archie helps you locate important programs. The Web helps you retrieve important documents. whois helps you locate important people. One of the most important pieces of information in a network is who is in charge at the other end. In Chapter 11, Troubleshooting TCP/IP , we pointed out that it is important to know who is responsible for the other end of the link when troubleshooting a network problem. whois is a tool that helps you find this out.
whois obtains the requested information from the Internet white pages. The white pages is a database of information about responsible people that is maintained by the InterNIC. When you request an official network number or domain name, you are asked to provide your NIC handle , which is the index of your personal record in the white pages database. If you don't have a handle, the InterNIC assigns you one and automatically registers you in the white pages. Because of this, everyone who is responsible for an official network or domain has an entry in the white pages, and that entry can be retrieved by anyone who needs to contact them.
Many UNIX systems provide a whois command to query the InterNIC white pages. The general form of this command is:
%whois
[-h
server
]name
The name field is the information to be searched for in the white pages database. The server field is the name of a system containing the white pages. Use rs.internic.net to locate responsible people, which is the default on most systems.
In the following example, we search for an entry for Craig Hunt . An individual's name is entered in the white pages as: last-name, first-name initial . So we ask to search for Hunt, Craig . [5]
[5] whois hunt would return several matches. Be as specific as possible to reduce the number of matches.
%whois 'Hunt, Craig'
[rs.internic.net] Hunt, Craig (CH999) [email protected] +1 (123) 555 6789 Hunt, Craig W. (CWH3) [email protected] (301) 975-3827 To single out one record, look it up with "!xxx", where xxx is the handle, shown in parenthesis following the name, which comes first. The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information.
If multiple matches are returned, as in this case, follow with a query for the individual's NIC handle to get the full information display. To query for the NIC handle, which is the field enclosed in parentheses directly following the username, simply enter the handle on the whois command line. The message at the end of the sample output implies that handles are entered as !xxx. This is not true. The UNIX whois command does not require the ! syntax. For example, to get more details about CWH3, enter:
%whois cwh3
[rs.internic.net] Hunt, Craig W. (CWH3) [email protected] National Institute of Standards and Technology Computer Systems and Communications Division Technology Building, Room A151 Gaithersburg, MD 20899 (301) 975-3827 (FTS) 879-3827 Record last updated on 03-Dec-90. Database last updated on 15-Jul-97 04:35:06.
User information is generally only useful if you know exactly who you want to send email to and you don't know his or her address. The white pages database contains several other kinds of records, a few of which are very helpful for locating the people responsible for networks, domains, and hosts throughout the Internet. These record types are:
Provides detailed contact information for the people responsible for the specified domain.
Provides detailed information for the contacts for the specified network.
Provides general information about the specified host. This record type is not as useful as the others.
These record types can be used in the whois query to speed processing and limit the amount of output. All of the record types shown above can be abbreviated to their first two letters.
A sample query for the domain ora.com produces the following results:
%whois 'do ora.com'
O'Reilly & Associates (ORA-DOM1) 101 Morris Street Sebastopol, CA 95472 Domain Name: ORA.COM Administrative Contact, Technical Contact, Zone Contact: Pearce, Eric (EP86) [email protected] 707-829-0515 x221 Billing Contact: Johnston, Rick (RJ724) [email protected] 707-829-0515 x331 Record last updated on 28-Jan-97. Record created on 14-Jun-89. Database last updated on 15-Jul-97 04:35:06 EDT. Domain servers in listed order: NS.ORA.COM 207.25.97.8 NS.SONGLINE.COM 204.148.41.1
The query displays the name, address, and telephone number of the contacts for the domain, as well as a list of hosts providing authoritative name service for the domain.
To query the host record for a specific host, in this case one of the name servers listed above, simply query the desired hostname. For example, to find out more about ns.songline.com , enter:
%whois 'host ns.songline.com'
[No name] (NS2441-HST) Hostname: NS.SONGLINE.COM Address: 204.148.41.1 System: Sun Sparc20 running Solaris 2.4 Record last updated on 21-Aug-95. Database last updated on 15-Jul-97 04:35:06 EDT.
This query displays the hostname, IP address, and the system type: essentially the same information we could get from DNS.
A much more interesting query is for the point of contact for a specific network. To find out, enter a whois query with the network number. In our example, the IP address of one of the servers is 207.25.97.8. This is a class C address, so the network number is 207.25.97.0. The query is constructed as shown in the example below:
%whois 'net 207.25.97.0'
ANS CO+RE Systems, Inc. (NETBLK-ANS-C-BLOCK4) 100 Clearbrook Rd Elmsford, NY 10523 Netname: ANS-C-BLOCK4 Netblock: 207.24.0.0 - 207.27.255.255 Maintainer: ANS Coordinator: Vaidya, Vijay (VV38) [email protected] 914-789-5360 Alternate Contact: ANS Hostmaster (AH-ORG) [email protected] (800)456-6300 fax: (914)789-5310 Domain System inverse mapping provided by: NS.ANS.NET 192.103.63.100 NIS.ANS.NET 147.225.1.2 Record last updated on 02-Sep-96. Database last updated on 15-Jul-97 04:35:06 EDT.
This query could also be done by network name, ANS-C-BLOCK4 in our example, but frequently you won't know the network name until you get the response from your query. In addition to the network name and number, this query tells you who is responsible for this network, and what name servers provide in-addr.arpa domain service for this network.
With the information from these queries, we could contact the domain administrator and the network administrator. From these key contacts, we could learn about the administrators of individual systems in their domain or on their network. This information could put us directly in touch with the other system administrator we need to talk to when debugging a network problem.
Not all systems have a local whois command. If your system doesn't, telnet to rs.internic.net and enter whois at the command-line prompt. You'll then be prompted with Whois: . At this prompt enter any name you wish to search for, or enter help for more information.