How to Check and interpret Domain WHOIS data from linux command

As per ICANN policy domain Register need to keep record of domain Registrant name, address, Contact Details etc details. Unless registrant make it private using registrar whois privacy (a service may be purchased for this purpose) those details are publicly available through registrar whois server. Most of the domain registrar offer free online tool to check whois database. This post will show how to check whois database of a registered domain using “whois” tool from linux command line. Some important terms of whois database is also explained.

1.  Installing whois tools:
   1. CentOS and RHEL: whois tool present in “base” repository of yum installer and hence can easily be installed using “yum”
      

      yum install whois

   2. For Debian & Ubuntu system “whois” package is available for installation by “apt-get” installer
      

      apt-get install whois

2. Using “whois” tool to check whois database of a domain:
   

   whois yourdomain.tld

   For serverlog.net whois output obtained from a CentOS 7 x64 system is given bellow for further interpretation of terms

   [root@ovh ~]# whois serverlog.net [Querying whois.verisign-grs.com] [Redirected to Whois.bigrock.com] [Querying Whois.bigrock.com] [Whois.bigrock.com] Domain Name: SERVERLOG.NET Registry Domain ID: 2059975749_DOMAIN_NET-VRSN Registrar WHOIS Server: Whois.bigrock.com Registrar URL: www.bigrock.com Updated Date: 2016-11-17T02:20:46Z Creation Date: 2016-09-17T17:17:30Z Registrar Registration Expiration Date: 2017-09-17T17:17:30Z Registrar: BigRock Solutions Ltd Registrar IANA ID: 1495 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Abhik Bose Registrant Organization: Registrant Street: H13, IIT Bombay, Powai Registrant City: Mumbai Registrant State/Province: Maharashtra Registrant Postal Code: 400076 Registrant Country: IN Registrant Phone: +91.9967615600 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: abhikbose23@gmail.com Registry Admin ID: Not Available From Registry Admin Name: Abhik Bose Admin Organization: Admin Street: H13, IIT Bombay, Powai Admin City: Mumbai Admin State/Province: Maharashtra Admin Postal Code: 400076 Admin Country: IN Admin Phone: +91.9967615600 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: abhikbose23@gmail.com Registry Tech ID: Not Available From Registry Tech Name: Abhik Bose Tech Organization: Tech Street: H13, IIT Bombay, Powai Tech City: Mumbai Tech State/Province: Maharashtra Tech Postal Code: 400076 Tech Country: IN Tech Phone: +91.9967615600 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: abhikbose23@gmail.com Name Server: ns1.interentry.com Name Server: ns2.interentry.com Name Server: ns3.interentry.com DNSSEC:signedDelegation Registrar Abuse Contact Email: abuse@bigrock.com Registrar Abuse Contact Phone: +1-888-924-4762 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2016-12-27T19:47:25Z <<<   For more information on Whois status codes, please visit https://icann.org/epp Registration Service Provided By: BIGROCK ——————————————————————————— Followed by Terms and Conditions of using whois database server (not shown)

3. Explanation of Some Important Terms:
   1. Initial 4 line coated in []: The “whois” tools doesn’t know the actual register who contains the “whois database”. The tool start from central registry which redirects to the whois server of registrant. “whois.verisign-grs.com” and “Whois.bigrock.com” are whois server of central registry and registrar (Bigrock in our case). This followed by registrar name, Creation, expire and lat update date.
   2. Registrar IANA ID: This indicate the unique ID of the Registrar company. Each ICANN accredited register have an unique ID.
   3. Domain Status: This indicate the domain is locked for transfer by the current register or not. The lock may be of various reason.
      1. “clientTransferProhibited” indicate a domain transfer lock requested by registrant to prevent erroneous domain transfer.
      2. “serverTransferProhibited” indicates the domain is in initial 60 days of registration or last transfer and is in mandatory transfer lock by ICANN.
      3. An “OK” indicate the domain is ready to transfer. Before initiating a transfer request this is to be checked. In any state except “ok” a domain transfer request will be denied.
      4. “autoRenewPeriod” indicate the domain registration is in Grace Period.
      5. “pendingDeletion” indicate the domain registration is expired and grace period os also over and it’s waiting for next slot of deletion. Recovering a domain from this state to register account attract high charge by the register.
   4. Registrant ID: An unique ID of the domain Registrant to the Register. This ID is unique to a single Register only and sometime absent. So a registrant doesn’t have same ID for domains he owned at different Registrant. Ex. If he register two domain with Bigrock s/he will have same ID for those 2 domain but will have different ID for a domain registered at name.com.
   5. Name, Address and Contact Details: Following section contains Name, Address, email ID and phone number of the Domain Registrant, Domain Admin and Domain Technician. This three details are specified by Registrant at the time of registration or updated latter. Nowadays most domain register offer whois privacy protection either free of against a small price to make this data secret. A registrant shall use that or not is topic of another post. 
   6. Name Server: This contains the authoritative name servers for the concerned domain.
   7. DNSSEC: This indicate the DNS zones of the domain is signed with DNSSEC or not. A “signedDelegation” indicate the zone is signed with DNSSEC. What DNSSEC is and how to implement is out of current scope.
   8. Registrar Abuse Contact: This contain email and phone number of abuse control department of Registar
   9. This followed by terms and conditions for using whois server etc.

This discussion shall provide a good understanding what whois data is, how they maintained, explanation and how to check them from command line. Several free online tools are also available as follows

1. who.is [For both gTLD and ccTLD Domains]
2. whois.icann.org [maintained directly by ICANN, but only for gTLD Domains, require capture]
3. whois.com [for both gTLD and ccTLD]
4. whois.net [for both gTLD and ccTLD]

For any further query don’t hesitate to leave your comment.

Visits: 114