This site uses advanced css techniques
The traditional whois tool can query a single remote server and only research a single kind of data. This is a useful starting point, but many whois queries actually require multiple queries of different servers. We've created a front end in perl that is very smart about knowing who and how to ask, plus a small modification to the standard fwhois.c tool to support it.
This program has not been cleaned up for much public release, so it's still ugly inside. We're working on it.
There are two components here:
$ cc fwhois.c -o fwhois
This should be copied to a standard location, usually /usr/local/bin.
This is a command-line utility, and it can be given an IP address or a domain name. It looks at the parameter to make its best guess as to the appropriate registry, and sends off its query. By itself this would be helpful enough, but it also scans the response to see if a second query is in order.
For instance, standard queries to the Internic's domain name system return only the most basic information that does not include the domain's owner:
$ fwhois unixwiz.net@whois.internic.net [whois.internic.net] Domain Name: UNIXWIZ.NET Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: www.networksolutions.com Name Server: NS.DRAPERS.COM Name Server: LINUX.MTNDEW.COM Name Server: A.UNIXWIZ.NET Updated Date: 09-jan-2001
Here, we've stripped off some of the additional verbiage and see that this only shows which registrar - whois.networksolutions.com - has the more detailed information. Normally this would require a second manual query, but our program knows how to parse this output and will make a second query to the referred location.
In addition to following the registration referrals, we also strip off the extraneous messages from the output when we recognize it. This is an imperfect science because the matches must be made literally in the code, but we do try to keep up with this.
But for domain names that aren't dot-com or dot-net and the like, we must check other registries. For instance, .se (Sweden) has a registry at whois.nic-se.se, and that server must be queried instead of rwhois.internic.net. Though our program does not have a fully comprehensive list of country-code servers, it has most of the important ones, and we update the code when we trip across them. Note that not all countries have 'whois' servers.
When researching IP addresses, it gets a bit more tricky. The American Registry of Internet Numbers (ARIN) maintains the database if IP address allocations in the United States and other areas, but not for the entire world. Other regions have their own registries, such as the Asia/Pacific and European regions.
The perl frontend knows where most of the major non-ARIN blocks are located and will query them as needed.
Normally, the whois protocol uses TCP port 43, but when the first-level servers for ARIN (American Registry for Internet Numbers) refer a request to secondary servers at individual ISPs, they typically offer their whois services on unprivileged port 4321. The standard fwhois tool cannot query this port, so we've modified it to permit these nonstandard queries.
When fwhois considers any remote hostname, it looks for a port number appended following a colon: rwhois.verio.net:4321. If there is no port specified, the default of 43 will be used.
We expect to submit this as a patch to the maintainers of this program once we have a bit more experience with it.