info Information about WHOIS & Curiosities

Visit nameliquidate.com
ebook DomainGraduate.com
An informative domain name related thread.

ncabete

Level 1
Epik Staff
Joined
Dec 7, 2020
Messages
12
Reaction score
24
Feedback: 0 / 0 / 0
Hey all!

This is my first post at DNForum, and while it may not be super helpful, I just wanted to share something that I learned over the past couple of months that I personally find interesting when it comes to WHOIS.

There are 2 major things to consider when we're speaking about WHOIS:
1. WHOIS is a protocol - it's not a tool, website, or app. Instead multiple tools use this protocol, (e.g. DomainTools).
2. The technical architecture of WHOIS is a typical client-server relation.
3. There's 2 types ("servers") of WHOIS: registry and registrar.

The registry WHOIS server contains all or partial data that a registry has of a registrant, and the registrar WHOIS contains all (or partial) data that a registrar has of a registrant.

Some registries may not accept registrations of domains while using privacy services, however they will hide your information if you query their WHOIS (often 'REDACTED FOR PRIVACY') - this does not mean that the registry doesn't know the registrant details - they MAY know the registrant details, but they can hide it - possibly due to GDPR. On the other hand, some registries may display the full data of either the privacy service that you use, or your own data. Take the example of the registry that manages .US - they will display all data publicly and do not allow the usage of WHOIS privacy services:

Proxy, or privatized registrations, are not permitted under current policy.

The usTLD has an ongoing interest in ensuring that its top-level domain is administered in a secure manner and that the information contained within the authoritative database is reliable, accurate, and up-to date. One of the mechanisms to ensure the integrity of the .US namespace is the through the collection of true registrant information. The usTLD Registry employs an algorithm to detect the inadvertent or intentional registration of proxy, anonymous and/or private domain name registrations, and enforces a registrar’s obligation to not offer such services to .US domain name registrants.


Source: https://www.about.us/faqs

Some other registries (for example .ES) do not even allow direct querying of WHOIS via protocol itself, instead you have to do it through their website (nic.es). They essentially have a WHOIS Server, but they will limit the IP addresses who can query it. This is their WHOIS Server reply to my WHOIS Query:

Conditions of use for the whois service via port 43 for .es domains

Access will only be enabled for IP addresses authorised by Red.es. A maximum of one IP address per
user/organisation is permitted.

Red.es accepts no responsibility whatsoever for the availability of access to WHOIS, which may be
suspended at any time and without prior warning at the discretion of the public entity.

The service will be limited to the data established by Red.es.

The user promises to make use of the service and to carry out any action derived from the aforesaid
use in accordance with current applicable regulations, in particular with legislation on “.es” domain
names and personal data protection.

In particular, the user undertakes not to use the service to carry out abusive or speculative domain
name registrations, pursuant to section 5 of the Sixth Additional Provision of Law 34/2002, of 11 July,
on Services of the Information Society and Electronic Commerce. Likewise, the User undertakes not to
use the service to obtain data, the possession of which may contravene the provisions of Organic Law
15/1999, of 13 December, on Personal Data Protection, and its Regulations, or in Law 34/2002, of 11
July, on Services of the Information Society and Electronic Commerce.

Failure to comply with these conditions will result in the immediate withdrawal of the service and any
registered domain name which breaches said conditions may be officially cancelled by Red.es.
-------------------------------------------------------------------------------------------------------

The IP address used to perform the query is not authorised or has exceeded the established limit for
queries.To request access to the service,complete the form located at https://sede.red.gob.es/sede/whois,
where you may also consult the service conditions.

-------------------------------------------------------------------------------------------------------
More information on each domain may be consulted at www.dominios.es.

Now, in regards to the tools that you guys are all aware of (e.g. DomainTools, Who.Is, etc) - there's often the argument that they show outdated data, and the reason for that is due to the fact that they sporadically query the WHOIS data for every single domain that exists (likely thanks to CZDS) - so the chances that the domain you're looking up the WHOIS data for has already been fetched by that service are high (some offer a Refresh button) and you will see cached results, because it is more efficient to be done this way.

There's also a certain number of WHOIS queries that an IP is allowed to make in a certain timeframe (which - you may have guessed it, depends on the registry) which makes it not viable for a company/tool to run thousands (or millions) of WHOIS queries every day to every domain that is registered just for the purpose of keeping their data up-to-date (and then offer it for free)

In short, the tool that will get you the most up-to-date and accurate information is https://github.com/rfc1036/whois (On UNIX based systems, simply run apt/yum install whois) - simply put because you're directly querying both registry's and registrar's (when available) WHOIS servers instead of going through a "middleman" that may cache data like the aforementioned tools.

This tool is not the most user-friendly and may take some time to develop a parser if you're planning to do bulk WHOIS checks, however these type of cases are always a trade-off - you should evaluate what's more valuable to your use case: reliable data or instant results.

Usage of this Tool
To query the data that a registry has of a domain, for example - VeriSign, the following command can be executed on a terminal: whois -h whois.verisign-grs.com "epik.com"
In this example, "whois.verisign-grs.com" is VeriSign's WHOIS Server, and Epik.com is the domain we want to find out information about. The output would be something like:
Domain Name: EPIK.COM
Registry Domain ID: 1119058_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.epik.com
Registrar URL: https://www.epik.com
Updated Date: 2021-09-17T13:14:47Z
Creation Date: 1998-04-16T04:00:00Z
Registry Expiry Date: 2031-04-15T04:00:00Z
Registrar: Epik Inc.
Registrar IANA ID: 617
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS1.EPIK.COM
Name Server: NS3.EPIK.COM
Name Server: NS4.EPIK.COM
DNSSEC: signedDelegation
DNSSEC DS Data: 17992 13 2 D2DBC7DD0A1352667D0F22B2B16438CB26A65B2B28B242C7561861F122A3EB0C
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2021-11-09T08:13:02Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

To query the data that a registrar has of a domain, for example - Epik, the following command can be executed on a terminal: whois -h whois.epik.com "epik.com"
In this example, "whois.epik.com" is Epik's WHOIS Server, and Epik.com is the domain we want to find out information about. The output would be something like:
Domain Name: EPIK.COM
Registry Domain ID: 1119058_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.epik.com
Registrar URL: https://www.epik.com
Updated Date: 2021-09-17T13:14:47Z
Creation Date: 1998-04-16T04:00:00Z
Registrar Registration Expiration Date: 2031-04-15T04:00:00Z
Registrar: Epik Holdings Inc
Registrar IANA ID: 617
Registrar Abuse Contact Email: abuse@epik.com
Registrar Abuse Contact Phone: +1.2068262345
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Privacy Administrator
Registrant Organization: Anonymize, Inc.
Registrant Street: 1100 Bellevue Way NE, Ste 8A-601
Registrant City: Bellevue
Registrant State/Province: WA
Registrant Postal Code: 98004
Registrant Country: US
Registrant Phone: +1.4253668810
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: epik.com-qxtbzm4pjd4j@anonymize.com
Registry Admin ID:
Admin Name: Privacy Administrator
Admin Organization: Anonymize, Inc.
Admin Street: 1100 Bellevue Way NE, Ste 8A-601
Admin City: Bellevue
Admin State/Province: WA
Admin Postal Code: 98004
Admin Country: US
Admin Phone: +1.4253668810
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: epik.com-qxtbzm4pjd4j@anonymize.com
Registry Tech ID:
Tech Name: Privacy Administrator
Tech Organization: Anonymize, Inc.
Tech Street: 1100 Bellevue Way NE, Ste 8A-601
Tech City: Bellevue
Tech State/Province: WA
Tech Postal Code: 98004
Tech Country: US
Tech Phone: +1.4253668810
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: epik.com-qxtbzm4pjd4j@anonymize.com
Name Server: NS1.EPIK.COM
Name Server: NS3.EPIK.COM
Name Server: NS4.EPIK.COM
DNSSEC: signedDelegation
URL of the ICANN WHOIS Data Problem Reporting System: https://wdprs.internic.net/
>>> Last update of WHOIS database: 2021-04-25T22:10:09Z <<<

All registrar data, including registrant WHOIS data, is provided for public, non-commerical use only. Any information made available by Epik Inc and its affiliate registrars shall not be collected, distributed or used for any commercial activity. Third parties to agree not to use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and wireless alerts.

Lastly, if you want to make sure that your information is not shown on public WHOIS records, please consider using WHOIS Privacy (Epik provides it for free on all TLD's that allow it) and research the registry (TLD) you're interested in before registering the domain, so you don't risk having your personal information exposed and permanently archived.

Hope this was helpful to you :)
 
Visit Epik

aleksey.k

Snake Charmer (Python3, DevOps)
Joined
Jan 4, 2021
Messages
42
Reaction score
20
Feedback: 0 / 0 / 0
NB: since WHOIS is a protocol but not an obligation each TLD (or even separate domains within the same TLD) may or may not provide this information in very different fashions
 

ncabete

Level 1
Epik Staff
Joined
Dec 7, 2020
Messages
12
Reaction score
24
Feedback: 0 / 0 / 0
NB: since WHOIS is a protocol but not an obligation each TLD (or even separate domains within the same TLD) may or may not provide this information in very different fashions
Unfortunately, this is correct. Most gTLD respect the same structure, but it's the wild west for ccTLD's.
 

Manisha Pakhrin

Level 1
Joined
Mar 29, 2022
Messages
9
Reaction score
3
Feedback: 0 / 0 / 0
Thanks for the information. I was unaware of so many things and you made it clear.
 
Visit nameinvestors.com
Top Bottom