the case of the dns whois lookup

1. registrars VS hosts

  • DOMAIN REGISTRAR is the subject where domain names are finally purchased
  • DNS HOST is the service / server authoritative for hosting your DNS records
  • there are hosting providers that offer domain registration registrars that offer DNS hosting, but the two should not be confused
  • selecting a domain name is the first step you make when building a web site
  • this semantical layer of the internet, technically, computers are connected with ip addresses
  • registration means going through DNS REGISTRAR, which is a company that directly deals with the REGISTRY OPERATORS FOR THE TOP LEVEL DOMAIN
  • the global list of domain names is managed by IANA (International Assigned Numbers Authority)


  • IANA is a department of ICANN (Internet Corporation for Assigned Names and Numbers) a nonprofit running the root zone management in the DNS
  • whois command is querying the domain name registry
  • but the registrar is too up in the hierarchy to the common customers
  • usually, a domain name is purchased through a WEB HOSTING PROVIDER that does the work for them and register a domain through the registries on the customer’s behalf
  • DNS HOST are servers hosted by DNS HOSTING PROVIDERS and these servers authoritatively respond for your domain
  • Sometimes, registrars also offer DNS hosting, but it should not be confused
  • DNS Host is mentioned by names of nameservers in the NAMESERVERS part of the whois lookup

3. whois as a protocol

  • whois is a query and response protocol for querying DBs storing registered users/assignees of internet resources (domain names, IP address blocks)
  • whois is a standard drafted by the internet society
  • documented in RFC 3912 — WHOIS Protocol Specification

4. script

  • the following script is creating and parsing a whois request
  • note: it is relying on where you need to register to get your own $apiKey
[Parameter(Mandatory = $true)][string]$domainName,
[string]$apiKey = "JKS2XytCLNfkYg7i490AnSDo4QZ74lxn"
$domainIntro = @"
___|___| mrPaul's WHOIS in Terminal
"@$domainInfo = curl "$apiKey&domain=$domainName" | ConvertFrom-Json
Write-Host $domainIntro -ForegroundColor Cyan
Write-Host "1. THE BASICS" -ForegroundColor Cyan
$domainInfo.result | Select-Object name, created, changed, expires, dnssec, registered | Format-List
Write-Host "2. REGISTRAR" -ForegroundColor Cyan
$domainInfo.result.registrar | Format-List
Write-Host "3. NAMESERVERS`n" -ForegroundColor Cyan
$domainInfo.result.nameservers | Format-List | Write-Host "`n"

5. demo

whoiscmdlet whois.ps1 at command pipeline position 1
Supply values for the following parameters:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 850 100 850 0 0 850 0 0:00:01 --:--:-- 0:00:01 1158
___|___| mrPaul's WHOIS in Terminal
1. THE BASICSname :
created : 1994-11-01 05:00:00
changed : 2019-05-07 20:09:37
expires : 2024-10-31 04:00:00
dnssec : True
registered : True
2. REGISTRARid : 292
name : MarkMonitor Inc.
email :
url :

6. sources

work stuff I am memorizing with anki. mostly python | technical support engineer; snowplow analytics | ⚔️ sedis animi est in memoria

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store