Notes on whois
If your system has the whois command, you may type
You may also specify the server with
See below for a list of whois servers
whois -h whoisserver sitename
Otherwise, you may visit the internic's
web interface to whois,
and enter the site name in the search field provided.
First, a quick glossary:
- An individual computer on the internet
- A set of names in the internet namespace, e.g.
- IP Address
- The internet address of a host, e.g. "18.104.22.168"
The arguments to whois
Arguments to whois are a search pattern and optional
keywords. Keywords fall into four types: Those that specifiy a FIELD
to be searched, those that specify the TYPE of record to be returned,
those that modify the interpretation of the input or tell the type of
output to produce, and those that are commands, such as HELP, QUIT, and
- Get information on various arguments and their meanings.
- Where sitename is the domain name of the site for which
you want information. Only give the domain name (e.g.
not the full host name (e.g. www.online18.com). This will give you all
the information the internic has about the given site. The whois server
will attempt to match this name against all types of records: name,
nicknames, hostname, net address, etc.) If there are multiple matches,
whois will list them, one per line. If there is a single
match, whois will give all the information about it.
- Where pattern. is the partial pattern you wish to match
(note the terminating dot). Whois will return all patterns that
begin with this pattern. (Example:
- IP Address
- Where IP Address is the full IP address in
dotted-decimal notation of a host, (e.g.
Whois will return the hostname for this address if it is found
in the database. This can often be used to determine
a site's network server.
- Where subnet is the IP address in dotted-decimal notation
or 206.138.239) Whois will return the site or
sites listed under this subnet. If there is no match, make the
search more broad (e.g.
22.214.171.124 or 206.138); this can often be used to determine
a site's upstream provider.
- (Note the terminating dot). Find all addresses matching this pattern,
returns all hosts belonging to Online18.
Keywords that restrict the fields to be searched
- HA handle
- Where !handle is a handle returned when there are multiple
This will return the single indicated record.
- NAme name
- Search only the Name field. Example:
- M mailbox
- Search only the Mailbox field. Example:
Keywords that restrict the record type to return
- DOmain pattern
- Search only domain records, e.g. "COM", "DOM MIT" or "DOM MIT.EDU".
- GAteway pattern
- Search only gateway records.
- HOst pattern
- Search only host records, e.g.
- SErver pattern
- Search only server records. This can be very useful for finding out
which sites share the same server.
For example, the search:
online18.com reveals that the domain name server for online18 is
host www.online18.com gives the host handle "WWW1032-HST".
Executing the command
"server www1032-hst" returns a list of hosts sharing the same
reveals that the porn spammer "Online18" is the
same as -- or associated with -- the "Psychic Spammer
as well as a host of others.
- ASm pattern
- Search only autonomous system numbers records.
- NEtwork pattern
- Search only network records, e.g.
- O pattern
- Search only organization records.
Keywords that modify the output returned
- Full search
- Give full records, even if multiple matches.
- SUMmary search
- Give summary records, even if single match.
Determining a site's netblock
The Arin.net whois server returns netblock
information for all sites which match the search pattern.
Whois servers around the world
First, examine the end of the hostname to determine the
code of the host, and try to determine which of the following servers
is applicable. In many cases, the domain name server is
- Arin.net runs a fairly sophisticated search engine. It is sufficient to enter
keywords to the search. For example, searching for "special fx" returns all of the
domain registrations belonging to Special-FX.
- Tonga (hosted in the basement of their Consolate in San Francisco.)
- AllWhois.com -- smart whois service.
Back to top
The opinions expressed on this page are solely those of Ed Falk and do
not necessarily represent those of any other organization, (although I
hope they do). I wish to thank Rahul.net for hosting this web page.
This page maintained by