Looking Up Domains, Hosts, Contacts, and Names with
Whois
CS 3000 -- Lab Assignment #5
DIRECTIONS: Before you start, scan the man page for the whois
command. (Be wary, because information in man pages about whois can differ
from the information you get using the help facility of whois. The help
facility information is usually more reliable.)
When you do the lab, type whois commands equivalent to
the ones you see typed below, and examine the output. Ask questions.
Whois is a good command to use if you want to
- find out the names of the DNS servers for a domain,
- find the name of an administrative contact for a domain,
- find out the name of a company or organization whose domain
name you know, or
- find out the domain name for a company or organization
whose name you know.
That's about all. The information you get from whois can be
useful when a domain is making problems for you (sending junk
mail, for example). The information is not guaranteed to be
accurate, but it is what the official name registry has on file.
Frankly whois is not the easiest program to use. It
has an arcane, under-documented syntax. When you are out on
your own "doing your thing," you should probably try simple web
searches first, and keep whois as an alternative to
try when other methods do not pan out.
/* get info about a domain */
john@pollux: whois caltech.edu
Whois Server Version 1.3
Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: CALTECH.EDU
Registrar: EDUCAUSE
[[/* The line below tells us which host to query */]]
Whois Server: whois.educause.net
Referral URL: http://www.educause.edu/edudomain
Name Server: TYBALT.CALTECH.EDU
Name Server: NSX.LBL.GOV
Name Server: MERCUTIO.NI.CALTECH.EDU
Name Server: TEPID.NI.CALTECH.EDU
Updated Date: 25-jan-2002
>>> Last update of whois database: Thu, 10 Oct 2002 04:53:24 EDT <<<
The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
Registrars.
/* Try again, specifying the correct host to query */
john@pollux: whois -h whois.educause.net caltech.edu
This Registry database contains ONLY .EDU domains.
The data in the EDUCAUSE Whois database is provided
by EDUCAUSE for information purposes in order to
assist in the process of obtaining information about
or related to .edu domain registration records.
The EDUCAUSE Whois database is authoritative for the
.EDU domain.
A Web interface for the .EDU EDUCAUSE Whois Server is
available at: http://whois.educause.net
By submitting a Whois query, you agree that this information
will not be used to allow, enable, or otherwise support
the transmission of unsolicited commercial advertising or
solicitations via e-mail.
You may use "%" as a wildcard in your search. For further
information regarding the use of this WHOIS server, please
type: help
--------------------------
Domain Name: CALTECH.EDU
Registrant:
California Institute of Technology
Information Technology Services 014-81
Pasadena, CA 91125
UNITED STATES
Contacts:
Administrative Contact:
Robert S. Logan
California Institute of Technology
ITS: Mail Stop 014-81
Pasadena, CA 91125
UNITED STATES
(626) 395-4631
bob@caltech.edu
Technical Contact:
California Institute of Technology
1200 E. California Blvd
Pasadena, CA 91125
UNITED STATES
(626) 395-4602
noc@caltech.edu
Name Servers:
MERCUTIO.NI.CALTECH.EDU 131.215.254.99
NSX.LBL.GOV
TYBALT.CALTECH.EDU 131.215.139.100
TEPID.NI.CALTECH.EDU 131.215.254.100
Domain record activated: 06-Jan-1986
Domain record last updated: 01-Nov-2000
/* Want to try more and varied queries? Get the current help
information from server. */
john@pollux: whois -h whois.educause.net help
This Registry database contains ONLY .EDU domains.
The data in the EDUCAUSE Whois database is provided
by EDUCAUSE for information purposes in order to
assist in the process of obtaining information about
or related to .edu domain registration records.
The EDUCAUSE Whois database is authoritative for the
.EDU domain.
A Web interface for the .EDU EDUCAUSE Whois Server is
available at: http://whois.educause.net
By submitting a Whois query, you agree that this information
will not be used to allow, enable, or otherwise support
the transmission of unsolicited commercial advertising or
solicitations via e-mail.
You may use "%" as a wildcard in your search. For further
information regarding the use of this WHOIS server, please
type: help
--------------------------
OVERVIEW:
The EDUCAUSE Whois server is a tool that may be used to look up
information regarding domains in the .EDU namespace.
Please note: This Whois database contains ONLY .EDU domain information
When searching for a domain, you must enter a second-level domain such
as example.edu. Third-level domains, such as www.example.edu are not
contained in the Whois database, although you may search for hosts
(name servers) using options described below. Searches for multiple
domains on a single command line is not suppored at this time. Your
search may contain, at most, one option and one domain name for which
to search. When more than one domain matches a query, Whois will return
a maximum of 100 potential matches.
If you would like to request a .EDU domain, please visit the following
URL eligibility requirements and further information:
http://www.educause.edu/edudomain/
OPTIONS:
The following options may be used when executing a search. You may use
the full option, or use the abbreviated version provided in parenthesis:
help (no abbreviations):
Returns this text. This command may not be used in conjunction with
a search.
Wildcard character = %
You can use the % symbol as a wildcard when performing searches
against the Whois database. For example: "whois %osu%" will return a list
of all domains which have names containing the string "osu", while "whois osu%"
will return all domains starting with the string "osu".
person (pe):
Search for this person in the Whois database. Returns
contact information for the individual, along with domains that they
are associated with. If your search matches more than one person, Whois
will return a list of potential matches you can use to narrow your search.
Searches should be sent in the following format: lastname,firstname
e.g. whois>person smith,john
You may include only a last name:
e.g. whois>person smith
Searches by first name only are not supported.
domain (do):
This is the default search type. It returns information regarding the
domain for which you are searching.
e.g. whois>domain example.edu
OR whois>example.edu
host (ho):
Search for information regarding a particular host or name server.
Information returned includes information regarding the host and
any domains with which this particular host is associated with.
e.g. whois>host ns1.example.edu
ip (ip):
Search whois database for all hosts with a matching IP address.
Returns a list of host names.
e.g. whois>ip 196.110.128.1
mailbox (ma or @ in querystring):
Search Whois database for individuals with a matching e-mail address.
Returns contact information for individual owning the e-mail address.
You may also enter partial e-mail addresses for a list of individuals
whose addresses contain your search string.
e.g. whois>ma myemail@university.edu
OR
whois>myemail@university.edu
OR
whois>@university.edu
organization (or):
Search Whois database for domains owned by a particular organization.
Returns a list of domains, which can then be searched for more specific
contact information, if needed. If only one domain is owned by the
the organization you have entered in your search, contact information will
be returned, with no need to do an additional query.
e.g. whois>organization Wigit Incorporated
OR whois>or Wigit Incorporated
For further information regarding the registrar for the .EDU domain,
EDUCAUSE, please visit our Web page: http://www.educause.edu
/* The commands described above seem to work alright if we put
the parameter sets in quotes. For example:*/
john@pollux: whois -h whois.educause.net "or %Vermont%"
This Registry database contains ONLY .EDU domains.
The data in the EDUCAUSE Whois database is provided
by EDUCAUSE for information purposes in order to
assist in the process of obtaining information about
or related to .edu domain registration records.
The EDUCAUSE Whois database is authoritative for the
.EDU domain.
A Web interface for the .EDU EDUCAUSE Whois Server is
available at: http://whois.educause.net
By submitting a Whois query, you agree that this information
will not be used to allow, enable, or otherwise support
the transmission of unsolicited commercial advertising or
solicitations via e-mail.
You may use "%" as a wildcard in your search. For further
information regarding the use of this WHOIS server, please
type: help
--------------------------
Your search by company has matched multiple domains.
Below are the matching domains (up to 100). For specific
information on one of these domains, please search on that domain.
CCV.EDU
SVC.EDU
TRINITYVT.EDU
UVM.EDU
UVT.EDU
VARC.EDU
VERMONTCOLLEGE.EDU
VERMONTLAW.EDU
VSC.EDU
VTC.EDU
/*
Follow up by making a query on one of the entries in the list above.
*/
john@pollux: whois -h whois.educause.net trinityvt.edu
This Registry database contains ONLY .EDU domains.
The data in the EDUCAUSE Whois database is provided
by EDUCAUSE for information purposes in order to
assist in the process of obtaining information about
or related to .edu domain registration records.
The EDUCAUSE Whois database is authoritative for the
.EDU domain.
A Web interface for the .EDU EDUCAUSE Whois Server is
available at: http://whois.educause.net
By submitting a Whois query, you agree that this information
will not be used to allow, enable, or otherwise support
the transmission of unsolicited commercial advertising or
solicitations via e-mail.
You may use "%" as a wildcard in your search. For further
information regarding the use of this WHOIS server, please
type: help
--------------------------
Domain Name: TRINITYVT.EDU
Registrant:
Trinity College of Vermont
208 Colchester Avenue
Burlington, VT 05401
UNITED STATES
Contacts:
Administrative Contact:
Pamela Jarvis
Trinity College of Vermont
208 Colchester Avenue
Burlington, VT 05401
UNITED STATES
(802) 846-7209
pjarvis@vermontelectric.coop
Technical Contact:
Adelphia Communications Corp.
Main at Water Street
Coudersport, PA 16915
UNITED STATES
(888) 512-5111
hostmaster@adelphia.net
Name Servers:
NS1.ADELPHIA.NET
NS2.ADELPHIA.NET
NS3.ADELPHIA.NET
Domain record activated: 02-Dec-1994
Domain record last updated: 26-Aug-2002
/*
More things to try.
*/
john@pollux: whois -h whois.educause.net "host altair.csustan.edu"
john@pollux: whois -h whois.networksolutions.com help
john@pollux: whois apple.com
john@pollux: whois -h whois.networksolutions.com apple.com
john@pollux: whois -h whois.networksolutions.com microsoft.com
john@pollux: whois microsoft.com
What is going on with that last one?
Go to the URL's below and see how much information you can get on ucsd.edu
and un.org. Try to get hostnames and IP numbers for the DNS servers for
the domains, names of administrative contacts, and names of hosts in the
network that are not nameservers (I don't know how much of this will be
possible. You can try to supplement the information using the tools we
sampled above.)
Also try to lookup an organization such as "walmart" and get the domain
name for the organization.
Don't be surprised if you can only get limited information. Whois servers
are getting to be less and less useful.
When you want to find out the domain name of an organization, most of the
time you can just use a search engine to find a URL containing the domain
name. You can then use whois to get names and IP numbers of the
nameservers. The basic job of a nameserver is to translate hostnames to IP
numbers and back, so a nameserver is supposed to know the names of all the
hosts in the domains it serves. Depending on how the nameserver is
configured, sometimes you can get it to give you lists of hostnames or IP
numbers it knows about. We will explore that idea when we do our lab on
nslookup and dig, which are tools for querying DNS
servers.