How to use command line whois for "spam infected" domains like apple.com?
Solution 1
The whois command looks for the string "Whois Server:" in the output and, if found, will issue the same query again to that server. This is what you want, except it only works for the first match. You can use a command like whois "domain apple.com"
to get just one match from the default server, but markmonitor (used by apple.com) does not accept that syntax. It would work if you could send "domain apple.com
" to the default server, and then apple.com
to the second server, like this:
function mywhois {
whois -h `whois "domain $@" | sed '/^.*Whois Server:/!d;s///'` "$@"
}
However this is specific to these whois servers so will not necessarily work for domains on other whois servers. A robust implementation would probably need to have knowledge of specific query and output formats used by a variety of whois server implementations.
Solution 2
It seems that (at least in September 2009) the following uses GeekTools Whois Proxy, which is quite smart in figuring out which whois-server to use. This also works for other TLDs than com
, net
and org
:
whois -h whois-servers.net apple.com
Or, according to a very old hint at macosxhints.com:
whois -h geektools.com apple.com
I found this by accident: wondering how @mark4o knew about the domain
command for the answer above, I eventually found that running whois help
gives me the output of some whois-server. As I did not specify any TLD, I then wondered which one replied. I tried telnet whois-servers.net 43
, so basically using the bare domain as mentioned in the manual pages:
-h host Use the specified host instead of the default variant. Either a host name or an IP address may be specified. By default whois constructs the name of a whois server to use from the top-level domain (TLD) of the supplied (single) argument, and appending ".whois-servers.net". This effectively allows a suitable whois server to be selected automatically for a large number of TLDs.
And here GeekTools Whois Proxy announced itself:
$ telnet whois-servers.net 43 Trying 206.117.161.86... Connected to whois-servers.net. Escape character is '^]'. GeekTools Whois Proxy v5.0.4 Ready. Checking access for 82.95.xx.xx... ok. apple.com Checking server [whois.crsnic.net] Checking server [whois.markmonitor.com] Results: [..]
(In fact, geektools.com
is currently 206.117.161.84, so is a different IP than whois-servers.net
.)
Related videos on Youtube
![Arjan](https://i.stack.imgur.com/f4Ipf.png?s=256&g=1)
Arjan
Updated on September 17, 2022Comments
-
Arjan almost 2 years
In short: is there any way to get the full
whois
-details for domains likeapple.com
, using the command line on Max OS X?Running
whois
on the command line for, for example,apple.com
is like searching for all domains that include that phrase. So, thanks to whois-spam, this gets one the following on a Mac or on FreeBSD:$ whois apple.com Whois Server Version 2.0 [..] APPLE.COM.WWW.BEYONDWHOIS.COM APPLE.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM APPLE.COM.IS.OWN3D.BY.NAKEDJER.COM APPLE.COM.IS.0WN3D.BY.GULLI.COM APPLE.COM.BEYONDWHOIS.COM APPLE.COM.AT.WWW.BEYONDWHOIS.COM APPLE.COM To single out one record, look it up with "xxx", where xxx is one of the of the records displayed above. If the records are the same, look them up with "=xxx" to receive a full display for each record.
To get some extra info for all these domains, I can run the command for
=apple.com
, like:$ whois =apple.com Whois Server Version 2.0 [..] Server Name: APPLE.COM.WWW.BEYONDWHOIS.COM IP Address: 203.36.226.2 Registrar: TUCOWS INC. Whois Server: whois.tucows.com Referral URL: http://domainhelp.opensrs.net [..] Domain Name: APPLE.COM Registrar: MARKMONITOR INC. Whois Server: whois.markmonitor.com Referral URL: http://www.markmonitor.com Name Server: NSERVER.APPLE.COM Name Server: NSERVER.ASIA.APPLE.COM [..] Updated Date: 21-jan-2009 Creation Date: 19-feb-1987 Expiration Date: 20-feb-2011
Still, this does not give me the full record, like the one including the contact information:
$ whois -h whois.markmonitor.com apple.com [..] Administrative Contact: Apple Inc. Apple Inc. 1 Infinite Loop Cupertino CA 95014 US [..]
(On Redhat Linux,
jwhois
shows onlyapple.com
but without the contact information; on Debianwhois
version 4.7.20 yields summaries of all domains like above, and additional detailed info for the exact matched domain, apparently by doing an additional query atwhois.markmonitor.com
for that exact match.)I even tried to telnet directly, but cannot come up with anything I cannot do using the
whois
-command, so I guess that is useless:$ telnet com.whois-servers.net 43 Trying 199.7.55.74... Connected to whois.verisign-grs.com. Escape character is '^]'. apple.com [..]
So: is there any easier way to get the full details for such domain (for only the exact matched domain), using the command line?
(Thinking that command line
whois
would soon be banned in favour of captcha-enabled web interfaces, this never bothered me a lot. But still, I'm curious...)-
Admin almost 15 yearsWhen I use my own, Godaddy.com-registered domain, e.g., 'whois mydomain.com', it returns what looks like a complete set of registration details. This got me thinking, "Interesting; what's so special about apple.com?"
-
Admin almost 15 yearsThe query string "apple.com" also matches all the domains that have been registered for spam (just to show up when people run
whois
), and as there are multiple matches one won't get all details. (A command linewhois microsoft.com
will also show you how some feel about that company...)
-
-
Arjan almost 15 yearsAha, "domain"! Why didn't I think of getting the syntax for whois server queries, by querying the server for the syntax? Running
whois ?
shows some help, and runningwhois help
even some more. (This help is from the defaultcom.whois-servers.net
, and is very different fromman whois
. Other whois servers indeed may use a different syntax.) It seems thatwhois -h whois-servers.net apple.com
invokes "GeekTools Whois Proxy", which gives full details for all TLDs...? -
Hay almost 9 years
whois-servers.net
doesn't seem to work anymore,geektools.com
however, does.