Getting to know various domain name information such as the IP address, registrar, DNS details, nameservers and more is definitely a useful task. In this tutorial, you will learn how to do that using tools like host and whois.

Below is the table of contents of this tutorial:

  1. What is a Domain
  2. Installing Tools
  3. Terms Definition
  4. Domain Checking
  5. DNS Zone
  6. Where is the Website Hosted
  7. Where is the Name Server Hosted
  8. Where is the Mail Server Hosted
  9. SOA Record
  10. Conclusion

What is a Domain

Wikipedia defines it as “an identification string that defines a realm of administrative autonomy, authority or control within the Internet.” In plain English, a domain is a combination of letters, numbers, and symbols someone types in their browser to access a specific web address directly.

Of course, a domain can be used for many more things than just hosting a web page.

Because humans are way better with words than with numbers, we go to www.google.com, not to 142.250.185.206, when we want to “google” something.

So the Internet runs on IP addresses, but for our convenience, they are “translated” into words. This translation is taken care of by the DNS (Domain Name Services) servers.

It’s easy to buy a domain name, that is why I want to explain how to get information on existing domain names.

Installing Tools

In Linux, you just need to use 2 commands – whois and host. host is part of the bind-utils package so in order to install them you will have to run the following commands:

CentOS, Redhat, Fedora (yum or dnf):

$ sudo yum install whois bind-utils -y

Ubuntu, Debian, Mint Linux:

$ sudo apt-get update && sudo apt-get install whois bind-utils -y

OpenSUSE:

$ sudo zypper install whois bind-utils -y

ArchLinux:

$ sudo pacman -S whois bind-tools

Terms Definition

Let me define some terms I will be using during this tutorial.

  • Owner – the entity that currently owns the domain, it can be a person or a company.
  • Registrar – a company that allows you to purchase and register domain names.
  • DNS hoster – a server where the domain’s DNS zone is hosted.
  • DNS zone – a collection of DNS records. some examples:
    • A record – the website. you can create subdomains by adding additional A records.
    • MX record – the mail server. the DNS zone can contain multiple MX records with various priorities.
    • SOA (Start of Authority) record – contains administrative information about the zone
  • website hoster – a server where the domain’s A record is pointing to.

Domain Checking

Let’s start checking domains.

$ whois pepsi.com

First of all, we can see the domain is registered and it is not available for purchasing. The domain was purchased using the CSC CORPORATE DOMAINS INC. registrar on 14 January 1993, its info was last updated on 09 January 2020 and it will expire on 13 January 2022.
The domain is owned by PepsiCo Inc. and you can see some contact info displayed.

Please note that displaying ownership info is not mandatory, as there are anonymization options offered by the registrars.

DNS Zone

Let’s check the DNS zone of the domain. We will use the host -a command:

$ host -a pepsi.com

Where is the Web Server Hosted

So pepsi.com has 2 A records, for failover reasons. Remember, A record represents the IP address where the website http(s)://pepsi.com is hosted.

Using the whois command we can also check who owns an IP address:

$ whois 45.60.135.51

The IP address belongs to Incapsula INC, a company registered in California, USA. The IP address ownership is almost never anonymized.
Let’s compare this to the mail server IP addresses (the MX records):

pepsi.com.              519     IN      MX      100 mail.pepsico.com.
pepsi.com.              519     IN      MX      10 mail.pepsico.com.

The 10 and 100 numbers represent the priority of the record, the lowest value being preferred. You can see here both records point to the same address, mail.pepsico.com, but that isn’t always the case. Take vodafone.com for example:

$ host vodafone.com
vodafone.com has address 18.157.219.111
vodafone.com mail is handled by 20 cluster5a.eu.messagelabs.com.
vodafone.com mail is handled by 10 cluster5.eu.messagelabs.com.

Let’s jump to the ns records. ns comes from nameserver.

pepsi.com.              1800    IN      NS      ns2.pbsg.com.
pepsi.com.              1800    IN      NS      ns4.pbsg.com.
pepsi.com.              1800    IN      NS      ns3.pbsg.com.
pepsi.com.              1800    IN      NS      ns1.pbsg.com.

The address delegated at the registrar as the name server for a domain is where Internet DNS servers will look for the domain’s DNS zone. The recommendation is to have multiple name servers hosted on different IP subnets, for high availability. In this way, if one name server goes down for any reason, another name server can present the information from the DNS zone and your website does not appear offline.

Where is the Name Server Hosted

What about the name server?

$ host ns1.pbsg.com
ns1.pbsg.com has address 204.136.64.30
$ whois 204.136.64.30

So the IP address hosting the name server is part of an IP range owned by Pepsi Cola Company, registered in New York, USA.

Where is the Mail Server Hosted

What about the mail server?

$ host mail.pepsico.com
mail.pepsico.com has address 204.136.96.182

So the IP address hosting the mail server is part of the same IP range as the one hosting the name server but belongs to another /24 subnet.

SOA Record

We also need to analyze the SOA (Start of Authority) record:

pepsi.com. 1800  IN    SOA     ns1.pbsg.com. externaldnsrequests.pbsg.com. 2008062618 3600 900 864000 1800

Let’s talk about the part after “SOA”.

ns1.pbsg.com represents the primary name server of the domain.

externaldnsrequests.pbsg.com is actually an email address, [email protected], the domain’s administrator’s email address.

2008062618 is the serial of the DNS zone, the same thing as a version number. It is formed as YearMonthDayVersion, meaning on 2008-June-26 a DNS zone version numbered 18 was released and is currently in use.

The next 4 values represent REFRESH, RETRY, EXPIRE, and TTL:

  • REFRESH – the frequency, in seconds, a secondary name server should check for DNS zone changes
  • RETRY – the interval, in seconds, a secondary name server should wait after an unsuccessful synchronization attempt
  • EXPIRE – how many seconds should a secondary name server wait for successful synchronization with the primary name server before it stops responding to DNS queries related to this DNS zone
  • TTL – Time to Live, a value, in seconds, which represents the period the querying router should hold (cache) the provided information

Conclusion

Using whois is also a good way to check when you want to purchase a domain. For example:

$ whois whyaliensdonttalktous.com
No match for domain "WHYALIENSDONTTALKTOUS.COM".
>>> Last update of whois database: 2021-11-02T06:46:40Z <<<

The domain whyaliensdonttalktous.com is currently up for grabs, not being registered by anyone.

Interesting fact, there are currently more than 367 million domains registered, so finding an available interesting domain name will not be easy.

There it is, you just learned how to check a domain’s availability, creation and expiration date, owner, contact info, and where its component parts are distributed across the Internet.