Getting to know various domain name information such as the IP address, registrar, DNS details, nameservers and more is definitely a useful task. In this tutorial, you will learn how to do that using tools like host and whois.

Below is the table of contents of this tutorial:

  1. What is a Domain
  2. Installing Tools
  3. Terms Definition
  4. Domain Checking
  5. DNS Zone
  6. Where is the Website Hosted
  7. Where is the Name Server Hosted
  8. Where is the Mail Server Hosted
  9. SOA Record
  10. Conclusion

What is a Domain

Wikipedia defines it as “an identification string that defines a realm of administrative autonomy, authority or control within the Internet.” In plain English, a domain is a combination of letters, numbers, and symbols someone types in their browser to access a specific web address directly.

Of course, a domain can be used for many more things than just hosting a web page.

Because humans are way better with words than with numbers, we go to, not to, when we want to “google” something.

So the Internet runs on IP addresses, but for our convenience, they are “translated” into words. This translation is taken care of by the DNS (Domain Name Services) servers.

It’s easy to buy a domain name, that is why I want to explain how to get information on existing domain names.

Installing Tools

In Linux, you just need to use 2 commands – whois and host. host is part of the bind-utils package so in order to install them you will have to run the following commands:

CentOS, Redhat, Fedora (yum or dnf):

$ sudo yum install whois bind-utils -y

Ubuntu, Debian, Mint Linux:

$ sudo apt-get update && sudo apt-get install whois bind-utils -y


$ sudo zypper install whois bind-utils -y


$ sudo pacman -S whois bind-tools

Terms Definition

Let me define some terms I will be using during this tutorial.

  • Owner – the entity that currently owns the domain, it can be a person or a company.
  • Registrar – a company that allows you to purchase and register domain names.
  • DNS hoster – a server where the domain’s DNS zone is hosted.
  • DNS zone – a collection of DNS records. some examples:
    • A record – the website. you can create subdomains by adding additional A records.
    • MX record – the mail server. the DNS zone can contain multiple MX records with various priorities.
    • SOA (Start of Authority) record – contains administrative information about the zone
  • website hoster – a server where the domain’s A record is pointing to.

Domain Checking

Let’s start checking domains.

$ whois

First of all, we can see the domain is registered and it is not available for purchasing. The domain was purchased using the CSC CORPORATE DOMAINS INC. registrar on 14 January 1993, its info was last updated on 09 January 2020 and it will expire on 13 January 2022.
The domain is owned by PepsiCo Inc. and you can see some contact info displayed.

Please note that displaying ownership info is not mandatory, as there are anonymization options offered by the registrars.

DNS Zone

Let’s check the DNS zone of the domain. We will use the host -a command:

$ host -a

Where is the Web Server Hosted

So has 2 A records, for failover reasons. Remember, A record represents the IP address where the website http(s):// is hosted.

Using the whois command we can also check who owns an IP address:

$ whois

The IP address belongs to Incapsula INC, a company registered in California, USA. The IP address ownership is almost never anonymized.
Let’s compare this to the mail server IP addresses (the MX records):              519     IN      MX      100              519     IN      MX      10

The 10 and 100 numbers represent the priority of the record, the lowest value being preferred. You can see here both records point to the same address,, but that isn’t always the case. Take for example:

$ host has address mail is handled by 20 mail is handled by 10

Let’s jump to the ns records. ns comes from nameserver.              1800    IN      NS              1800    IN      NS              1800    IN      NS              1800    IN      NS

The address delegated at the registrar as the name server for a domain is where Internet DNS servers will look for the domain’s DNS zone. The recommendation is to have multiple name servers hosted on different IP subnets, for high availability. In this way, if one name server goes down for any reason, another name server can present the information from the DNS zone and your website does not appear offline.

Where is the Name Server Hosted

What about the name server?

$ host has address
$ whois

So the IP address hosting the name server is part of an IP range owned by Pepsi Cola Company, registered in New York, USA.

Where is the Mail Server Hosted

What about the mail server?

$ host has address

So the IP address hosting the mail server is part of the same IP range as the one hosting the name server but belongs to another /24 subnet.

SOA Record

We also need to analyze the SOA (Start of Authority) record: 1800  IN    SOA 2008062618 3600 900 864000 1800

Let’s talk about the part after “SOA”. represents the primary name server of the domain. is actually an email address,, the domain’s administrator’s email address.

2008062618 is the serial of the DNS zone, the same thing as a version number. It is formed as YearMonthDayVersion, meaning on 2008-June-26 a DNS zone version numbered 18 was released and is currently in use.

The next 4 values represent REFRESH, RETRY, EXPIRE, and TTL:

  • REFRESH – the frequency, in seconds, a secondary name server should check for DNS zone changes
  • RETRY – the interval, in seconds, a secondary name server should wait after an unsuccessful synchronization attempt
  • EXPIRE – how many seconds should a secondary name server wait for successful synchronization with the primary name server before it stops responding to DNS queries related to this DNS zone
  • TTL – Time to Live, a value, in seconds, which represents the period the querying router should hold (cache) the provided information


Using whois is also a good way to check when you want to purchase a domain. For example:

$ whois
>>> Last update of whois database: 2021-11-02T06:46:40Z <<<

The domain is currently up for grabs, not being registered by anyone.

Interesting fact, there are currently more than 367 million domains registered, so finding an available interesting domain name will not be easy.

There it is, you just learned how to check a domain’s availability, creation and expiration date, owner, contact info, and where its component parts are distributed across the Internet.