# MacOS – Whois command corrupted on mac

dnsmacososx-maverickswhois

Whois lookup is not displaying correct information. Dig and other network commands work perfectly correct and I'm able to connect to any/everything. However, this whois lookup corruption concerns me. Any ideas? Thanks! The reason I ask is because this is needed for a networking class (professor showed whois in conjunction with showing how to program firewall rules, and I need to be able to do that for the final). It works 'normally' (that is, lists domain info) on other's computers, and if I connect via telnet to internic, I can get it, but the whois command on my mac won't. Any ideas?

Example:

Whois Server Version 2.0 Domain names in the .com and
.net domains can now be registered with many different competing
registrars. Go to http://www.internic.net for detailed information.

record, look it up with "xxx", where xxx is one of the of the records
displayed above. If the records are the same, look them up with "=xxx"
to receive a full display for each record.

Last update of whois database: Wed, 19 Mar 2014 21:21:54 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the
registry is currently set to expire. This date does not necessarily
reflect the expiration date of the domain name registrant's agreement
registrar's Whois database to view the registrar's reported date of
to access or query our Whois database through the use of electronic
processes that are high-volume and automated except as reasonably
necessary to register domain names or modify existing registrations;
the Data in VeriSign Global Registry Services' ("VeriSign") Whois
database is provided by VeriSign for information purposes only, and to
assist persons in obtaining information about or related to a domain
name registration record. VeriSign does not guarantee its accuracy. By
submitting a Whois query, you agree to abide by the following terms of
use: You agree that you may use this Data only for lawful purposes and
that under no circumstances will you use this Data to: (1) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via e-mail, telephone, or
facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree
not to use electronic processes that are automated and high-volume to
access or query the Whois database except as reasonably necessary to
register domain names or modify existing registrations. VeriSign
its sole discretion to ensure operational stability. VeriSign may
these terms at any time. The Registry database contains ONLY .COM,
.NET, .EDU domains and Registrars.

## The whois command on your Mac is perfectly fine.

You're simply querying a different NICNAME server with each tool. The BSD whois tool in MacOS 10 uses the whois-servers.net. mechanism, and in this case is querying the com.whois-servers.net. NICNAME server, run by Verisign Incorporated. Other people's computers are using a different whois command that probably hardwires whois.networksolutions.com., run by Network Solutions LLC, as the NICNAME server.

What you see is what the different NICNAME servers are actually publishing. This is nothing to do with your client tool at all. People have actually registered all of those. Note what the MacOS manual says about the Network Solutions NICNAME server. You're querying the registry's NICNAME server, and seeing a whole load of registrations made through several different registrars, from MarkMonitor to Tucows. The other people are querying one registrar's NICNAME server, and seeing only the registrations made through that specific registrar.

Run

whois '=google.com'
with the BSD whois tool and you'll receive extended output from the registry's NICNAME server showing where each registrar's individual NICNAME server is. (The output in your question tells you this very trick.) Again, this is a server-side function, and not all NICNAME servers work the same way — as you can see if you try the same trick with the Network Solutions LLC NICNAME server.

One of the reasons that whois commands vary is that the days of there being one place, or even a few places, to go for NICNAME service are long past. You're using one of the more modern whois tools that uses one of two available DNS mechanisms to automatically locate the NICNAME server to use for any given domain name. Other, clunkier and higher-maintenance, whois tools have hardwired NICNAME server names, or configuration files that need regular servicing.