WHOIS explained

WHOIS (pronounced as the phrase "who is") is a query and response protocol that is used for querying databases that store an Internet resource's registered users or assignees. These resources include domain names, IP address blocks and autonomous systems, but it is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.[1] The current iteration of the WHOIS protocol was drafted by the Internet Society, and is documented in .

Whois is also the name of the command-line utility on most UNIX systems used to make WHOIS protocol queries.[2] In addition, WHOIS has a sister protocol called Referral Whois (RWhois).

History

Elizabeth Feinler and her team (who had created the Resource Directory for ARPANET) were responsible for creating the first WHOIS directory in the early 1970s. Feinler set up a server in Stanford's Network Information Center (NIC) which acted as a directory that could retrieve relevant information about people or entities. She and the team created domains, with Feinler's suggestion that domains be divided into categories based on the physical address of the computer.

The process of registration was established in . WHOIS was standardized in the early 1980s to look up domains, people, and other resources related to domain and number registrations. As all registration was done by one organization at that time, one centralized server was used for WHOIS queries. This made looking up such information very easy.

At the time of the emergence of the internet from the ARPANET, the only organization that handled all domain registrations was the Defense Advanced Research Projects Agency (DARPA) of the United States government (created during 1958.[3]). The responsibility of domain registration remained with DARPA as the ARPANET became the Internet during the 1980s. UUNET began offering domain registration service; however, they simply handled the paperwork which they forwarded to the DARPA Network Information Center (NIC). Then the National Science Foundation directed that commercial, third-party entities would handle the management of Internet domain registration. InterNIC was formed in 1993 under contract with the NSF, consisting of Network Solutions, Inc., General Atomics and AT&T. The General Atomics contract was canceled after several years due to performance issues.

20th-century WHOIS servers were highly permissive and would allow wild-card searches. A WHOIS query of a person's last name would yield all individuals with that name. A query with a given keyword returned all registered domains containing that keyword. A query for a given administrative contact returned all domains the administrator was associated with. Since the advent of the commercialized Internet, multiple registrars and unethical spammers, such permissive searching is no longer available.

On December 1, 1999, management of the top-level domains (TLDs),, and was assigned to ICANN. At the time, these TLDs were converted to a thin WHOIS model. Existing WHOIS clients stopped working at that time. A month later, it had self-detecting Common Gateway Interface support so that the same program could operate a web-based WHOIS lookup, and an external TLD table to support multiple WHOIS servers based on the TLD of the request. This eventually became the model of the modern WHOIS client.

By 2005, there were many more generic top-level domains than there had been in the early 1980s. There are also many more country-code top-level domains. This has led to a complex network of domain name registrars and registrar associations, especially as the management of Internet infrastructure has become more internationalized. As such, performing a WHOIS query on a domain requires knowing the correct, authoritative WHOIS server to use. Tools to do WHOIS domain searches have become common and are offered by providers such as IONOS and Namecheap.[4]

CRISP and IRIS

In 2003, an IETF committee was formed to create a new standard for looking up information on domain names and network numbers: Cross Registry Information Service Protocol (CRISP).[5] Between January 2005 and July 2006, the working name for this proposed new standard was Internet Registry Information Service (IRIS) [6] [7] The initial IETF Proposed Standards RFCs for IRIS are:

The status of RFCs this group worked on can be found on the IETF Tools site.[8]

the CRISP IETF Working Group concluded,[9] after a final RFC 5144 was published by the group [10] A Domain Availability Check (DCHK) Registry Type for the Internet Registry Information Service (IRIS) . 5144 . Newton . Andrew . Sanz . Marcos . February 2008 . . 1 June 2015. .

Note: The IETF CRISP working group is not to be confused with the Number Resource Organization's (NRO) Team of the same name "Consolidated RIR IANA Stewardship Proposal Team" (CRISP Team).[11]

WEIRDS and RDAP

See main article: Registration Data Access Protocol. In 2013, the IETF acknowledged that IRIS had not been a successful replacement for WHOIS. The primary technical reason for that appeared to be the complexity of IRIS. Further, non-technical reasons were deemed to lie in areas upon which the IETF does not pass judgment. Meanwhile, ARIN and RIPE NCC managed to serve WHOIS data via RESTful web services. The charter (drafted in February 2012) provided for separate specifications, for number registries first and for name registries to follow.[12] The working group produced five proposed standard documents:

and an informational document:

Protocol

The WHOIS protocol had its origin in the ARPANET NICNAME protocol and was based on the NAME/FINGER Protocol, described in (1977). The NICNAME/WHOIS protocol was first described in in 1982 by Ken Harrenstien and Vic White of the Network Information Center at SRI International.

WHOIS was originally implemented on the Network Control Protocol (NCP) but found its major use when the TCP/IP suite was standardized across the ARPANET and later the Internet.

The protocol specification is the following (original quote):[13]

Connect to the service host
   TCP: service port 43 decimal
   NCP: ICP to socket 43 decimal, establishing two 8-bit connections
Send a single "command line", ending with <CRLF>.
Receive information in response to the command line.  The
server closes its connections as soon as the output is
finished.

The command line server query is normally a single name specification. i.e. the name of a resource. However, servers accept a query, consisting of only the question mark (?) to return a description of acceptable command line formats. Substitution or wild-card formats also exist, e.g., appending a full-stop (period) to the query name returns all entries beginning with the query name.

On the modern Internet, WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43. Clients are simple applications that establish a communications channel to the server, transmit a text record with the name of the resource to be queried and await the response in form of a sequence of text records found in the database. This simplicity of the protocol also permits an application, and a command line interface user, to query a WHOIS server using the Telnet protocol.

Augmentations

In 2014, June ICANN published the recommendation for status codes, the "Extensible Provisioning Protocol (EPP) domain status codes"[14]

Status CodeDescription
addPeriodThis grace period is provided after the initial registration of a domain name. If the registrar deletes the domain name during this period, the registry may provide credit to the registrar for the cost of the registration.
autoRenewPeriodThis grace period is provided after a domain name registration period expires and is extended (renewed) automatically by the registry. If the registrar deletes the domain name during this period, the registry provides a credit to the registrar for the cost of the renewal.
inactiveThis status code indicates that delegation information (name servers) has not been associated with the domain. The domain is not activated in the DNS and will not resolve.
okThis is the standard status for a domain, meaning it has no pending operations or prohibitions.
pendingCreateThis status code indicates that a request to create the domain has been received and is being processed.
pendingDeleteThis status code may be mixed with redemptionPeriod or pendingRestore. In such case, depending on the status set in the domain name, otherwise (not combined with other status), the pendingDelete status code indicates that the domain has been in redemptionPeriod status for 30 days and not restored. The domain will remain in this status for several days, after which time the domain will be dropped from the registry database.Once deletion occurs, the domain is available for re-registration in accordance with the registry's policies.
pendingRenewThis status code indicates that a request to renew the domain has been received and is being processed.
pendingRestoreThis status code indicates that your registrar has asked the registry to restore the domain that was in redemptionPeriod status. Your registry will hold the domain in this status while waiting for your registrar to provide required restoration documentation. If your registrar fails to provide documentation to the registry operator within a set time period to confirm the restoration request, the domain will revert to redemptionPeriod status.
pendingTransferThis status code indicates that a request to transfer the domain to a new registrar has been received and is being processed.
pendingUpdateThis status code indicates that a request to update the domain has been received and is being processed.
redemptionPeriodThis status code indicates that your registrar has asked the registry to delete the domain. The domain will be held in this status for 30 days. After five calendar days following the end of the redemptionPeriod, the domain is purged from the registry database and becomes available for registration.
renewPeriodThis grace period is provided after a domain name registration period is explicitly extended (renewed) by the registrar. If the registrar deletes the domain name during this period, the registry provides a credit to the registrar for the cost of the renewal.
serverDeleteProhibitedThis status code prevents the domain from being deleted. It is an uncommon status that is usually enacted during legal disputes, at your request, or when a redemptionPeriod status is in place.
serverHoldThis status code is set by the domain's Registry Operator. The domain is not activated in the DNS.
serverRenewProhibitedThis status code indicates the domain's Registry Operator will not allow your registrar to renew the domain. It is an uncommon status that is usually enacted during legal disputes or when the domain is subject to deletion.
serverTransferProhibitedThis status code prevents the domain from being transferred from your current registrar to another. It is an uncommon status that is usually enacted during legal or other disputes, at your request, or when a redemptionPeriod status is in place.
serverUpdateProhibitedThis status code locks the domain preventing it from being updated. It is an uncommon status that is usually enacted during legal disputes, at your request, or when a redemptionPeriod status is in place.
transferPeriodThis grace period is provided after the successful transfer of a domain name from one registrar to another. If the new registrar deletes the domain name during this period, the registry provides a credit to the registrar for the cost of the transfer.

Implementation

WHOIS lookups were traditionally performed with a command line interface application, but now many alternative web-based tools exist.

A WHOIS database consists of a set of text records for each resource. These text records consists of various items of information about the resource itself, and any associated information of assignees, registrants, administrative information, such as creation and expiration dates.

Two data models exist for storing resource information in a WHOIS database, the thick and the thin model.

Thin and thick lookups

WHOIS information can be stored and looked up according to either a thick or a thin data model:

Thick: A Thick WHOIS server stores the complete WHOIS information from all the registrars for the particular set of data (so that one WHOIS server can respond with WHOIS information on all .org domains, for example).
  • Thin: A Thin WHOIS server stores only the name of the WHOIS server of the registrar of a domain, which in turn has the full details on the data being looked up (such as the .com WHOIS servers, which refer the WHOIS query to the registrar where the domain was registered).
  • The thick model usually ensures consistent data and slightly faster queries, since only one WHOIS server needs to be contacted. If a registrar goes out of business, a thick registry contains all important information (if the registrant entered correct data, and privacy features were not used to obscure the data) and registration information can be retained. But with a thin registry, the contact information might not be available, and it could be difficult for the rightful registrant to retain control of the domain.[15]

    If a WHOIS client did not understand how to deal with this situation, it would display the full information from the registrar. The WHOIS protocol has no standard for determining how to distinguish the thin model from the thick model.

    Specific details of which records are stored vary among domain name registries. Some top-level domains, including and, operate a thin WHOIS, requiring domain registrars to maintain their own customers' data. The other global top-level registries, including, operate a thick model.[16] Each country-code top-level registry has its own national rules.

    Software

    whois
    Developer:RIPE NCC (original BSD client), Marco d'Itri (modern Linux client)
    Latest Release Version:5.5.19
    Latest Release Date:2023-10-08
    Operating System:Unix, Unix-like, ReactOS[17]
    Platform:Cross-platform
    Genre:Command
    License:BSD License (BSD and ReactOS), GPL (Linux)

    The first applications written for the WHOIS information system were command-line interface tools for Unix and Unix-like operating systems (i.e. Solaris, Linux etc.). WHOIS client and server software is distributed as free open-source software and binary distributions are included with all Unix-like systems. Various commercial Unix implementations may use a proprietary implementation (for example, Solaris 7).

    A WHOIS command line client passes a phrase given as an argument directly to the WHOIS server. Various free open source examples can still be found on sites such as sourceforge.net. However, most modern WHOIS tools implement command line flags or options, such as the -h option to access a specific server host, but default servers are preconfigured. Additional options may allow control of the port number to connect on, displaying additional debugging data, or changing recursion/referral behavior.

    Like most TCP/IP client–server applications, a WHOIS client takes the user input and then opens an Internet socket to its destination server. The WHOIS protocol manages the transmission of the query and reception of results.

    Web

    With the advent of the World Wide Web and especially the loosening up of the Network Solutions monopoly, looking up WHOIS information via the web has become quite common. At present, popular web-based WHOIS-queries may be conducted from ARIN,[18] RIPE[19] and APNIC.[20] Most early web-based WHOIS clients were merely front-ends to a command-line client, where the resulting output just gets displayed on a web page with little, if any, clean-up or formatting.

    Currently, web based WHOIS clients usually perform the WHOIS queries directly and then format the results for display. Many such clients are proprietary, authored by domain name registrars.

    The need for web-based clients came from the fact that command-line WHOIS clients largely existed only in the Unix and large computing worlds. Microsoft Windows and Macintosh computers had no WHOIS clients installed by default, so registrars had to find a way to provide access to WHOIS data for potential customers. Many end-users still rely on such clients, even though command line and graphical clients exist now for most home PC platforms. Microsoft provides the Sysinternals Suite that includes a whois client at no cost.

    CPAN has several Perl modules available that work with WHOIS servers. Many of them are not current and do not fully function with the current (2005) WHOIS server infrastructure. However, there is still much useful functionality to derive including looking up AS numbers and registrant contacts.

    Servers

    WHOIS services are mainly run by registrars and registries; for example the Public Interest Registry (PIR) maintains the .ORG registry and associated WHOIS service.[21]

    Regional Internet registries

    WHOIS servers operated by regional Internet registries (RIR) can be queried directly to determine the Internet service provider responsible for a particular resource.

    The records of each of these registries are cross-referenced, so that a query to ARIN for a record which belongs to RIPE will return a placeholder pointing to the RIPE WHOIS server. This lets the WHOIS user making the query know that the detailed information resides on the RIPE server. In addition to the RIRs servers, commercial services exist, such as the Routing Assets Database used by some large networks (e.g., large Internet providers that acquired other ISPs in several RIR areas).

    Server discovery

    There is currently no widely extended way for determining the responsible WHOIS server for a DNS domain, though a number of methods are in common use for top-level domains (TLDs). Some registries use DNS SRV records (defined in RFC 2782[22]) to allow clients to discover the address of the WHOIS server.[23] Some WHOIS lookups require searching the procuring domain registrar to display domain owner details.

    Query example

    Normally the contact information of the resources assignee is returned. However, some registrars offer private registration, in which case the contact information of the registrar is shown instead.

    Some registry operators are wholesalers, meaning that they typically provide domain name services to a large number of retail registrars, who in turn offer them to consumers. For private registration, only the identity of the wholesale registrar may be returned. In this case, the identity of the individual as well as the retail registrar may be hidden.

    Below is an example of WHOIS data returned for an individual resource holder. This is the result of a WHOIS query of example.com:> whois example.com[Querying whois.verisign-grs.com][Redirected to whois.iana.org][Querying whois.iana.org][whois.iana.org]% IANA WHOIS server% for more information on IANA, visit http://www.iana.org% This query returned 1 objectdomain: EXAMPLE.COMorganisation: Internet Assigned Numbers Authoritycreated: 1992-01-01source: IANA

    Referral Whois

    Referral Whois (RWhois) is an extension of the original WHOIS protocol and service. RWhois extends the concepts of WHOIS in a scalable, hierarchical fashion, potentially creating a system with a tree-like architecture. Queries are deterministically routed to servers based on hierarchical labels, reducing a query to the primary repository of information.[24]

    Lookups of IP address allocations are often limited to the larger Classless Inter-Domain Routing (CIDR) blocks (e.g., /24, /22, /16), because usually only the regional Internet registries (RIRs) and domain registrars run RWhois or WHOIS servers, although RWhois is intended to be run by even smaller local Internet registries, to provide more granular information about IP address assignment.

    RWhois is intended to replace WHOIS, providing an organized hierarchy of referral services where one could connect to any RWhois server, request a look-up and be automatically re-directed to the correct server(s). However, while the technical functionality is in place, adoption of the RWhois standard has been weak.

    RWhois services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 4321.

    Rwhois was first specified in in 1994 by Network Solutions,[24] but the specification was superseded in 1997 by .[25]

    The referral features of RWhois are different than the feature of a WHOIS server to refer responses to another server, which RWhois also implements.

    Criticism

    One criticism of WHOIS is the lack of full access to the data.[26] [27] Few parties have realtime access to the complete databases.

    Others cite the competing goal of domain privacy as a criticism, although this problem is strongly mitigated by domain privacy services. Currently, the Internet Corporation for Assigned Names and Numbers (ICANN) broadly requires that the mailing address, phone number and e-mail address of those owning or administering a domain name to be made publicly available through the "WHOIS" directories. The registrant's (domain owner's) contact details, such as address and telephone number, are easily accessible to anyone who queries a WHOIS server. However, that policy enables spammers, direct marketers, identity thieves or other attackers to loot the directory for personal information about these people. Although ICANN has been exploring changing WHOIS to enable greater privacy, there is a lack of consensus among major stakeholders as to what type of change should be made.[28] Some domain registrars offer private registrations (also known as domain privacy), by which the contact information of the registrar is shown instead of the customer's. With the offer of private registration from many registrars, some of the risk has been mitigated.

    Studies have shown that spammers can and do harvest plain-text email addresses from WHOIS servers.[29] For this reason, some WHOIS servers and websites offering WHOIS queries have implemented rate-limiting systems, such as web-based CAPTCHA and limited amounts of search queries per user IP address.

    The WHOIS requirements conflict with the General Data Protection Regulation (GDPR), effective in the European Union 25 May 2018, which places strict regulations on the processing and publication of personally identifiable information. ICANN stated in November 2017 that it would not reprimand "noncompliance with contractual obligations related to the handling of registration data" if registrars provide alternative solutions for compliance with its rules, until the WHOIS requirements are updated to take GDPR into account.[30] [31]

    The WHOIS protocol was not written with an international audience in mind. A WHOIS server and/or client cannot determine the text encoding in effect for the query or the database content. Many servers were originally using US-ASCII and Internationalization concerns were not taken into consideration until much later.[32] This might impact the usability or usefulness of the WHOIS protocol in countries outside the USA.[1] In the case of internationalized domain names it is the responsibility of the client application to perform the translation of the domain name between its native language script and the DNS name in punycode.

    Accuracy of information

    In cases where the registrant's (Domain Owner) identity is public, anyone can easily confirm the status of a domain via WHOIS.

    In the case of private registrations, ascertaining registration information may be more difficult. If a registrant, who acquired a domain name, wants to verify the registrar has completed the registration process, three steps may be required:

    1. Perform a WHOIS and confirm that the resource is at least registered with ICANN,
    2. Determine the name of the wholesale registrar, and
    3. Contact the wholesaler and obtain the name of the retail registrar.

    This provides some confidence that the retailer actually registered the name. But if the registrar goes out of business, as with the failure of RegisterFly in 2007, the rightful domain holder with privacy-protected registrations may have difficulty regaining the administration of their domain name.[15] Registrants using "private registration" can attempt to protect themselves by using a registrar that places customer data in escrow with a third party.

    ICANN requires that every registrant of a domain name be given the opportunity to correct any inaccurate contact data associated with their domain. For this reason, registrars are required to periodically send the holder the contact information on record for verification, but they do not provide any guarantee about the accuracy of information if the registrant provided inaccurate information.

    Law and policy

    WHOIS has generated policy issues in the United States federal government. As noted above, WHOIS creates a privacy issue which is also tied to free speech and anonymity. However, WHOIS is an important tool for law enforcement officers investigating violations like spam and phishing to track down the holders of domain names. As a result, law enforcement agencies have sought to make WHOIS records both open and verified:[33]

    ICANN proposal to abolish WHOIS

    The Expert Working Group (EWG) of the Internet Corporation for Assigned Names and Numbers (ICANN) recommended on 24 June 2013 that WHOIS should be scrapped. It recommends that WHOIS be replaced with a system that keeps information secret from most Internet users, and only discloses information for "permissible purposes".[38] ICANN's list of permissible purposes includes domain-name research, domain-name sale and purchase, regulatory enforcement, personal data protection, legal actions, and abuse mitigation.[39] Although WHOIS has been a key tool of journalists in determining who was disseminating certain information on the Internet,[40] the use of WHOIS by the free press is not included in ICANN's proposed list of permissible purposes.

    The EWG collected public input on the initial report until 13 September 2013. Its final report was issued on 6 June 2014, without meaningful changes to the recommendations.[41], ICANN is in the "process of re-inventing WHOIS," working on "ICANN WHOIS Beta."[42] [43]

    On January 19, 2023, ICANN opened voting on a global amendment to all its registry and registrar agreements. In it they defined an RDAP Ramp-Up Period of 180 days starting with the effectiveness of this amendment. 360 days after this period is defined as the WHOIS Services Sunset Date, after which it is not a requirement for registries and registrars to offer a WHOIS service and instead only an RDAP service is required. All voting thresholds were met within the 60 day voting period and the amendment was approved by the ICANN Board. The date for WHOIS Sunset for gTLDs was set as 28 January 2025.[44]

    Standards documents

    See also

    References

    Sources

    External links

    Notes and References

    1. RFC 3912, WHOIS Protocol Specification, L. Daigle (September 2004)
    2. Web site: Whois(1) — whois — Debian stretch — Debian Manpages. 2020-12-27. 2021-04-01. https://web.archive.org/web/20210401154648/https://manpages.debian.org/stretch/whois/whois.1.en.html. live.
    3. Innovation at DARPA . July 2016 . DARPA. August 7, 2021.
    4. Web site: Whois Domain Lookup UK » Check detailed info for free IONOS . 2022-07-27 . ionos.co.uk . en-GB . 2022-07-26 . https://web.archive.org/web/20220726225959/https://www.ionos.co.uk/tools/whois-domain-lookup . live .
    5. Web site: Murphy. Cathy. CRISP (Cross-Registry Information Service Protocol) Working Group Meeting Minutes. Internet Engineering Task Force. IETF. 1 June 2015. https://web.archive.org/web/20150601224705/https://www.ietf.org/proceedings/58/104.htm. 1 June 2015. Minneapolis, Minnesota USA. 2 October 2003. The CRISP (Cross-Registry Information Service Protocol) WG will define a standard mechanism that can be used for finding authoritative information associated with a label, a protocol to transport queries and responses for accessing that information, and a first profile (schema & queries) to support commonly-required queries for domain registration information. .
    6. Newton. Andrew. Replacing the Whois Protocol: IRIS and the IETF's CRISP Working Group. IEEE Internet Computing. July 2006. 10. 4. 79–84. 10.1109/MIC.2006.86. 8514005. 1 June 2015. The Nicname/Whois protocol has served well, but it remains unchanged since it was first published in the early 1980s, despite great change in the infrastructure and administration of the Internet. There is now more diversity with domain names and IP networks and associated contacts, as well as among the users submitting queries via Whois. The protocol is now so fragmented in terms of information flow and output that queries yield inconsistent results under current conditions. To address the needs of today's Internet, the IETF Cross Registry Internet Service Protocol (CRISP) working group is developing a new protocol, the Internet Registry Information Service (IRIS), to replace Whois.. 2 June 2015. https://web.archive.org/web/20150602094505/http://www.computer.org/csdl/mags/ic/2006/04/w4079-abs.html. live.
    7. Web site: Sanz. Marcos. Newton. Andrew. Daigle. Leslie. The Internet Registry Information Service (IRIS) Protocol. gnso.icann.org. Internet Corporation for Assigned Names and Numbers (ICANN). 1 June 2015. https://web.archive.org/web/20150601232742/https://gnso.icann.org/en/issues/whois-privacy/sanz-whois-12jan05.pdf. 1 June 2015. 12 January 2005. CRISP – Cross-Registry Internet Service Protocol: The CRISP Working Group was tasked with finding a solution to the problems that currently infest the Nicname/Whois protocol. The CRISP Working Group created a list of functional requirements. Proposals meeting these requirements were evaluated. IRIS was selected as the protocol to publish as a standard. Now an IETF Proposed Standard: RFCs: 3981, 3982, 3983.
    8. Web site: Crisp Status Pages. IETF Tools: CRISP WG Status Pages. IETF. 2 June 2015. https://web.archive.org/web/20150601092747/http://tools.ietf.org/wg/crisp/. 1 June 2015.
    9. Web site: IESG Secretary. WG Action: Conclusion of Cross Registry Information Service Protocol (crisp). IETF CRISP WG: Mail Archive. 2 June 2015. https://web.archive.org/web/20150602000549/http://www.ietf.org/mail-archive/web/crisp/current/msg00513.html. 2 June 2015. 26 March 2009. The Cross Registry Information Service Protocol (crisp) working group in the Applications Area has concluded..
    10. Web site: Mevzek. Patrick. [CRISP] RFC 5144 up and running]. IETF CRISP WG: Mail Archive. 2 June 2015. https://web.archive.org/web/20150602002135/http://www.ietf.org/mail-archive/web/crisp/current/msg00509.html. 2 June 2015. 21 January 2009.
    11. Web site: Consolidated RIR IANA Stewardship Proposal Team (CRISP Team). Number Resource Organization (NRO). 4 August 2022. 4 August 2022. https://web.archive.org/web/20220804214738/https://www.nro.net/internet-governance/iana/iana-stewardship-transition/stewardship-transition-archive/crisp-team/. live.
    12. Web site: Web Extensible Internet Registration Data Service (weirds) Working Group. IETF-88 Proceedings. IETF. 8 July 2015. 9 July 2015. https://web.archive.org/web/20150709223314/http://www.ietf.org/proceedings/88/weirds.html. live.
    13. 812. NICNAME/WHOIS. K.. Harrenstien. V.. White. 1 March 1982.
    14. Web site: EPP Status Codes - What Do They Mean, and Why Should I Know? - ICANN. www.icann.org. 14 March 2018. 2018-03-13. https://web.archive.org/web/20180313233037/https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. live.
    15. Web site: .COM and .NET: Thick Or Thin?. 2008-01-17. 2008-01-16. https://web.archive.org/web/20080116231713/http://www.circleid.com/posts/com_net_thick_or_thin/. live.
    16. Web site: Thick vs. Thin Whois for New gTLDs . Sarah Stoll . 30 May 2009 . 17 September 2011 . memorandum . . Current gTLD registry agreements vary between thin and thick Whois outputs: com, net and jobs are thin; all other gTLD agreements – aero, asia, biz, cat, coop, info, mobi, museum, name, org, pro, tel, travel – are thick. . 18 December 2010 . https://web.archive.org/web/20101218152047/http://icann.org/en/topics/new-gtlds/thick-thin-whois-30may09-en.pdf . live .
    17. Web site: reactos/whois.c at master · reactos/reactos · GitHub . . 2019-07-29 . 2022-02-01 . https://web.archive.org/web/20220201084129/https://github.com/reactos/reactos/blob/master/base/applications/network/whois/whois.c . live .
    18. Web site: Whois-RWS. whois.arin.net. 2012-09-10. 2012-09-10. https://web.archive.org/web/20120910002442/http://whois.arin.net/ui. live.
    19. Web site: Webupdates. RIPE Network Coordination Centre.
    20. Web site: APNIC Whois search. wq.apnic.net. 2022-08-04. 2017-10-20. https://web.archive.org/web/20171020074603/http://wq.apnic.net/whois-search/static/search.html. live.
    21. Web site: DNS and WHOIS - How it Works | ICANN WHOIS. 2020-12-27. 2021-01-26. https://web.archive.org/web/20210126190036/https://whois.icann.org/en/dns-and-whois-how-it-works. live.
    22. Web site: A DNS RR for specifying the location of services (DNS SRV). February 2000. Gulbrandsen. Arnt. Esibov. Levon. 2021-07-26. 2021-07-23. https://web.archive.org/web/20210723195823/https://datatracker.ietf.org/doc/html/rfc2782. live.
    23. Web site: Getting WHOIS Server Address Directly from Registry. 2021-07-26. 2021-07-26. https://web.archive.org/web/20210726213709/http://circleid.com/posts/whois_server_address_registry. live.
    24. 1714. Referral Whois Protocol (RWhois). S.. Williamson. M.. Kosters. November 1994.
    25. 2167. Referral Whois (RWhois) V1.5. S.. Williamson. M.. Kosters. D.. Blacka. J.. Singh. K.. Zeilstra. June 1997.
    26. Web site: Battle Begins Over IP Address Whois Data. 12 February 2011. Internet Governance Project. 4 April 2015. 9 April 2015. https://web.archive.org/web/20150409091837/http://www.internetgovernance.org/2011/02/12/battle-begins-over-ip-address-whois-data/. live.
    27. Web site: WHOIS Privacy Plan Draws Fire. 16 September 2013 . KerbsonSecurity. 4 April 2015. 16 March 2015. https://web.archive.org/web/20150316081755/http://krebsonsecurity.com/2013/09/whois-privacy-plan-draws-fire/. live.
    28. Web site: The Privacy Conundrum in Domain Registration. Act Now Domains. 26 March 2013. 7 March 2023. https://web.archive.org/web/20230307052709/http://www.actnowdomains.com/the-privacy-conundrum-in-domain-registration.htm. live.
    29. http://www.icann.org/en/committees/security/sac023.pdf "SAC 023: Is the WHOIS Service a Source for email Addresses for Spammers?"
    30. News: WHATIS Going to Happen With WHOIS?. 2018-02-02. Motherboard. 2018-04-28. 2018-04-29. https://web.archive.org/web/20180429025354/https://motherboard.vice.com/en_us/article/vbpgga/whois-gdpr-europe-icann-registrar. live.
    31. News: ICANN makes last minute WHOIS changes to address GDPR requirements. Vaughan-Nichols. Steven J.. ZDNet. 2018-05-29. 2018-05-24. https://web.archive.org/web/20180524125208/https://www.zdnet.com/article/icann-makes-last-minute-whois-changes-to-address-gdpr-requirements/. live.
    32. http://www.icann.org/en/news/presentations/klensin-whois-carthage-29oct03-en.pdf "WHOIS Internalization Issues"
    33. Web site: FTC Calls for Openness, Accessibility in Whois Database System - Federal Trade Commission. www.ftc.gov. 18 July 2006. 11 November 2006. 27 September 2006. https://web.archive.org/web/20060927191843/http://www.ftc.gov/opa/2006/07/whoisdb.htm. live.
    34. Web site: Accuracy of "WHOIS" Internet Database Essential to Law Enforcement, FTC Tells Congress - Federal Trade Commission. www.ftc.gov. 2 May 2002. 11 November 2006. 16 October 2006. https://web.archive.org/web/20061016072251/http://www.ftc.gov/opa/2002/05/whois.htm. live.
    35. Web site: Whois at heart of congressional hearings. https://web.archive.org/web/20050827160954/http://news.com.com/2100-1023-269829.html. CNET. Lisa. Bowman. 11 July 2001. 27 August 2005.
    36. Web site: THOMAS. https://archive.today/20120717094741/http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.03754:. dead. July 17, 2012.
    37. Web site: Fraudulent Online Identity Sanctions Act. https://archive.today/20120717094741/http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.03754:. dead. July 17, 2012.
    38. Web site: Initial Report from the Expert Working Group on gTLD Directory Services: A Next Generation Registration Directory Service. whois.icann.org. ICANN. 24 June 2013. 24 March 2015. 3 July 2015. https://web.archive.org/web/20150703071842/https://www.icann.org/en/system/files/files/initial-report-24jun13-en.pdf. live.
    39. Web site: ICANN earmarks domains record WhoIs for the scrapheap - New Legal Review . 2014-01-13 . https://web.archive.org/web/20140114022102/http://newlegalreview.cpaglobal.com/icann-earmarks-domains-record-whois-scrapheap/ . 2014-01-14 . dead .
    40. Web site: SJMC: COMMON SENSE JOURNALISM. https://web.archive.org/web/20050112235552/http://www.jour.sc.edu/news/CSJ/CSJNov04.html. dead. 2005-01-12. jour.sc.edu.
    41. Web site: Final Report from the Expert Working Group on gTLD Directory Services: A Next-Generation Registration Directory Service (RDS). whois.icann.org. ICANN. 6 June 2014. 24 March 2015. WHOISFinal. 24 February 2015. https://web.archive.org/web/20150224174321/https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf. live.
    42. Web site: About WHOIS. whois.icann.org/. ICANN. 24 March 2015. AboutWHOIS. 19 April 2020. https://web.archive.org/web/20200419031053/https://whois.icann.org/en/about-whois. live.
    43. Web site: What's on the Horizon?. whois.icann.org. ICANN. 24 March 2015. 21 May 2020. https://web.archive.org/web/20200521192932/https://whois.icann.org/en/whats-horizon. live.
    44. Web site: 2023 Global Amendments to the Base gTLD Registry Agreement (RA), Specification 13, and 2013 Registrar Accreditation Agreement (RAA) - ICANN . 2023-04-07 . www.icann.org . 2023-04-07 . https://web.archive.org/web/20230407062429/https://www.icann.org/resources/pages/global-amendment-2023-en . live .