What is Whois Protocol? To answer this we are aware that finding information on the Internet is getting easier thanks to the multitude of search engines, meta-search engines, intelligent agents, and more. However, with the ever-growing number of users, hosts, and domains, locating information about people, host computers, and domains can be difficult. Two TCP/IP application-level protocols can help Whois and Finger.
Whois can be used to gather information about specific hosts and domains.
Finger, on the other hand, can be used to find out specific information about people on Internet hosts.
Understanding the Whois Protocol
Whois is the TCP/IP protocol and service used to gather information about Internet hosts and domains. Originally designed to be the “white pages” of the Internet, Whois was once (and still is in some cases) used in conjunction with large personnel databases. However, the growth of the Internet made maintaining such personnel databases impossible, so Whois information was limited to hosts and domains. Today, popular Whois databases contain information such as host and domain points-of-contact, organizations, and addresses. Whois is also used when registering a domain to determine whether the domain is already in use.
The Whois protocol runs on well-known TCP port 43 and is defined in RFC 954. Additional information on whois and the related finger command can be found in the following RFCs:
- 2167—Referral Whois (RWhois) Protocol V1.5.
- 1834—Whois and Network Information Lookup Service, Whois++.
- 1835—Architecture of the WHOIS++ service.
- 1913—Architecture of the Whois++ Index Service.
- 1914—How to Interact with a Whois++ Mesh.
- 1288—The Finger User Information Protocol.
Internet Registration can be a somewhat confusing topic with no one party in complete control of the Internet. This confusion has an impact on the traditional Whois service because each major registrar party maintains its own database.
The Whois Databases
Several databases exist in which you can find Whois information. As discussed earlier, most of the major Whois databases only list information as it pertains to registered Internet hosts and domains. However, some databases out there contain more detailed “white pages” information. Some important databases are :
- The InterNIC
- The U.S. Department of Defense
- The U.S. Federal Government
- RIPE (Réseaux IP Européens)
- The Asia Pacific Network Information Center (APNIC)
- Other Whois Servers
Although the Whois protocol and service has been around much longer than the Web, several Web-based interfaces exist to help you query Whois databases and find the information you need. Major Web-Based Whois Client Sites
Whois provides a rich protocol and service that allows us to query specific Whois databases for information pertaining to registered hosts, domains, and in some cases, people. However, Whois has some weaknesses. For instance, determining the right database to use for your query can sometimes be difficult. This problem can make finding the information you are looking for difficult. Two protocols expand on Whois:
Referral Whois (RWhois)
Due to the size of the Internet, maintaining one single database of all the host, domain, and user information is impossible. In order to keep the size and maintenance of the Whois databases to manageable proportions, a decentralized approach is necessary.
RWhois is a Directory Services protocol and service that extends the Whois concept to allow single queries to any number of decentralized Whois databases. RWhois accomplishes this in much the same manner as the Domain Name Service (DNS). If one RWhois database does not contain the information needed to satisfy the query, it can refer the query to another database. This process repeats until the proper database is found and the query is answered. For more information on RWhois, see RFC 2167 or http://www.rwhois.net/.
WHOIS++ is an extension to the traditional Whois protocol and service whose goal is to permit Whois-like servers to make available more detailed and structured information. WHOIS++ is specified by RFCs 1834, 1835, 1913, and 1914.