REXX whois client for spam fighters

Contents: introductionusageDWIMhistory.

top   Introduction

rxwhois needs RxSock.dll and RexxUtil.dll available from IBM for OS/2, or equivalent libraries for other operating systems. It also works with ooREXX under Windows, just rename the script to rxwhois.rex.

At the moment rxwhois supports local codepage 437, OS/2 850 (858), OS/2 1004 (windows-1252), Latin-1 (819), Latin-9 (923), KOI8-R (878), and (in theory) MAC Roman. Queries are translated to UTF-8, replies are translated to your local codepage. UTF-8 is important for IDNs (Internationalized Domain Names). Adding more codepages should be easy, otherwise you can hire me ;-)

IPv6 won't work, because RxSock.dll doesn't know it, and I couldn't test it. Where necessary rxwhois tries to interpret a word  of four numbers separated by dots like as IPv4, other words  with dots like are interpreted as FQDN (Fully Qualified Domain Name). This trick is not used if a whois server for the query  is specified, see below.

top   Usage

rxwhois -h host:port query

That's the traditional way to send a query (one line) to a host (whois server). The default port is 43, see also RfC 3912. Almost all other rxwhois options are just shorthands:

rxwhois TLD  => rxwhois -h TLD
rxwhois -a domain   => rxwhois -h domain
rxwhois -c query   => rxwhois -h query
rxwhois -d domain   => rxwhois -h -Tdn,ace domain
rxwhois -i host ...  => rxwhois IP(name) ... or rxwhois name(IP) ...
rxwhois -j query   => rxwhois -h query  /e
rxwhois -n query   => rxwhois -h query
rxwhois -r query   => rxwhois -h -B query
rxwhois -t query   => rxwhois -h query
rxwhois -a   => test supported DNSBLs (see below)
rxwhois *   => test supported and disabled whois servers

rxwhois -a domain  tests all RFCI  RHSBLs, and the multi zone of before asking for an abuse address. RHSBLs (Right Hand Side Block Lists) are a special form of DNSBLs, a domain is listed if domain.RHSBL has an "IP".

host =

rxwhois -a without arguments checks all supported DNSBLs using the test entry example.tld for RFCI   zones, or the test IP for other DNSBLs. An IP is listed if <reverse IP>.DNSBL has an "IP". The DNSBL query format for IPs is derived from the zone.

host =

rxwhois IP  checks all supported DNSBLs (excl. RFCI  RHSBLs) for the given IP, at the moment:

  *   *   *
  *   *   *
  *   *   *

Please note that some of these DNSBLs do not yet support important features documented in the DNSBL Internet Draft. BLs listing IP or domain localhost, or BLs returning IP as result, or DNSBLs not supporting a "listed" test entry for IP, are disqualified as far as rxwhois is concerned.

Ideally RHSBLs could offer a "listed" test entry for domain test, but admittedly that's not yet the case for the RFCI lists. For more info see RFC 2606 or its proposed update 2606bis.

top   Do What I Mean

The fun starts if you try rxwhois query  without any option, it's a DWIM (Do What I Mean) interface. If the first word is an IP see above, other words are ignored. If it's a TLD (Top Level Domain) gets the query. If it contains a dot but is no IP, it's handled as FQDN. If a whois server or rwhois server (port 4321) for the TLD or SLD of this FQDN is known and not disabled, it gets the query. If an URL is known it's only displayed - this covers odd cases like reserved TLDs or some ISO 3166 country codes without TLDs.

Finally if the first word of the query contains a hyphen it could be a "NIC handle", and if a corresponding whois server is known it gets the query. This list is far from complete, and it does not work for cases like JP (no hyphen, use rxwhois -j) or -SA (use rxwhois -h PERSON any-SA):

rxwhois any-AFRINIC  => rxwhois -h any-AFRINIC
rxwhois any-ARIN   => rxwhois -h any-ARIN
rxwhois any-AP   => rxwhois -h any-AP
rxwhois any-AU   => rxwhois -h any-AU
rxwhois any-CKNIC   => rxwhois -h any-CKNIC
rxwhois any-CZ   => rxwhois -h any-CZ
rxwhois any-DK   => rxwhois -h any-DK
rxwhois any-FRNIC   => rxwhois -h any-FRNIC
rxwhois any-HST   => rxwhois -h any-HST
rxwhois any-ITNIC   => rxwhois -h any-ITNIC
rxwhois any-LACNIC   => rxwhois -h any-LACNIC
rxwhois any-NICAT   => rxwhois -h any-NICAT
rxwhois any-NICIR   => rxwhois -h any-NICIR
rxwhois any-NORID   => rxwhois -h any-NORID
rxwhois any-RIPE   => rxwhois -h any-RIPE
rxwhois any-RIPN   => rxwhois -h any-RIPN

top   History

For the latest minor updates see the rxwhois.cmd source. Version history:
2.1 , 2.0 , 1.9 , 1.8 , 1.7 , 1.6 , 1.5 , 1.4 , 1.3 , 1.2 , 1.1 , 1.0 , 0.9 , 0.8 , 0.7 , 0.6 , 0.5 , 0.4 , 0.3 .

rxwhois 2.1

        consolidated minor updates 2.0.1 up to 2.0.6, especially:
        - removed  ORDB DNSBL closed 2006-12-18
        - removed
        - replaced DNSBL sbl-xbl.spamhaus by
        - added 11 IDN test TLDs xn--... (started 2007-10-15)
        - fixed bug where TLD A-label was parsed as NIC handle
        - added temporary test option -k for the Cyril IDN TLD
        - replaced UTF-8 procedures version 0.5 by 0.8, please
          add or fix missing codepages in procedure UTF.8( CP )
        - added CHCP() emulating OS/2 SysQueryProcessCodePage()
        - replaced     by
        - replaced         by
        - replaced by
        - replaced       by
        -  enabled
        -  enabled
        - added for  sTLD .jobs
        - added       for ccTLD .gd
        - added         again for ccTLD .ly
        - added           for ccTLD .ma
        - disabled         new for ccTLD .gf
        - disabled      new for ccTLD .gy
        - disabled    (unknown host listed by IANA)
        - disabled     \/ no change - the servers exist
        - disabled /\ but don't know themselves (?)
        - removed       (unknown host)
        - removed     (unknown host)
        - disabled       (ECONNREFUSED)
        - disabled     (ETIMEDOUT)
        - disabled      (ETIMEDOUT)
        - updated  proto-TLD .cs (IANA now reserves .me and .rs)
        - added    for new  gTLD .tel
        - added provisional entries for new ccTLDs .mf and .bl

rxwhois 2.0

        consolidated minor updates 1.9.1 up to 1.9.4, especially:
        - minor fix in <> 0.5
        - replaced DEnglish gibberish "resp." in two comments
        - added placeholders for ME (Montenegro) and RS (Serbia)
        - enabled       (KZ)
        - enabled     (AI)
        - enabled       (AF)
        - added       (CI) handle data on demand
        - added     (MD)
        - added    (GI)   source: IANA
        - added (MOBI) source: IANA
        - removed (ID) host not found
        - removed     (NC) host not found
        - removed (this was always dubious)
        - removed (BM) get rid of old rwhois
        - replaced       (AERO) new name, source IANA
        - replaced  (BG) was
        - replaced       (DM) was
        - replaced       (GS) was
        - replaced       (LA) was whois2.afilias
        - replaced       (TK) was
        - replaced       (TL) was
        - replaced         (CD) was
        - replaced   (WS) was
        - disabled       (KI) added (a cocca bogey)
        - disabled       (GP) added \/ does not yet
        - disabled       (MQ) added /\ know itself
        - disabled           (PN) added, does not work
        - disabled (BZ)
        - removed  Web sites for TL and TP (broken certificates)
        - removed (five months too late, sorry)

rxwhois 1.9

        consolidated minor updates 1.8.1 up to 1.8.8, especially:
        - added      (GR)
        - enabled     (SE), ignorant but usable
        - removed   (SR)
        - replaced  :
        - replaced :
        - replaced        :
        - replaced      :
        - replaced            :
        - replaced        :
        - replaced   :
        - replaced  :
        - replaced        :
        - added          (BJ) handle data on demand
        - added   (KE)
        - added        (TN) disabled (Web access)
        - removed    (AU.COM) use normal COM whois
        - enabled      (AC.ZA) for any domain.AC.ZA
        - enabled        (LV)
        - disabled        (KZ)
        - replaced         :
        - replaced  :  (disabled)
        - enabled        (VE) test e.g.
        - disabled  (ID) nothing but timeouts
        - disabled whois.nic.?? for ccTLDs AF, CX, DM, NF, TL, TP
        - enabled        (CX) working CoCCA TLD NIC
        - replaced        :     (CoCCA)
        - replaced        :     (CoCCA)
        - replaced        : (CoCCA)
        - replaced        : (CoCCA)
        - added        (MU) working CoCCA TLD NIC
        - disabled        (MN) expects SLD in query
        - kept     (TH) test e.g.
        - replaced     :
        - replaced :
        - replaced
        - replaced      :
        - replaced        :
        - added        (MG) disabled, source IANA
        - disabled (GG+JE) no contact data
        - enabled        (IO) test e.g.
        - enabled        (TM) test e.g.
        - improved CHECK() to display any working disabled server
        - replaced DNSBL by
        - added    DNSBL
        - added    DNSBL <>
        - added    dummy entries for new gTLDs .asia and .mobi
        - added            (EU)
        - added           (CAT)
        - added    (TRAVEL)
        - disabled      (AI)
        - replaced (LA) :
        - added for ccTLDs HN, SC, VC

rxwhois 1.8

        consolidated minor updates 1.7.1 up to 1.7.8, especially:
        - xmas edition for Jeff Chan, support 127.0.c.d (16 bits)
        - added .nato as former gTLD (sorry, yet no reference)
        - added (AF), (CD)
        - added (PR)
        - updated (TF), so now it really is NIC.FR
        - disabled (BG), (MY)
        - disabled (LA), (BM)
        - disabled (HM)
        - removed (FM), that used to be a whois server
        - removed (TD), unknown host
        - kept (UY), maybe use later
        - replaced by (HK)
        - replaced by (NA)
        - ccTLDs AX, CS, EH, GB, KP, TL marked as "unknown whois"
        - added for any-AFRINIC handle
        - added (FI), source jwhois.conf 1.107
        - disabled (FI), (SE)
        - added for TLD .tl (not yet available)
        - added    http://www.nic.??/whois.jsp for CX, DM, NF, TP
        - replaced by (BG)
        - replaced by (BIZ)
        - kept, maybe use later
        - updated => whois.nic.?? for WF, YT
        - enabled (MY)
        - enabled (PRO)
        - enabled (MN), query without TLD .mn works
        - removed under construction by VeriSign
        - removed or
        - added (HM):
        - replaced disabled by [] (LA)
        - updated  TLDs .eu, .jobs, and .travel (almost official)
        - removed  option -z ( added to IP output
        - removed (dubious test result
        - disabled (LV), (MN)
        - disabled (PR)
        - enabled  CoCCA whois servers AF, CX, DM, NF, TL (+TP)
        - -i shows IHOST( x ) error directly as "unknown host x"
        - -a shows IHOST( IHOST( ?? )) for TLDs
        - -r shows unfiltered RIPE -B output, -Tdomain removed

rxwhois 1.7

        consolidated minor updates 1.6.1 up to 1.6.9, especially:
        - replace URIBL sc. by (sc=2, ws=4, ph=8)
        - DNSBL.SORBS.NET banned after abuse (removed from DNSBL)
        - removed for TLD .gr (known rfc-ignorant)
        - option -d as shorthand  for -h -Tdn,ace
        - option -z as shorthand  for -h IP
        - not yet implemented: <reverse-IP>
        - enabled:
        - added: (instead of alias of
        - added:  <reverse IP>  to tested DNSBLs
        - added:  <reverse IP> (withdrawn accred.)
        - removed (known rfc-ignorant TLD like gov)
        - removed <reverse IP>
        - removed dubious nslookup -q=soa <reverse IP>
        added <rev. IP>

rxwhois 1.6

        consolidated minor updates 1.5.1 up to 1.5.7, especially:
        - added <reverse IP>
        - added RHSBL to 5 RFCI zones (option -a)
        - UTF-8 query support added for codepage 437, 850, 1004
        removed : from DNSBLs (zone is now empty)
        enabled : (normal answers still useless)
        enabled : (.tv), (.ly again)
        replaced: by disabled
        replaced:  by disabled
        replaced:      by disabled
        removed :
        added   : (disabled, replaces
        added   : (a.k.a., disabled)
        added   : (use option #h for help)
        added   : (dummy, is a fake)
        added   :
        disabled:,, are dubious
        disabled: (useless answers, known ignorant)
        kept    : (server doesn't work: 2004-06-06)
        checked jwhois 1.100 and whoislist 1.21 (found new .la)

rxwhois 1.5

        consolidated minor updates 1.4.1 up to 1.4.7, especially:
        - added new zone to option -a
        - added <reverse IP> (incl. trojans)
        - option -c as shorthand for -h
        disabled (the default options are useless)
        option -d (RIPE) does not yet support DENIC's new syntax
        option -t for uses -h -Tace,dn

rxwhois 1.4

        option -j as shorthand for -h QUERY /e
        added <reverse IP> |test with |

rxwhois 1.3

        consolidated minor updates 1.2.1 up to 1.2.5, especially:
        - modified comment for country code .CS (this is no TLD)
        - replaced * by *
        option -i added: GetHostByAddr(x) resp. GetHostByName(x)
        enabled :
        removed :

rxwhois 1.2

        reenabled working (.am),
        yet no URL for disabled .fj, .mm, .nc, .pw, .tj, and .uz
        replaced by
        replaced by
        replaced by
        replaced by
        replaced by, .tc, .tf, .vg
        still dubious who handles TLD .tf (adamsnames or FRNIC) ?
        added for SLD (no answer => disabled)
        added support for host:port (default whois port is 43)
        port example: `rxwhois -h HEAD / HTTP/1.0`
        added (disabled, does not know itself)
        added, (
        gopher://rwhois.example:4321/?query may work in browsers
        added handles -AP, -AU, -CKNIC, -CZ, -DK, -LACNIC, -NICIR
        not yet supported: handle ???-SA => query PERSON ???-SA
        support for handles not automatically tested by option *
        option -a without domain (full RFCI whois check) improved
        more reserved ISO 3166 country codes: FX, WG, WL, WV, YV.

rxwhois 1.1

        replaced slow RBL check by
        kept (maybe use later)
        syntax error if no socket available corrected
        trailing blanks in query confused some servers, stripped

rxwhois 1.0

        option -r removed: RFCI checks integrated into option -a
        check <reverse IP> |test with |
        kept: (.ac) often unavailable, try again...
        removed unknown hosts and
        removed and its ??.com + ??.net SLDs
        removed and SLD, use TLD .cn server
        replaced by (bad answer, but alive)
        added (disabled),
        added for TLDs .wf and .yt, see also TLD .pm

rxwhois 0.9

        option -d as shorthand for -h -T domain
        not yet implemented: CHECK( ) "%error:101"
        support some well-known NIC handles in procedure ALIAS()
        IP OPT => `nslookup q=soa <reverse IP> OPT`
        added TLD .local as dummy (used by e.g. Apple Rendezvous)
        replaced by (for TLD .org)
        replaced (.tf) by again
        added: (SLD, (.ug)
        added: for TLDs .fo, .gl, .gm, .gr, .mc,
        added: for TLDs .sk, .sm, .va
        not added: TLDs .ad, .ba, .cy, .hr, .jo,
        not added: TLDs .md, .tn, .yu
        not added: (, TLD works
        not added: (.ng), no route to host
        disabled: whois.nic.?? for TLDs .ac, .ad, .ai, .am, .bi,
        disabled: whois.nic.?? for TLDs .do, .ge, .gi, .id, .io,
        disabled: whois.nic.?? for TLDs .kg, .kn, .kz, .lk, .mm,
        disabled: whois.nic.?? for TLDs .mn, .pa, .pe, .ph, .pw,
        disabled: whois.nic.?? for TLDs .sh, .td, .tk, .tv, .uz,
        disabled: whois.nic.?? for TLDs .vu
        disabled: (doesn't answer any queries)
        disabled:, (YES NO nonsense)
        disabled: (for SLD, apparently down)
        disabled: (bogus whois, doesn't know itself)
        disabled:  (bogus whois, doesn't know itself)
        kept: (.ws) does not show abuse contact
        kept: (.sr) does not show abuse contact
        kept: (.cd) often unavailable, try again...
        kept: (erroneous)
        not yet implemented: for ENUM

rxwhois 0.8

        simplified RBL-lookup with procedure GHOST, removed BLOCK
        checked many ISO 3166-1 codes (interesting: TL, EH, KP)
        added again (.dk), (.ly)
        added (.ae), (.sr)
        added (.na), (.uy)
        added SLDs (many ??.com and ??.net),
        added SLDs (,, added SLD
        not used: (.gf), (SLD
        replaced (.za) by (

rxwhois 0.7

        added SLD support for (used for phone numbers)
        check <reverse IP> using 127.1.0.? (1..7)

rxwhois 0.6

        added info based on <URL:>
        option -r to check (etc.) entries

rxwhois 0.5

        check <reverse IP> |test with |
        check <reverse IP> |test with |
        option -n as shorthand for -h
        added,, and

rxwhois 0.4

        check <reverse IP>  |test with |
        check <reverse IP>
        check <reverse IP>
        check <reverse IP>

rxwhois 0.3

        option -a as shorthand for -h
        option -t as shorthand for -h

W3 validator Last update: 14 Jul 2008 04:30 by F.Ellermann