![geek tools whois geek tools whois](https://www.howtogeek.com/wp-content/uploads/2019/09/stock-lede-linux-see-attribution.png)
![geek tools whois geek tools whois](https://geek-university.com/wp-content/images/linux/nslookup_command_soa.jpg)
Returns a bunch of useful stuff including:īy default, WHOIS performs a very broad search, looking in all record types for matches to your query in these fields: domain name, nameserver name, nameserver IP address, and registrar names. You can find out about this from the whois servers themselves - also using the whois command, by setting the name option to help: whois help What it doesn't tell you is there is now a well accepted format for name to let you explicitly state the type of results you care about. The man page for whois on OS X 10.10 merely mentions the name (the thing you're asking of the server) contain different types of data, 'such as domain names and IP addresses`. Modern registrars don't let people fill their own whois with these kinds of entries, so most of these junk entries are pretty old.
![geek tools whois geek tools whois](https://blog.bubble.ro/wp-content/uploads/2015/02/best-geek-tshirt-ever.jpg)
So lovely people, who own other domains, make fake whois entries for hosts including somewhere in their name. Whether that's a bug or feature depends on who you talk to. whois, by default, looks up any domain or host that matches what you provide on the command line - and often returns the subdomain results before the top level ones. So where does the junk come from? First things first: nobody has been hacked. If you've ever used the whois tool to look up a popular domain, you'll be familiar with results like this:Īfter all the junk, you'll notice the final line is the one you care about: MICROSOFT.COM