc. There are some entries in the list that you may not recognize.
the Internet Number Assignment Authority (IANA) oversees and coordinates things like the top level domain name system zones, Protocolo IP addressing systems, and record list. This record is the number 299, listed as “IANA ID: 299”.
The "domain status" lines show the status of the domain, and can be in several simultaneously. The states are defined in the Extensible provisioning protocol. Some of these are seen infrequently and others are restricted to certain situations., as legal disputes.
The following statuses are attached to this record:
- Banned client transfer: The domain registry will reject requests to transfer the domain from the current registrar to another.
- serverDeleteProhibited: The domain cannot be removed.
- serverTransferProhibited: The domain cannot be transferred to another registrar.
- serverUpdateProhibited: The domain cannot be updated
The last three are generally enabled at the request of the registrant or if there is an ongoing legal dispute. For this case, CNN likely requested that they be enforced to “block” the company's domain.
“! DNSSEC” it means Domain name system security extensions, a schema that allows a DNS name solver to cryptographically verify that the data it received from the DNS zone is valid and has not been tampered with.
The longest part of the solution is shown below:
Domain Name: cnn.com Registry Domain ID: 3269879_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.corporatedomains.com Registrar URL: www.cscprotectsbrands.com Updated Date: 2018-04-10T16:43:38Z Creation Date: 1993-09-22T04:00:00Z Registrar Registration Expiration Date: 2026-09-21T04:00:00Z Registrar: CSC CORPORATE DOMAINS, INC. Registrar IANA ID: 299 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.8887802723 Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: serverDeleteProhibited http://www.icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited http://www.icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited http://www.icann.org/epp#serverUpdateProhibited Registry Registrant ID: Registrant Name: Domain Name Manager Registrant Organization: Turner Broadcasting System, Inc. Registrant Street: One CNN Center Registrant City: Atlanta Registrant State/Province: GA Registrant Postal Code: 30303 Registrant Country: US Registrant Phone: +1.4048275000 Registrant Phone Ext: Registrant Fax: +1.4048271995 Registrant Fax Ext: Registrant Email: [email protected] Registry Admin ID: Admin Name: Domain Name Manager Admin Organization: Turner Broadcasting System, Inc. Admin Street: One CNN Center Admin City: Atlanta Admin State/Province: GA Admin Postal Code: 30303 Admin Country: US Admin Phone: +1.4048275000 Admin Phone Ext: Admin Fax: +1.4048271995 Admin Fax Ext: Admin Email: [email protected] Registry Tech ID: Tech Name: TBS Server Operations Tech Organization: Turner Broadcasting System, Inc. Tech Street: One CNN Center Tech City: Atlanta Tech State/Province: GA Tech Postal Code: 30303 Tech Country: US Tech Phone: +1.4048275000 Tech Phone Ext: Tech Fax: +1.4048271593 Tech Fax Ext: Tech Email: [email protected] Name Server: ns-576.awsdns-08.net Name Server: ns-1086.awsdns-07.org Name Server: ns-47.awsdns-05.com Name Server: ns-1630.awsdns-11.co.uk DNSSEC: Unsigned
This gives us more or less the same information as the summary., with additional sections on the registrant and their contact details for administrative and technical purposes.
The registrant's name is provided as “Domain Name Administrator”. Sometimes, for a fee, companies choose to allow their registrar to register the domain on their behalf with a generic name that the registrar maintains for this purpose. That seems to be the case here.. Despite this, as the registrant's address is "1 CCN Center", it's obvious who the registrant is.
Use whois with an IP address
Using whois
with an IP address is as simple as using it with a domain name. Just specify an IP address after whois
, in the same way that:
whois 205.251.242.103
This is the output returned by whois
:
NetRange: 205.251.192.0 - 205.251.255.255 CIDR: 205.251.192.0/18 NetName: AMAZON-05 NetHandle: NET-205-251-192-0-1 Parent: NET205 (NET-205-0-0-0-0) NetType: Direct Allocation OriginAS: AS16509, AS39111, AS7224 Organization: Amazon.com, Inc. (AMAZON-4) RegDate: 2010-08-27 shutterstock_1988260253-6478038-5108267-jpg-5556450: 2015-09-24 Ref: https://rdap.arin.net/registry/ip/205.251.192.0 OrgName: Amazon.com, Inc. OrgId: AMAZON-4 Address: 1918 8th Ave City: SEATTLE StateProv: WA PostalCode: 98101-1244 Country: US RegDate: 1995-01-23 shutterstock_1988260253-6478038-5108267-jpg-5556450: 2020-03-31 Ref: https://rdap.arin.net/registry/entity/AMAZON-4 OrgAbuseHandle: AEA8-ARIN OrgAbuseName: Amazon EC2 Abuse OrgAbusePhone: +1-206-266-4064 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN OrgNOCHandle: AANO1-ARIN OrgNOCName: Amazon AWS Network Operations OrgNOCPhone: +1-206-266-4064 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN OrgRoutingHandle: ADR29-ARIN OrgRoutingName: AWS Dogfish Routing OrgRoutingPhone: +1-206-266-4064 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/ADR29-ARIN OrgRoutingHandle: IPROU3-ARIN OrgRoutingName: IP Routing OrgRoutingPhone: +1-206-266-4064 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN OrgTechHandle: ANO24-ARIN OrgTechName: Amazon EC2 Network Operations OrgTechPhone: +1-206-266-4064 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN RTechHandle: ROLEA19-ARIN RTechName: Role Account RTechPhone: +1-206-266-4064 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN RAbuseHandle: ROLEA19-ARIN RAbuseName: Role Account RAbusePhone: +1-206-266-4064 RAbuseEmail: [email protected] RAbuseRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN RNOCHandle: ROLEA19-ARIN RNOCName: Role Account RNOCPhone: +1-206-266-4064 RNOCEmail: [email protected] RNOCRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN
the first section contains information about the organization that owns the ip address we are looking for (for this case, one of the many that Amazon owns). We also receive some identifiers that the registry uses to identify Amazon.com, Inc. internally.
the second section contains the address and name of the registrant, Amazon.com, Inc. The web address in the field “Ref:” contains this information in JavaScript object notation (JSON) format.
the other sections contain contact information that allows you to report abuse-related issues, the operation of the network, traffic routing, etc.
Use whois in a script
To use whois in a script, suppose we have a set of domains for which we need to check the expiration dates. We can achieve this with a small shell script.
Type this in an editor and save it as “get-expiry.sh”:
#!/bin/bash DOMAIN_LIST="systempeaker.com reviewgeek.com lifesavvy.com cloudsavvyit.com" echo "Expiration dates:" for domain in $DOMAIN_LIST do echo -n "$domain :: " whois $domain | grep 'Expiration' | awk '{print $5}' done
Determine the hyphen have executable permissions using the chmod
command, as it's shown in the following:
chmod +x get-expiry.sh
Run the script by calling it by name:
./get-expiry.sh
The expiration date of each domain is extracted from the whois
through use grep
for find lines that contain the string “Expiration” and usage awk
for prints the fifth element of that line.
RELATED: How to use the awk command on Linux
Convenience and automation
Yes, you can also perform whois lookups online. Despite this, having the whois
Command available in terminal window and scripts offers convenience, flexibility and gives you the option to automate part of your workload.