WHOIS is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. Usually WHOIS queries are performed with a command line client and such a client is almost always a part of an OS’s TCP/IP implementation. Not so with Windows. Neither Windows 7, Vista or XP includes a WHOIS utility. Recently I had some trouble with WHOIS information from one of my domains and that set me searching for utilities to perform this task on the Windows platform. These are what I found:
- Mark Russinovich has created a WHOIS utility, you can find it on the Sysinternals TechNet Site: http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx
Mark’s implementation uses the whois-servers.net service to find the correct WHOIS server to use. whois-servers.net does not have records for all TLDs and such cannot find WHOIS info for all queries.
- GNU-whois for Win32 is available on SourceForge (http://sourceforge.net/projects/whoiswin/)
This utility uses a TLD list by default, contained in the file tld_serv_list. whois for Win32 is quite flexible and can query for WHOIS info using specific servers, by using the –h parameter.
- Win32Whois is a graphical client available here: http://www.gena01.com/win32whois/
It offers basic features as well as some GUI specific ones.
The WHOIS service uses TCP port 43. Some TLDs publish a server referral (SRV record) for the WHOIS protocol in their zone, which identifies their WHOIS server. This SRV record is of the format _nicname._tcp.<tld>. To find the WHOIS server for the TLD .no, use NSLOOKUP:
nslookup -type=srv _nicname._tcp.no
_nicname._tcp.no SRV service location:
priority = 0
weight = 0
port = 43
svr hostname = whois.norid.no
whois.norid.no internet address = 22.214.171.124
So the server whois.norid.no with address 126.96.36.199 provides WHOIS info for the .no TLD.