debate Who is the best Whois?

[redemo]

What is the best whois service? I currently use WHO.IS because it's fast, reliable and the domain name itself is as slick a domain hack as they come. Before that I used NOMINET.UK/WHOIS for U.K. domains and WHOIS.DOMAINTOOLS.COM for U.S and A. domains.

 

[Samer]

Whois is often outdated

 

[redemo]

Do you mean WHO.IS or whois in general?

 

[AchillesX]

domainiq is technically the best.. i don't know how they do it, i have seen them pull names from people that are completely whois protected. i actually wonder if their service is illegal.

 

[Mr.Mashari]

I like gwhois.org

 

[AEProgram]

domainiq is technically the best.. i don't know how they do it, i have seen them pull names from people that are completely whois protected. i actually wonder if their service is illegal.

they probably monitor whois and record changes and when you do a whois they could show the version before the owner protected it?

They cannot show you data of a godaddy or other registrar account that is not in the central registry unless they hacked godaddy which obviously is not the case. There are others that monitor whois and keep a record like domaintools and whoisology etc.

 

[Future Sensors]

Some of the smarter whois intelligence solutions not only use whois data that's provided by thin and thick whois. These systems combine whois data with other data sources like e.g. DNS verification records (Sedo TXT/CNAME verification and DAN verification), the exact date & time of registration, registrant country, registrant state, pre-GDPR data, DNS zone files, new registration data directly from the registries (also used to combat cybercrime), and a hell lot more information.

There are lots of methods to do this, and when you find just one domain in a complete set that has more information than the other domains in your set, you can make an educated guess about the other data with the same characteristics.

Some "legitimate access seekers" may lawfully access information without restriction, but they may not publish it. Whois and privacy protection have a lot of details in its implementation, and several working groups exist on this topic.

Access to the more advanced systems often works on a subscription basis. Sometimes a special security clearance is needed.

 

[AchillesX]

they probably monitor whois and record changes and when you do a whois they could show the version before the owner protected it?

They cannot show you data of a godaddy or other registrar account that is not in the central registry unless they hacked godaddy which obviously is not the case. There are others that monitor whois and keep a record like domaintools and whoisology etc.

You are probably correct and it is probably not illegal, but I do believe it would be seen more as a "loophole" in Europe.

 

[Avijit Roy]

I only check whoxy.com, it also shows previous owner's details .

 

[redemo]

@Future Sensors How do you know all that about whois? https://www.namepros.com/threads/who-is-the-best-whois.1240106/#post-8284852. That's deep level knowledge.

 

[Samer]

Do you mean WHO.IS or whois in general?

I think ever since GDPR the Whois is even more outdated with contact info, pre-GDPR, even worse, now Godaddy Privacy only option.

This is anecdotal evidence,
i consider it a lazy way to find out owner info.

 

[Future Sensors]

@Future Sensors How do you know all that about whois? https://www.namepros.com/threads/who-is-the-best-whois.1240106/#post-8284852. That's deep level knowledge.

Thank you. These technical topics have always had my special interest, starting with things like anonymous remailers in the early days. Having privacy on the Internet always was and still is important for individuals, organizations, and companies. Strong crypto without backdoors as well. Most of the time individual consumers don't care much about their privacy and change society because these new gadgets are so convenient and cool in their homes, in the company boardroom, on your body. The gory legal and policy matters of whois, I find boring. But I won't deviate too much from this whois topic here.

A fine whois client on the command line would be this one, https://github.com/rfc1036/whois

 

[Debasis]

Who.is and whois.net

 

[redemo]

The whois protocol specification doesn't look like it's been updated for 17 years https://datatracker.ietf.org/doc/html/rfc3912 that link is from Wikipedia https://en.wikipedia.org/wiki/WHOIS

 

[branding]

The whois protocol specification doesn't look like it's been updated for 17 years https://datatracker.ietf.org/doc/html/rfc3912 that link is from Wikipedia https://en.wikipedia.org/wiki/WHOIS

They're working on replacing whois with RDAP. Good read: https://blog.apnic.net/2021/04/02/is-rdap-ready-to-replace-whois/

 

[The Durfer]

https://whois.domaintools.com/

@Silentptnr

 

[redemo]

@DirkS I enjoyed reading your APNIC article. "It is not easy to specify public or private access levels, or to set user limits on data" how about ICANN force logs to show dates and parties who accessed whois data, similar to banks and law enforcement. You shouldn't be able to access somebody's data without a specific reason. @Future Sensors can this be added to a central ICANN database so the reason for access is stored, along side the data and party who access the record?

 

[Future Sensors]

@DirkS I enjoyed reading your APNIC article. "It is not easy to specify public or private access levels, or to set user limits on data" how about ICANN force logs to show dates and parties who accessed whois data, similar to banks and law enforcement. You shouldn't be able to access somebody's data without a specific reason. @Future Sensors can this be added to a central ICANN database so the reason for access is stored, along side the data and party who access the record?

Technically this is possible. You will find interesting information specific to whois in the ICANN Registrar Accreditation Agreement, https://www.icann.org/resources/pages/registrars/registrars-en

@DirkS has a lot more practical experience with these procedures on the registrar level than I have, I think.

 

[Future Sensors]

https://main.whoisxmlapi.com/

https://www.farsightsecurity.com/about-farsight-security/

https://www.farsightsecurity.com/search/?q=whois

 

[lock]

I vote me
http://www.whoisdatatool.com
http://www.seotoolfree.com/whois-checker
http://www.webmaster.software/whois-lookup.html

 

[Charybdis]

I like WHOIS.DOMAINTOOLS.COM the best, they display so many pieces of unique information for free.

 

[Charley]

domaintools and domainiq are ideal.

 

[uswebdev]

I tend to like https://main.whoisxmlapi.com/ for the easy api integrations and accurate reg time checks on drops.
They've got other useful dn info readily available too

 

[Hypersot]

I like gwhois.org

This

The only problem that gwhois has is with .jp domains, apart from that -and for a free single domain lookup tool- there is nothing better imo

 

[branding]

@DirkS I enjoyed reading your APNIC article. "It is not easy to specify public or private access levels, or to set user limits on data" how about ICANN force logs to show dates and parties who accessed whois data, similar to banks and law enforcement. You shouldn't be able to access somebody's data without a specific reason. @Future Sensors can this be added to a central ICANN database so the reason for access is stored, along side the data and party who access the record?

Yes, very possible. From a technical POV, like @Future Sensors mentioned. Realistically not going to happen imo due to privacy concerns. Besides, I don't think ICANN would be the proper constitution to oversee data like this.

A lot of registrars are currently already logging all whois lookup data btw. Has been a thing for quite some time. Once you query a domain and it gets answered
by their servers at some link in the chain they'll know and use it to their advantage.

The concern you have regarding random people being able to look up registrant data without a specific reason is something RDAP will 'solve'. It would provide tiered access to registrant info, like only to governments, law enforcement etc. People are divided whether this is a good or a bad thing cos who's to decide who exactly gets what access on what grounds?

The future will tell... It gets political, will take time.

On subject btw, I prefer a short lookup on the CLI and run my own whoisserver for quick access when needed. You just never know what a registrar is logging. Some I trust, some I don't.