Whois: command line query for spam-infected domains

WhoisWhen run whois in command line, we sometimes cannot get the expected whois information, but something like below,

$ whois github.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

GITHUB.COM.KHALEDELANSARI.COM
GITHUB.COM
[..]

Is there any ways to get the right whois information in the command line query?

Running whois in the command line is like searching for all domains that include that phrase. The query string “github.com” also matches all the domains that have been registered for spam (just to show up when people run whois), and as there are multiple matches one won’t get all details.

To get some extra info for all these domains, we can run the command for google.com, like:

$ whois =google.com

Whois Server Version 2.0
[..]
   Domain Name: GOOGLE.COM
   Registrar: MARKMONITOR INC.
   Sponsoring Registrar IANA ID: 292
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
[..] 

On Redhat Linux, jwhois shows only google.com but without the contact information; on Debian whois yields summaries of all domains like above, and additional detailed info for the exact matched domain, apparently by doing an additional query at whois.markmonitor.com for that exact match.

The whois command looks for the string “Whois Server:” in the output and, if found, will issue the same query again to that server. This is what you want, except it only works for the first match. You can use a command like whois “domain google.com” to get just one match from the default server, but markmonitor (used by google.com) does not accept that syntax. It would work if you could send “domain google.com” to the default server, and then google.com to the second server, like this:

function mywhois {
  whois -h `whois "domain $@" | sed '/^.*Whois Server:/!d;s///'` "$@"
}

However this is specific to these whois servers so will not necessarily work for domains on other whois servers. A robust implementation would probably need to have knowledge of specific query and output formats used by a variety of whois server implementations.

One other way is to use the whois proxy which is created by GeekTools, just run the command as this,

whois -h geektools.com google.com

Finally don’t forget that we also have a web based whois service which have addressed this issue.

Share Button

One thought on “Whois: command line query for spam-infected domains

  1. If you are going for finest contents like I do, simply pay a quick visit this web site all the time
    for the reason that it presents quality contents, thanks

Leave a comment

Your email address will not be published. Required fields are marked *