commands.page Website Logo
  • Home
  • Categories
  • Search

How to Query WHOIS Database Servers Using whois on Ubuntu Terminal

This is an article about how to use the command-line tool whois to query database servers for domain registration and technical details in Linux operating systems, specifically focusing on Ubuntu. In this article you will find information about setting up your terminal environment, installing necessary tools, and executing basic and advanced queries using the whois command. Additionally, we’ll explore how to interpret results effectively and understand common WHOIS database entries.

Introduction to WHOIS and Its Importance

The WHOIS protocol is a directory service that allows users to query databases for information about Internet resources, primarily domain names, IP addresses, and other related details managed by the Internet Corporation for Assigned Names and Numbers (ICANN) or specific Regional Internet Registries (RIRs). This tool is invaluable for network administrators, security researchers, and anyone interested in understanding the ownership and management of internet infrastructure. Using whois from your terminal can provide insights into domain registration details, contact information, IP address assignments, and more.

Setting Up Your Terminal Environment

Before diving into WHOIS queries, ensure you are working on an Ubuntu system with a basic understanding of using the command line. If you’re new to Linux terminals or have not used them extensively in Ubuntu, it might be helpful to familiarize yourself with some basics:

  1. Opening Terminal: Use Ctrl+Alt+T on your keyboard to open the terminal window quickly.
  2. Navigating Directories: Learn commands such as cd, ls, and pwd.
  3. Managing Files: Know how to use cp, mv, rm, and other file manipulation commands.

Once you’re comfortable with these basics, we can proceed to set up your environment for WHOIS queries.

Installing the WHOIS Command Line Tool

The whois tool is not included by default in all Ubuntu installations. To install it, open your terminal and execute:

sudo apt-get update sudo apt-get install whois -y

This command updates your package lists from their repositories and installs the whois utility.

Basic WHOIS Queries

With whois installed, you can start querying domain names or IP addresses for information. Here are some basic queries:

Querying a Domain Name

To get registration details of a specific domain name like example.com, type:

whois example.com

This command fetches detailed information about the specified domain from ICANN’s WHOIS database.

Querying an IP Address

For IPv4 addresses:

whois 192.0.2.1

And for IPv6 addresses:

whois 2001:db8::1

These queries return information about the ownership and allocation of the respective IP address.

Advanced WHOIS Query Techniques

Beyond basic queries, whois offers several options to customize your searches. Here are some advanced techniques:

Specifying a Specific Field

You can request specific fields from the output by using -h for specifying the field or server, though commonly you’ll use flags like -s and -i. For example, if you’re only interested in expiration dates of domains:

whois -oX whois.nic.ar example.com | grep "EXPIRED"

Querying Different WHOIS Servers

Not all domain names are registered through ICANN’s servers. Some top-level domains (TLDs) use their own registrars, which have separate WHOIS databases:

whois -h whois.nic.it example.com

This command queries the .it TLD database for information about example.com.

Limiting Output

For large outputs, you can limit the display to the first few lines or filter specific parts using tools like head, tail, and grep. For instance:

whois example.com | head -n 20

This command shows only the first 20 lines of the WHOIS query result.

Interpreting WHOIS Query Results

Understanding what each piece of information means is crucial. Typical fields include:

  • Registrant: The entity that owns the domain.
  • Registrar: The company through which the registration was processed.
  • Creation Date: When the domain was registered.
  • Expiration Date: Until when the domain remains valid without renewal.
  • Name Servers (NS): DNS servers used to manage the domain.

Common Challenges and Solutions

Dealing with Privacy Protection Services

Many registrars offer privacy protection services which mask personal information from public WHOIS records. In such cases, you’ll see placeholder data or a notice indicating that contact details are available only upon request:

# Example output where whois data is protected by a service like DomainsByProxy whois example.com | grep "Registrant"

Handling Rate Limits and Blocked Access

Some servers impose limits on the number of queries from a single IP address within a given timeframe to prevent abuse. If you encounter rate limit errors, consider using proxy services or reducing your query frequency.

Conclusion

Using the whois command line tool in Ubuntu allows for efficient querying of domain registration information and technical details related to internet resources. By mastering basic commands, exploring advanced features like specifying fields and custom WHOIS servers, and understanding how to interpret results, you can make full use of this powerful directory service.

Read this article to find out about the essential steps needed to set up your Ubuntu terminal for effective WHOIS queries, ensuring you have everything required to start investigating domains or IP addresses. Whether you’re a network administrator, security researcher, or just curious about internet infrastructure, whois is an indispensable tool in your arsenal.

This guide provides a comprehensive introduction and tutorial on using the whois command in Ubuntu for both beginners and those looking to enhance their knowledge of WHOIS database queries.

Last Modified: 25/05/2019 - 08:32:11