Checking who owns a domain, which company controls an IP range, or where abuse reports should go is faster when the lookup tool is available in your terminal. You can install whois on Ubuntu from the default APT repositories with one package, then use the whois command to query domains, IP addresses, abuse contacts, and ASNs without adding a PPA or downloading anything manually.
Ubuntu keeps the whois package in its standard repositories, but many desktop, server, and minimal installs do not include the whois command until you add it yourself. If Ubuntu returns whois: command not found, install the client with sudo apt install whois -y and rerun the lookup.
Update Ubuntu Before You Install Whois
Refresh the package index first so Ubuntu pulls the current whois package for your release. The -y flag accepts the upgrade prompt automatically.
sudo apt update
sudo apt upgrade -yThese commands use
sudofor package management tasks that need root privileges. If your account is not in the sudoers group yet, follow the steps to add a new user to sudoers on Ubuntu before continuing.
Install Whois on Ubuntu
Install whois on Ubuntu with sudo apt install whois -y. Ubuntu 26.04 (resolute), 24.04 (noble), and 22.04 (jammy) all ship the package in their default APT repositories, so you do not need a PPA or a separate download.
sudo apt install whois -yVerify the installed package state with apt-cache policy whois:
apt-cache policy whoiswhois:
Installed: 5.6.6
Candidate: 5.6.6
Version table:
*** 5.6.6 500
500 http://au.archive.ubuntu.com/ubuntu resolute/main amd64 Packages
100 /var/lib/dpkg/status
On the current supported Ubuntu LTS releases, whois resolves to version 5.6.6 on Ubuntu 26.04 (resolute), 5.5.22 on Ubuntu 24.04 (noble), and 5.5.13 on Ubuntu 22.04 (jammy). The package installs the command at /usr/bin/whois.
Use the Whois Command on Ubuntu
Once the package is installed, the same syntax works across all supported Ubuntu LTS releases. Domain records, IP allocations, abuse contacts, expiration dates, and ASN lookups are the tasks most people start with.
Query Whois Domain Records
Query a domain when you want the registrar, expiration date, nameservers, and status fields in one response.
whois example.comDomain Name: EXAMPLE.COM Registry Domain ID: 2336799_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.iana.org Registrar URL: http://res-dom.iana.org Updated Date: 2026-01-16T18:26:50Z Creation Date: 1995-08-14T04:00:00Z Registry Expiry Date: 2026-08-13T04:00:00Z Registrar: RESERVED-Internet Assigned Numbers Authority Registrar IANA ID: 376 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
The registry record shows the domain ID, registrar, update history, expiration date, and status values that registries use to control transfers or deletions.
Query Whois IP Address Information
Use an IP lookup when you need to identify the organization that owns a public address block.
whois 8.8.8.8NetRange: 8.8.8.0 - 8.8.8.255 CIDR: 8.8.8.0/24 NetName: GOGL Organization: Google LLC (GOGL) RegDate: 2023-12-28 Updated: 2023-12-28
This output is useful when firewall logs, web server logs, or threat-intelligence notes give you an IP address but not the organization behind it.
Query a Specific Whois Server
The -h option sends the request to a specific WHOIS server instead of following the default referral path.
whois -h whois.verisign-grs.com example.comA direct server lookup is useful when you want the registry response itself or when a domain’s default referral chain omits fields you need.
Filter Whois Output for Abuse Contacts
Pipe the result through grep when you only need the abuse contact lines. You can use the grep command in Linux here because -i ignores letter case.
whois linuxcapable.com | grep -i abuse Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
These fields give you the registrar or provider contacts to use when you report phishing, spam, or malicious hosting.
Check Whois Domain Expiration Dates
Filter the expiration fields if you only want renewal deadlines. The -E flag lets grep match either field name in one pass.
whois linuxcapable.com | grep -i -E "Registry Expiry Date|Registrar Registration Expiration Date"Registry Expiry Date: 2026-07-03T08:58:15Z Registrar Registration Expiration Date: 2026-07-03T08:58:15.00Z
This keeps renewal checks short enough for scripts, cron jobs, or quick manual audits.
Run Whois ASN Lookups
Prefix an autonomous system number with AS to query the operator behind a routing announcement.
whois AS15169ASNumber: 15169 ASName: GOOGLE ASHandle: AS15169 RegDate: 2000-03-30 Updated: 2012-02-24 OrgName: Google LLC
ASN lookups help when you are tracing network ownership, investigating BGP paths, or comparing multiple IP ranges from the same provider.
View Whois Command Options
List the available flags when you need to change servers, adjust recursion, or hide disclaimer text.
whois --helpUsage: whois [OPTION]... OBJECT...
-h HOST, --host HOST connect to server HOST
-p PORT, --port PORT connect to PORT
-I query whois.iana.org and follow its referral
-H hide legal disclaimers
--verbose explain what is being done
--no-recursion disable recursion from registry to registrar servers
For DNS record queries that complement registry data, use the nslookup command in Linux alongside whois. The full manual page is also available with man whois.
Remove Whois from Ubuntu
Remove the package and purge its package-managed files if you no longer need the client.
sudo apt remove --purge whois -yThen remove orphaned dependencies that were installed only for this package chain:
sudo apt autoremove -yVerify the removal with apt-cache policy whois:
apt-cache policy whoiswhois:
Installed: (none)
Candidate: 5.6.6
Version table:
5.6.6 500
500 http://au.archive.ubuntu.com/ubuntu resolute/main amd64 Packages
The standard whois package does not create per-user config or cache directories under ~/.config, ~/.cache, or ~/.local/share, so there is normally nothing else to clean up.
Whois on Ubuntu FAQ
Yes. sudo is only needed for the APT install and removal steps. Once the package is installed, normal lookups such as whois example.com or whois 8.8.8.8 run as your regular user.
That error usually means the whois package is not installed on the current system or it was removed later. Install it with sudo apt install whois -y, then confirm apt-cache policy whois shows an installed version and command -v whois returns /usr/bin/whois.
Yes. Use whois 8.8.8.8 for an IP allocation lookup and whois AS15169 for an autonomous system lookup. The same client can also query domain registration records and registrar abuse contacts.
Debian uses the same whois package name and a similar apt install workflow, but this article is scoped to Ubuntu 26.04, 24.04, and 22.04. Package versions and surrounding instructions can differ on Debian, so treat this page as Ubuntu-only guidance.
Conclusion
The whois command is installed on Ubuntu and ready for domain registration lookups, IP ownership checks, abuse-contact filtering, and ASN queries straight from the terminal. When you need to compare registry data with live DNS records, pair it with nslookup or script the filtered examples above for faster monitoring and investigations.
Formatting tips for your comment
You can use basic HTML to format your comment. Useful tags currently allowed in published comments:
<code>command</code>command<strong>bold</strong><em>italic</em><blockquote>quote</blockquote>