whois on OS X

One of the things I find myself doing from time to time it to execute the whois command. This allows me to figure out to whom an IP(range) or domain belongs. However, when doing this on OS X, especially with IPv6 addresses I’m greeted with:

$ whois 2a00:1450:400f:805::200e

No match for "2a00:1450:400f:805::200e".
>>> Last update of whois database: Tue, 07 Jun 2016 12:55:53 GMT <<<

I figured I should explicitly ask it to treat this as IPv6 and found this in the man page:

-6	Use the IPv6 Resource Center (6bone) database. It contains network names and addresses for the IPv6 network.

But a few seconds later:

$ whois -6 2a00:1450:400f:805::200e
whois: whois.6bone.net: nodename nor servname provided, or not known

6bone has been dead for ages and instead you should just query the approriate whois server of the RIR that has been assigned the block in which the IP you’re interested in resides. For IPv6 there’s a list here, and IPv4 is over here.

I tried all the other possible switches in the man pages, even explicitly pointing it to RIPE’s whois servers as this is one of Google’s IPv6 addresses handed out by RIPE. No dice.

Going through the man page it also appears there is no way to override the servers the utility might query in the same way that whois on a Linux system can, through /etc/whois.conf.

So at this point, if you want an actually functioning whois on OS X just do a brew install homebrew/dupes/whois and call it a day. This will shadow the system provided whois though so do be careful.

As a side note, your newly found whois supports an /etc/whois.conf file which takes regex patterns and a whois server to query for them:

^2a0[0-9a-f]: whois.ripe.net

This will now send whois queries for IPs matching that regex to RIPE. Using that same trick you can add whois servers for the new gTLDs if it doesn’t manage to correctly resolve one of them:

\.brussels$ whois.nic.brussels

If you want to figure out what the WHOIS server for a domain is, you can query IANA for it:

$ whois -h whois.iana.org brussels

% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object

domain:       BRUSSELS
[..]
whois:        whois.nic.brussels

You can also manually brwose the gTLD database here and click through to find the appropriate whois server.

Thinking about it I would’ve prefered to see this information encoded in DNS instead by the use of TXT recrods. However, whois predates DNS by a year (two years even before the first DNS implementation showed up) and 5 years before the TXT record was added.

It seems that for now we’re stuck with this.