Whois: Fragile, Unparseable, Obsolete

Once worked on a whois scraping project and ran into a bunch of issues.<p>One particularly fun story is how we might have broken a whois server. It was the country TLD server for some West African nation, I think Senegal but I&#x27;m not sure. We hit their server with like a hundred queries in rapid succession (to test what rate limiting approach they used) and requests started hanging. We switched IP addresses ... and still requests were hanging. We tried multiple IP addresses in totally different networks, all of them hung or timed out, even for a single request. A day later we retried and all of a sudden it started working again! From that point on we made sure to never do more than a couple requests a second to that particular domain.<p>Also, any queries to one cc TLD (either Egypt or Ukraine, can&#x27;t remember which) just returned &quot;we don&#x27;t provide information in whois requests&quot; or something to that effect.<p>GoDaddy didn&#x27;t do traditional rate limiting. If you exceeded whatever their limit was they didn&#x27;t just return an error message, they would blacklist your IP and for any query say &quot;visit our website for information&quot;, and their website gated things behind a captcha.

A lot of Linux based command line whois clients still use &quot;whois-servers.net&quot; to look up up the appropriate whois server for a TLD, which is long dead (it still responds but is no longer maintained).<p>Many years ago I built a replacement whoisservers.org, and tried contacting a few maintainers, but nobody seemed to really care.<p>If you want to make use of it, you can run &quot;whois -h com.whoisservers.org exmaple.com&quot; (or substitute -h with the appropriate flag for your client to specify a server)

I ran into the same issue but worked around it slightly differently: have my code use RDAP, and then have an RDAP-&gt;WHOIS proxy [1]. There are usually rate-limits on WHOIS, so public instances won&#x27;t survive long, but it works for me and you can run locally.<p>I also hunted (s&#x2F;whois&#x2F;rdap&#x2F;g) around for undocumented RDAP servers and found a few. There are still a lot of TLDs without RDAP though [2].<p>[1] <a href="https:&#x2F;&#x2F;rdap.redirect2.me&#x2F;" rel="nofollow">https:&#x2F;&#x2F;rdap.redirect2.me&#x2F;</a> (source at <a href="https:&#x2F;&#x2F;github.com&#x2F;redirect2me&#x2F;rdap-proxy" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;redirect2me&#x2F;rdap-proxy</a>)<p>[2] <a href="https:&#x2F;&#x2F;resolve.rs&#x2F;domains&#x2F;rdap-missing.html" rel="nofollow">https:&#x2F;&#x2F;resolve.rs&#x2F;domains&#x2F;rdap-missing.html</a>

Here’s a random thing I made for RDAP a long long time ago. It has lots of bugs but has come in handy from time to time: <a href="https:&#x2F;&#x2F;rdap-explorer.chris-wells.net&#x2F;" rel="nofollow">https:&#x2F;&#x2F;rdap-explorer.chris-wells.net&#x2F;</a>

Does anyone here run their own whois for their own domains using srv records? If so, how many hits per day do you get? I&#x27;m curious because I have never seen anyone request <i>srv _nicname_.tcp.</i> from my nameservers.

Why do domains have WHOIS records anyway? I get why IP blocks have it because machines actually <i>do</i> things from behind IP addresses, but the only thing I&#x27;m <i>doing</i> from a domain name is stopping other people from using it.<p>Someone is hosting copyrighted content? Look up that machine&#x27;s IP-WHOIS.<p>Someone is trying to DDOS me? Look up that machine&#x27;s IP-WHOIS.<p>Someone is holding a domain I want? If their answer is going to be anything other than a straight &quot;no&quot;, they&#x27;ll happily provide a way to be contacted.<p>Please tell me how I&#x27;m wrong.

I use to have a very reliable but simple python script that asks the whois server for the TLD then gets the whois server from it and asks that server the whois of the apex and if it gets another whois it asks that server and so on recursively. It was more reliable than any service I found because a lot of TLDs that aren&#x27;t mainstream or run by random countries have their own finnicy whois with some custom weird webui bur whois on port 43 is always there and contains a lot more info than RIR whois which is what most services tend to show.<p>Some parameters are reliably there and in a way it is very easy to parse since it is key value separated by a colon (cut -d &#x27;:&#x27; -f 1,2) but there is no &quot;schema&quot; you can follow and sometimes I saw unique and extra additions by some servers and missing critical fields by others. &quot;Your domain is compromised, bad guys are doing bad stuff with it&quot; how do I reliably find out the right contact for example? That last bit was always a manual excercise.

Yes, 100%. I’m trying to use registration information for cybersecurity stuff, and it’s a mess. Some TLDs just doesn’t provide that information or provide it only to registered accounts or only inside their country. Parsing is a mess. Many have rate limits, like .au has 20 requests&#x2F;day, .cz - 100 day, but with delay of 3 minutes between requests, …

Whois was killed off by the European Union passing the GDPR. It really changed how I use the internet for the worse. In the old days I could always at least send an email to a domain hosting a service. Now there&#x27;s no default contact information and everything is behind walled gardens.<p>Email was the great communicator. Removing it from WHOIS made the web more fragile and broken. But whois doesn&#x27;t have to be that way and the problems are not intrinsic to whois. They are stemming from political interference done with good intentions but bad outcomes.

In a similar way ftp clients are guessing what is filename when they parse the output of &quot;dir&quot; command.

I can&#x27;t get the page to load for some reason, but I don&#x27;t think whois is obsolete. I used it via command line to search for available domains when I was creating my blog. It was simple and effective for that purpose.

I&#x27;ve been using <a href="https:&#x2F;&#x2F;github.com&#x2F;likexian&#x2F;whois" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;likexian&#x2F;whois</a> This is a Go WHOIS client that is able to emit JSON.<p>I would like to use RDAP instead but RDAP coverage is even spottier than WHOIS.<p>BTW, if anyone knows of a WHOIS server able to handle the .de TLD, please let me know as all I get right now is &quot;The DENIC whois service on port 43 doesn&#x27;t disclose any information&quot;

It&#x27;s sad we can&#x27;t improve and build modern APIs that can support load and querying and exactly why companies exist whose main business function is scraping services like WhoIs, Social Media, or Sites behind cloudflare.

A few years back I tried building my own Whois parser and you’re right, it’s a mess. Before you even factor in all the fun rate limiting.

What&#x27;s needed is for Facebook and Google to gin up a replacement!

once upon a time i wrote a whois server

Speaking of fragile perhaps..