Windows

Getting WHOIS information on Windows

2 Comments

WHOIS is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. Usually WHOIS queries are performed with a command line client and such a client is almost always a part of an OS’s TCP/IP implementation. Not so with Windows. Neither Windows 7, Vista or XP includes a WHOIS utility. Recently I had some trouble with WHOIS information from one of my domains and that set me searching for utilities to perform this task on the Windows platform. These are what I found:

  • Mark Russinovich has created a WHOIS utility, you can find it on the Sysinternals TechNet Site: http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx
    Mark’s implementation uses the whois-servers.net service to find the correct WHOIS server to use. whois-servers.net does not have records for all TLDs and such cannot find WHOIS info for all queries.
  • GNU-whois for Win32 is available on SourceForge (http://sourceforge.net/projects/whoiswin/)
    This utility uses a TLD list by default, contained in the file tld_serv_list. whois for Win32 is quite flexible and can query for WHOIS info using specific servers, by using the –h parameter.
  • Win32Whois is a graphical client available here: http://www.gena01.com/win32whois/
    It offers basic features as well as some GUI specific ones.

The WHOIS service uses TCP port 43. Some TLDs publish a server referral (SRV record) for the WHOIS protocol in their zone, which identifies their WHOIS server. This SRV record is of the format _nicname._tcp.<tld>. To find the WHOIS server for the TLD .no, use NSLOOKUP:

nslookup -type=srv _nicname._tcp.no
Server:  server1.domain.com
Address:  1.2.3.4

Non-authoritative answer:
_nicname._tcp.no        SRV service location:
priority       = 0
weight         = 0
port           = 43
svr hostname   = whois.norid.no

whois.norid.no  internet address = 128.39.8.42

So the server whois.norid.no with address 128.39.8.42 provides WHOIS info for the .no TLD.

2 thoughts on “Getting WHOIS information on Windows”

  2. I blog frequently and I truly appreciate your information. Your article has truly peaked my interest.
    I will bookmark your blog and keep checking for new details about once a week.
    I opted in for your RSS feed as well.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.