Objective: Find the whois server for a particular domain or TLD (top-level domain).
There is currently no standard for determining the responsible whois server for a DNS domain. Some whois clients are hard coded with the whois servers to be used. Other whois clients perform DNS queries to determine a whois server for a domain. In this article, we will go through the most common ways of determining the whois server for a domain.
Find Whois Server Using IANA Root Zone Database
IANA (Internet Assigned Numbers Authority) has a list of zones and the corresponding whois servers for those zones. The list can be found here.
So, if you want to find out the whois server for ‘.sg‘ domains, the list will give you whois.sgnic.sg as the whois server.
Find Whois Server Using IANA Whois Server
IANA also has a whois service to retrive the whois server info. The IANA’s whois server is whois.iana.org. So, to determine the whois server for ‘.sg‘ domains, you can run the whois query like this.
|
1 2 |
$ whois -h whois.iana.org sg | grep ^whois whois: whois.sgnic.sg |
To make a whois query for let’s say the site hdb.gov.sg, we can now directly query the whois server for ‘.sg‘ domains.
|
1 |
$ whois -h whois.sgnic.sg hdb.gov.sg |
Find Whois Server Using DNS With whois-servers.net
You can make a DNS CNAME query to whois-servers.net to determine the whois server. To determine the whois server for .sg domains, make a DNS CNAME lookup to sg.whois-servers.net. Similarly, to determine the whois server for .io domains, make a DNS CNAME query for io.whois-servers.net.
|
1 2 3 4 5 6 7 8 |
$ dig -t CNAME sg.whois-servers.net +short whois.nic.net.sg. $ dig -t CNAME io.whois-servers.net +short whois.nic.io. $ dig -t CNAME uk.whois-servers.net +short whois.nic.uk. $ dig -t CNAME co.uk.whois-servers.net +short whois.nic.uk. |
I am not sure who maintain these records, or if this is official. But, it seems to be pretty accurate.
Find Whois Server Using DNS SRV Records
This is another DNS query based on SRV records to locate whois servers. There are two ways to perform this search: top-down model or bottom-up model. The default is the bottom-up model and we will use this model to locate whois servers.
DNS SRV records are in the form of “_Service._Proto.Name“. For whois, the first two fields map to the following:
|
1 |
_nicname._tcp |
“_nicname” is the symbolic name for whois in the /etc/services file. “_tcp” indicates the protocol used by whois – TCP.
Now, let’s look at at example using the bottom-up approach. For amazon.co.uk, we can do the following DNS queries for SRV records.
|
1 2 3 |
_nicname._tcp.amazon.co.uk _nicname._tcp.co.uk _nicname._tcp.uk |
To retrieve the whois servers, we can use dig to do DNS SRV lookups.
|
1 2 3 4 5 6 7 |
$ dig -t SRV _nicname._tcp.amazon.co.uk +short $ dig -t SRV _nicname._tcp.co.uk +short 0 0 43 whois.nic.uk. $ dig -t SRV _nicname._tcp.uk +short 0 0 43 whois.nic.uk. |
For the bottom-up approach, if the answer is not positive we strip the leftmost element from the name and the query process is repeated; so it walks the DNS tree upwards. This process is repeated until a SRV record is found or the TLD is reached. So for the above example, we can actually stop at the second (_nicname._tcp.co.uk) DNS query since it returns a valid SRV record with the whois server.
This method does not always work, well, at least it is not working for .sg domains.
|
1 2 3 4 5 |
$ dig -t SRV _nicname._tcp.hdb.gov.sg +short $ dig -t SRV _nicname._tcp.gov.sg +short $ dig -t SRV _nicname._tcp.sg +short |
Mohamed Ibrahim
ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }
