One of APNIC’s core functions as a registry is keeping track of IP addresses. The APNIC Whois Database is a publicly searchable database that provides information about the Internet number resources distributed within the Asia Pacific region. You can check it out yourself.
For many people, the entry point to whois data is via a web browser; for example, APNIC’s and ICANN’s. There’s nothing wrong with using the web for whois tasks, and it masks a lot of the differences and incompatibilities between the different whois platforms on the Internet.
But browser-based interfaces are not the only way you can access and use whois. There are a variety of clients out there if, for whatever reason, you want to interact with the whois directory differently. By using a client, you’re not using a whois service on the web, you’re using the whois protocol directly, with a whois client. A client just dresses the protocol up in a fancy form, but it could be as simple as using Telnet or NetCat on TCP port 43.
The question is — are these whois clients any good?
Whois itself has some issues, and I’ve previously written about whether or not whois should someday be replaced by Registration Data Access Protocol (RDAP). That said, whois remains a key part of APNIC’s service and, for the time being, it’s certainly not going anywhere.
Today, let’s go over what level of support for whois exists in the modern desktop environment. The answer is surprisingly mixed. First, the good news; if you live in BSD, Linux, or OSX, it’s ‘all good’.
BSD (which includes OSX) and Linux all have good whois clients
The default whois client built into FreeBSD and OSX is the same and it has great support for all five Regional Internet Registries (RIRs), and for domain name whois queries. It has command line flags to select which whois server you want to query. Five of these flags go directly into the RIR whois service entry points:
| Flag | Outcome |
| -f | AFRINIC (returns RPSL. includes IRR) |
| -A | APNIC (returns RPSL. includes IRR) |
| -a | ARIN |
| -l | LACNIC |
| -r | RIPE (returns RPSL. includes IRR) |
Table 1 — BSD and Linux RIR command line query flags.
These clients also have additional options for other uses of the whois data. After all, whois is not just about the Internet number management space:
| -i | InterNIC (this is a massively out-of-date reference) |
| -I | ICANN |
| -k | KRNIC |
| -c <TLD> | query <TLD> specific source (works for most ISO 3166 codes) |
| -g | query .GOV registry (US-only delegations) |
| -m | query RADB (IRR) |
| -p | query PeeringDB about an ASN |
Table 2 — Some of BSD and Linux’s additional command line query flags.
The list of options (flags) is bizarre in some ways. InterNIC hasn’t been a ‘thing’ for decades now. Maintaining InterNIC as a domain name and entry point is a little confusing. Likewise, why have an option for KRNIC but not JPNIC, CNNIC, TWNIC, or Registro-BR?
Having these seemingly unusual options is partly historical convention and partly coincidence. We won’t go into that in this post but for the basics of RIR whois and Internet Routing Registry (IRR) queries, this tool works well. It supports domain name whois queries, where the top level domain respects the well known ‘TLD.whois-servers.net’ naming convention. For those that don’t, the -I (ICANN) option probably gets you where you need to go.
Linux is simpler by design
The default client in Linux (Debian, as tested) does not have exactly the same client, but is capable of being used to query all the RIRs and does understand the RIPE NCC Routing Policy Specification Language (RPSL) options to do more-specific and less-specific searches in Internet number queries. Unfortunately, the way this works has changed for some frontends, and sometimes the client is not fully able to exploit this from built-in flags on all RPSL-enabled RIR services.
Linux’s whois client was written by Marco D’Itri and dates back to the 1990s. Marco was unhappy with the proliferation of option flags in mainline whois, and wrote a more reductionist, streamlined version.
There are other alternatives in BSD and Linux
The BSD ‘ports’ collection has a total of eight whois clients and associated coding libraries you can optionally install. These should also be available on Linux.
| package | description |
|---|---|
| net/gwhois | “generic whois client. It strives to know for all existing TLDs and all IP address ranges the appropriate whois server to ask.” |
| net/pwhois | “Prefix whois uses the Internet’s global routing table as gleaned from a number of routing peers around the world.” |
| net/py-whois | Python wrapper for Linux “whois” command |
| net/rubygem-whois | “an intelligent pure Ruby whois client and parser” |
| net/jwhois | “a whois client, with a feature of selecting servers to query based on a configuration file. Query results are cached to local databases.” |
| net/py-cymruwhois | A python library for interfacing with the whois.cymru.com service (only for Internet number resources) |
| net/ripe-whois | Version 3.2.2 of the RIPE NCC RPSL whois client |
| net/whois | Marco d’Itri‘s simplified whois client (default on debian) |
I don’t intend to discuss these in detail, beyond noting the ripe-whois client. This is version 3.2.2, which works well for Internet number resource IRR whois queries. This client has very few locally interpreted flags but does allow you to specify that you want to keep a TCP connection live to the whois server, and interpret all inputs as lookups. This means you can do a bulk connect-query cycle, reusing the open connection, which is useful for scripting (if you don’t want to code whois directly using something like the py-whois option in Python).
The other side of the connection, the RIPE RPSL whois server, supports query flags (distinct from command line option flags) and this client passes them through to the server, so you can do all the RPSL/RIPE more-specific, less-specific, inverse-index type queries you need.
Windows, by default, is stuck in the dark ages
The situation in Microsoft Windows isn’t quite so rosy. By default, no whois client ships with the consumer Windows 10 product. Instead, if you want Microsoft authored code, you can elect to install an aging standalone whois client, or a suite of network tools, which includes the same client.
Windows’ whois v1.21 is getting rather old. It still thinks we have an InterNIC but unlike the default client in BSD or Linux, it has no understanding of the Internet number systems, and it uses a completely incompatible model to specify the host serving the query. It doesn’t support any of the query options noted above on either the BSD or Linux platform, or the third-party whois command line clients. Microsoft does, however, offer some guidance on whois queries to research Internet domains with the tool.
Looking at third-party products, there are several clients designed around the Windows GUI model. Being a mixture of freeware, adware, and paid software, they are difficult to critique, especially when you’re not familiar with them all.
From their web pages, they also carry some unfortunate models when it comes to ‘what is a top level domain?’ and ‘what server do I query by default?’. In the case of clients that understand IP whois queries, they all seem to call ARIN by default, or have out-of-date maps of IP address distribution. The lesson with these? They might be fine, but users should be very careful to check the assumptions built into the client.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.
Actually I was not “unhappy with the proliferation of option flags”: at the time most (all?) whois clients were very basic and required specifying the hostname of the correct server for the queried domain or IP.
I wrote my whois client, which nowadays is the default for all Linux distributions, when the gTLDs were split in the registry/registrar model. I did it because I am lazy and I wanted my computer to automatically query the registrars’ server.
At the time this article was published, lookup.icann.org used WHOIS queries. But currently it uses RDAP queries.