Linux whois command

Updated: 11/06/2021 by Computer Hope
whois command

On Unix-like operating systems, the whois command is a client for the WHOIS directory service.


whois searches for an object in a WHOIS database. WHOIS is a query and response protocol that is widely used for querying databases that store the registered users of an Internet resource, such as a domain name or an IP address block, but is also used for a wider range of other information.

Most modern versions of whois try to guess the right server to ask for the specified object. If no guess can be made, whois will connect to for NIC handles or for IPv4 addresses and network names.


whois [ -h HOST ] [ -p PORT ] [ -aCFHlLMmrRSVx ] [ -g SOURCE:FIRST-LAST ] 
      [ -i ATTR ] [ -S SOURCE ] [ -T TYPE ] object
whois -t TYPE

whois -v TYPE

whois -q keyword


-h HOST Connect to WHOIS database host HOST.
-H Suppress the display of legal disclaimers.
-p PORT When connecting, connect to network port PORT.
--verbose Operate verbosely.
--help Display a help message, and exit.


When the Internet was first emerging from the primordial ooze of the ARPANET, there was only one organization that handled all domain registrations: DARPA. WHOIS was developed (and standardized in the early '80s) to look up domains, people and other resources related to domain and number registrations. Because all registration was done by one organization at that time, there was one centralized server for all WHOIS queries. This made looking up WHOIS information very easy.

The first WHOIS servers were highly permissive and would allow wildcard searches. A WHOIS query of a person's last name would yield all individuals with that name; a query with given keyword returned all registered domains containing that keyword. A query for given administrative contact returned all domains associated with the administrator. Since the advent of the commercialized Internet, multiple registrars, and spammers, such permissive searching is no longer available.

Responsibility of domain registration remained with DARPA as the ARPANET became the Internet during the 1980s. Then the National Science Foundation directed that management of Internet domain registration would be handled by commercial, third-party entities. InterNIC was formed in 1993 under contract with the NSF, consisting of Network Solutions, Inc., General Atomics and AT&T. In 1999, management of the TLD .com, .net, and .org was assigned to ICANN.

By 2005, there were many more generic top-level domains than there had been in the early 1980s, and many more country-code top-level domains. This led to a complex network of domain name registrars and registrar associations, especially as the management of Internet infrastructure became more internationalized. As a result, performing a WHOIS query on a domain now requires knowing the correct, authoritative WHOIS server to use, and tools to do WHOIS proxy searches have become common.

In 2004, an IETF committee was formed to create a new standard for looking up information on domain names and network numbers. The current working name for this proposed new standard is Cross Registry Information Service Protocol, or CRISP. It is intended to someday replace WHOIS, but is currently still in development.

Technical notes

Please remember that by default only searches in the domains database. To search for NIC handles, you have to prepend a "!" character. When you do this, the default server becomes

When querying for IPv4 or IPv6 networks, the CIDR netmask length will be automatically removed from the query string.

When querying for AS numbers, the program automatically converts the request in the appropriate format, inserting a space after the string AS.

When querying for domain names and no other flags are specified, the program automatically adds the flag -T dn.

When querying for domain names and no other flags are specified, the program automatically adds the flag --show-handles.

If the /etc/whois.conf config file exists, it will be consulted to find a server before applying the normal rules. Each line of the file should contain a regular expression to be matched against the query text and the WHOIS server to use, separated by white space. IDN domains must use the ACE (ASCII Compatible Encoding) format.

The WHOIS protocol does not specify an encoding for characters which cannot be represented by ASCII and implementations vary wildly. If the program knows that a specific server uses a certain encoding, if needed it will transcode the server output to the encoding specified by the current system locale.

Command line arguments are always be interpreted accordingly to the current system locale and converted to the IDN ASCII Compatible Encoding.


The whois configuration file is located at /etc/whois.conf by default.


The following environment variables affect the operation of whois:

LANG When querying and, English text is requested unless the LANG or LC_MESSAGES environment variables specify a Japanese locale.
WHOIS_OPTIONS A list of options which will be evaluated before the ones specified on the command line.
WHOIS_SERVER This server will be queried if the program cannot guess where some kind of objects are located. If the variable does not exist then will be queried.



Performs a whois query for the domain name

who — Report which users are logged in to the system.