# Default WHOIS server in FreeBSD



## ph0enix (Jan 30, 2017)

What's the default WHOIS server that gets queried when running the whois command?  I'm getting rather "interesting" results (profanity) when doing:


```
whois microsoft.com
```

I tried the same command on an Ubuntu system and it works fine.  I'm guessing Ubuntu uses a different WHOIS server.

Thanks!


----------



## usdmatt (Jan 30, 2017)

```
man whois
```



> -h host
> Use the specified host instead of the default variant.  Either a
> host name or an IP address may be specified.
> 
> ...


----------



## drhowarddrfine (Jan 31, 2017)

ph0enix said:


> I'm getting rather "interesting" results (profanity)


I don't and I'm pretty sure I've never touched that so it would be interesting why you are.

From the man page:


> By default whois starts by querying the Internet Assigned Numbers
> Authority (IANA) whois server


So I have a feeling something funny is going on in your set up.


----------



## Deleted member 9563 (Jan 31, 2017)

The OP should probably check his nameservers - both /etc/resolv.conf and his router's settings.


----------



## usdmatt (Jan 31, 2017)

Have you tried doing a whois lookup for a domain such as microsoft.com on one of your machines?
I get the same and it's been a known but harmless issue as long as I can remember.


```
# whois microsoft.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

MICROSOFT.COM.ARE.GODDAMN.PIG[...].NET.NS-NOT-IN-SERVICE.COM
MICROSOFT.COM.CAN.GO.[...].ITSELF.AT.SECZY.COM
MICROSOFT.COM.DEADKNIFERECORDS.COM
MICROSOFT.COM.FILLS.ME.WITH.BELLIGERENCE.NET
... continued ...
```


----------



## Deleted member 9563 (Jan 31, 2017)

usdmatt said:


> Have you tried doing a whois lookup for a domain such as microsoft.com on one of your machines?
> I get the same and it's been a known but harmless issue as long as I can remember.



Frankly, I don't believe that Microsoft put that there. I just did that same lookup again in case I missed the actual wording before. And no, I get the real thing. However, I'm fussy about which nameservers I use. I really don't like _any_ mitm attacks.

Edit: I seems this is not actually DNS related (sorry) but rather from bad whois lookup choices, presumably locally. But doing some more searching on this it sounds like some of the whois services have also had bad data on occasion. Apparently the problem is easy to replicate, but a properly configured whois lookup should not do this. Here's a related thread.


----------



## usdmatt (Jan 31, 2017)

Microsoft didn't put it there, just idiots registering ns entries with their domain provider.

Interesting that some people don't see it. I'm pretty sure it's always been the same from here and I have no interest in configuring whois servers manually. My machines are just using the default com.whois-servers.net, which points to whois.verisign-grs.com/199.7.54.74 for me.


----------



## ph0enix (Feb 6, 2017)

I guess I'm ignorant about how WHOIS queries work.  I thought they used authoritative servers - similar to how DNS works.
I don't see how idiots registering ns entries with their registrar would cause the problem.  You can't add authoritative NS servers for any other domain but your own with the registrars.


----------



## Deleted member 9563 (Feb 6, 2017)

ph0enix Apparently some WHOIS servers query in a manner that shows related domains. I'm not sure what they hope to gain by showing the information that way though.


----------

