WHOIS
WHOIS (pronounced as the phrase "who is") is a query and response protocol that is used for querying databases that store an Internet resource's registered users or assignees. These resources include domain names, IP address blocks and autonomous systems, but it is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.[1] The current iteration of the WHOIS protocol was drafted by the Internet Society, and is documented in RFC 3912.
This article is about a method for checking information about ownership of a domain name. For an IRC command called WHOIS, see List of Internet Relay Chat commands § WHOIS.Developer(s)
RIPE NCC (original BSD client), Marco d'Itri (modern Linux client)
BSD License (BSD and ReactOS), GPL (Linux)
Referral Whois[edit]
Referral Whois (RWhois) is an extension of the original WHOIS protocol and service. RWhois extends the concepts of WHOIS in a scalable, hierarchical fashion, potentially creating a system with a tree-like architecture. Queries are deterministically routed to servers based on hierarchical labels, reducing a query to the primary repository of information.[27]
Lookups of IP address allocations are often limited to the larger Classless Inter-Domain Routing (CIDR) blocks (e.g., /24, /22, /16), because usually only the regional Internet registries (RIRs) and domain registrars run RWhois or WHOIS servers, although RWhois is intended to be run by even smaller local Internet registries, to provide more granular information about IP address assignment.
RWhois is intended to replace WHOIS, providing an organized hierarchy of referral services where one could connect to any RWhois server, request a look-up and be automatically re-directed to the correct server(s). However, while the technical functionality is in place, adoption of the RWhois standard has been weak.
RWhois services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 4321.
Rwhois was first specified in RFC 1714 in 1994 by Network Solutions,[27] but the specification was superseded in 1997 by RFC 2167.[28]
The referral features of RWhois are different than the feature of a WHOIS server to refer responses to another server, which RWhois also implements.
Criticism[edit]
One criticism of WHOIS is the lack of full access to the data.[29][30] Few parties have realtime access to the complete databases.
Others cite the competing goal of domain privacy as a criticism, although this problem is strongly mitigated by domain privacy services. Currently, the Internet Corporation for Assigned Names and Numbers (ICANN) broadly requires that the mailing address, phone number and e-mail address of those owning or administering a domain name to be made publicly available through the "WHOIS" directories. The registrant's (domain owner's) contact details, such as address and telephone number, are easily accessible to anyone who queries a WHOIS server. However, that policy enables spammers, direct marketers, identity thieves or other attackers to loot the directory for personal information about these people. Although ICANN has been exploring changing WHOIS to enable greater privacy, there is a lack of consensus among major stakeholders as to what type of change should be made.[31] Some domain registrars offer private registrations (also known as domain privacy), by which the contact information of the registrar is shown instead of the customer's. With the offer of private registration from many registrars, some of the risk has been mitigated.[32]
Studies have shown that spammers can and do harvest plain-text email addresses from WHOIS servers.[33] For this reason, some WHOIS servers and websites offering WHOIS queries have implemented rate-limiting systems, such as web-based CAPTCHA and limited amounts of search queries per user IP address.[32]
The WHOIS requirements conflict with the General Data Protection Regulation (GDPR), effective in the European Union 25 May 2018, which places strict regulations on the processing and publication of personally identifiable information. ICANN stated in November 2017 that it would not reprimand "noncompliance with contractual obligations related to the handling of registration data" if registrars provide alternative solutions for compliance with its rules, until the WHOIS requirements are updated to take GDPR into account.[32][34]
The WHOIS protocol was not written with an international audience in mind. A WHOIS server and/or client cannot determine the text encoding in effect for the query or the database content. Many servers were originally using US-ASCII and Internationalization concerns were not taken into consideration until much later.[35] This might impact the usability or usefulness of the WHOIS protocol in countries outside the USA.[1] In the case of internationalized domain names it is the responsibility of the client application to perform the translation of the domain name between its native language script and the DNS name in punycode.
WHOIS has generated policy issues in the United States federal government. As noted above, WHOIS creates a privacy issue which is also tied to free speech and anonymity. However, WHOIS is an important tool for law enforcement officers investigating violations like spam and phishing to track down the holders of domain names. As a result, law enforcement agencies have sought to make WHOIS records both open and verified:[36]
ICANN proposal to abolish WHOIS[edit]
The Expert Working Group (EWG) of the Internet Corporation for Assigned Names and Numbers (ICANN) recommended on 24 June 2013 that WHOIS should be scrapped. It recommends that WHOIS be replaced with a system that keeps information secret from most Internet users, and only discloses information for "permissible purposes".[41] ICANN's list of permissible purposes includes domain-name research, domain-name sale and purchase, regulatory enforcement, personal data protection, legal actions, and abuse mitigation.[42] Although WHOIS has been a key tool of journalists in determining who was disseminating certain information on the Internet,[43] the use of WHOIS by the free press is not included in ICANN's proposed list of permissible purposes.
The EWG collected public input on the initial report until 13 September 2013. Its final report was issued on 6 June 2014, without meaningful changes to the recommendations.[44] As of March 2015, ICANN is in the "process of re-inventing WHOIS," working on "ICANN WHOIS Beta."[45][46]
On January 19, 2023, ICANN opened voting on a global amendment to all its registry and registrar agreements. In it they defined an RDAP Ramp-Up Period of 180 days starting with the effectiveness of this amendment. 360 days after this period is defined as the WHOIS Services Sunset Date, after which it is not a requirement for registries and registrars to offer a WHOIS service and instead only an RDAP service is required. All voting thresholds were met within the 60 day voting period and the amendment was approved by the ICANN Board. The date for WHOIS Sunset for gTLDs was set as 28 January 2025.[47]