What is the WHOIS Service?

What’s the whois service?

Whois is an Internet service that lets you discover the registered users and their contact information associated with IP addresses, Fully Qualified Domain Names (FQDN), or Autonomous Systems (AS). This service is used by network engineers and administrators when determining the identity of a remote host that is attempting to access a local server or network.

Another use case is to obtain the network names and autonomous system numbers associated with the intermediate hops of a traceroute test; this way, network troubleshooters can easily find the networks which your traffic is traversing. Perhaps these networks are causing high latency or packet loss.

History of the whois service

The whois service was first created in the 1970s by Elizabeth J. Feinler and her team, which was part of the Stanford Research Institute (SRI). Elizabeth’s team worked on many projects sponsored by the Advanced Research Project Agency (DARPA) that aimed at documenting and managing the resources available to ARPANET users and organizations, such as domains.

At the time, all the whois information was centrally managed on one server setup in the Stanford’s Network Information Center (NIC). The SRI office would also centrally manage new domain registrations, including whois information for ARPANET users. This process, which was also via phone during business hours, was sufficient in the early days of what is now known as the Internet.

However in the 1980s with the commercialization of the Internet it became clear that such processes were limiting the growth and expansion of the Internet and would require an update. After several discussions, it was decided that the management and registration of top-level domains and IANA functions would be assigned to the Internet Corporation for Assigned Names and Numbers (ICANN).

Today, whois functions are handled by regional Internet registries (RIR) which may cross reference whois entries. The below picture shows how whois entries are globally managed based on the physical location of the entity.

network monitoring whois

How to run whois

The service is available via a command-line utility whois installed by default on most Unix-like operating systems and Windows. On the command line, the user has to type the command whois followed by the parameter (IP, FQDN, or ASN).

For example, if I run whois netbeez.net I will display the following information (truncated for brevity):

Many whois domain results, like the one above, are masked by a proxy organization for privacy purposes, to shield contact information including emails from spammers. If that’s the case, competent authorities will have to contact the proxy organization should there be a legal claim or investigation.

Conclusion

Whois is a “must have” utility in a network engineer’s tool bag. This Internet service is like the Yellow Pages – users can look up who owns or manages a specific Internet property, whether that is a website, an IP address space, or an entire autonomous system.