How to Install WHOIS on Ubuntu 26.04, 24.04 and 22.04

Checking who owns a domain, which company controls an IP range, or where abuse reports should go is faster when the lookup tool is available in your terminal. You can install whois on Ubuntu from the default APT repositories with one package, then use the whois command to query domains, IP addresses, abuse contacts, and ASNs without adding a PPA or downloading anything manually.

Ubuntu keeps the whois package in its standard repositories, but many desktop, server, and minimal installs do not include the whois command until you add it yourself. If Ubuntu returns whois: command not found, add the client through APT, confirm the binary path, and rerun the lookup.

Update Ubuntu Before You Install Whois

Refresh the package index first so Ubuntu pulls the current whois package for your release. The -y flag accepts the upgrade prompt automatically.

sudo apt update
sudo apt upgrade -y

These commands use sudo for package management tasks that need root privileges. If your account is not in the sudoers group yet, follow the steps to add a new user to sudoers on Ubuntu before continuing.

Install Whois on Ubuntu

Install whois on Ubuntu with sudo apt install whois -y. Ubuntu 26.04 (resolute), 24.04 (noble), and 22.04 (jammy) all ship the package in their default APT repositories, so you do not need a PPA or a separate download.

sudo apt install whois -y

Verify the installed package state with apt-cache policy whois:

apt-cache policy whois

whois:
  Installed: 5.6.6
  Candidate: 5.6.6
  Version table:
 *** 5.6.6 500
        500 http://au.archive.ubuntu.com/ubuntu resolute/main amd64 Packages
        100 /var/lib/dpkg/status

On the current supported Ubuntu LTS releases, whois resolves to version 5.6.6 on Ubuntu 26.04 (resolute), 5.5.22 on Ubuntu 24.04 (noble), and 5.5.13 on Ubuntu 22.04 (jammy). The package installs the command at /usr/bin/whois.

Debian uses the same package name and similar APT syntax, but Debian package versions and release coverage are separate from Ubuntu. Use these Ubuntu version details only for Ubuntu 26.04, 24.04, and 22.04 systems.

Confirm the command path with command -v after installation:

command -v whois

/usr/bin/whois

If the command still returns no path, rerun the install step and check APT’s final status. On a normal Ubuntu PATH, /usr/bin is already available to your shell.

Check the client version with whois --version when you need the command’s own version output instead of APT package metadata:

whois --version

Version 5.6.6.

Report bugs to <md+whois@linux.it>.

Use the Whois Command on Ubuntu

Once the package is installed, the same syntax works across all supported Ubuntu LTS releases. Domain records, IP allocations, abuse contacts, expiration dates, and ASN lookups run as your regular user; sudo is only needed for the APT install and removal steps.

Query Whois Domain Records

Query a domain when you want the registrar, expiration date, nameservers, and status fields in one response.

whois example.com

Relevant lines include:

   Domain Name: EXAMPLE.COM
   Registry Domain ID: 2336799_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.iana.org
   Registrar URL: http://res-dom.iana.org
   Updated Date: 2026-01-16T18:26:50Z
   Creation Date: 1995-08-14T04:00:00Z
   Registry Expiry Date: 2026-08-13T04:00:00Z
   Registrar: RESERVED-Internet Assigned Numbers Authority
   Registrar IANA ID: 376
   Registrar Abuse Contact Email:
   Registrar Abuse Contact Phone:
   Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited

The registry record shows the domain ID, registrar, update history, expiration date, and status values that registries use to control transfers or deletions.

Query Whois IP Address Information

Use an IP lookup when you need to identify the organization that owns a public address block.

whois 8.8.8.8

Relevant lines include:

NetRange:       8.8.8.0 - 8.8.8.255
CIDR:           8.8.8.0/24
NetName:        GOGL
Organization:   Google LLC (GOGL)
RegDate:        2023-12-28
Updated:        2023-12-28

This output is useful when firewall logs, web server logs, or threat-intelligence notes give you an IP address but not the organization behind it.

Query a Specific Whois Server

The -h option sends the request to a specific WHOIS server instead of following the default referral path.

whois -h whois.verisign-grs.com example.com

A direct server lookup is useful when you want the registry response itself or when a domain’s default referral chain omits fields you need.

Filter Whois Output for Abuse Contacts

Pipe the result through grep when you only need the abuse contact lines. You can use the grep command in Linux here because -i ignores letter case.

whois linuxcapable.com | grep -i abuse

   Registrar Abuse Contact Email: abuse@namecheap.com
      Registrar Abuse Contact Phone: +1.6613102107
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545

These fields give you the registrar or provider contacts to use when you report phishing, spam, or malicious hosting.

Check Whois Domain Expiration Dates

Filter the expiration fields if you only want renewal deadlines. The -E flag lets grep match either field name in one pass.

whois linuxcapable.com | grep -i -E "Registry Expiry Date|Registrar Registration Expiration Date"

   Registry Expiry Date: 2026-07-03T08:58:15Z
Registrar Registration Expiration Date: 2026-07-03T08:58:15.00Z

This keeps renewal checks short enough for scripts, cron jobs, or quick manual audits.

Run Whois ASN Lookups

Prefix an autonomous system number with AS to query the operator behind a routing announcement.

whois AS15169

Relevant lines include:

ASNumber:       15169
ASName:         GOOGLE
ASHandle:       AS15169
RegDate:        2000-03-30
Updated:        2012-02-24
OrgName:        Google LLC

ASN lookups help when you are tracing network ownership, investigating BGP paths, or comparing multiple IP ranges from the same provider.

View Whois Command Options

List the available flags when you need to change servers, adjust recursion, or hide disclaimer text.

whois --help

Relevant options include:

Usage: whois [OPTION]... OBJECT...

-h HOST, --host HOST   connect to server HOST
-p PORT, --port PORT   connect to PORT
-I                     query whois.iana.org and follow its referral
-H                     hide legal disclaimers
      --verbose        explain what is being done
      --no-recursion   disable recursion from registry to registrar servers
      --help           display this help and exit
      --version        output version information and exit

For DNS record queries that complement registry data, use the nslookup command in Linux alongside whois. The full manual page is also available with man whois.

Remove Whois from Ubuntu

Remove the package if you no longer need the client.

sudo apt remove whois -y

Verify removal with an installed-state check. This confirms the package is no longer in the ii installed state:

dpkg -l whois | grep '^ii' || echo "whois is not installed"

whois is not installed

APT may still show a candidate because the package remains available from Ubuntu’s repositories. That is normal after removal:

apt-cache policy whois

whois:
  Installed: (none)
  Candidate: 5.6.6
  Version table:
     5.6.6 500
        500 http://au.archive.ubuntu.com/ubuntu resolute/main amd64 Packages

The standard whois package does not create per-user config or cache directories under ~/.config, ~/.cache, or ~/.local/share, so there is normally nothing else to clean up.

If you want to review optional orphan cleanup, preview it first and skip the cleanup if APT lists packages unrelated to whois:

sudo apt autoremove --dry-run

Conclusion

The whois command is installed on Ubuntu and ready for domain registration lookups, IP ownership checks, abuse-contact filtering, and ASN queries straight from the terminal. When you need to compare registry data with live DNS records, use the nslookup command in Linux, or script the filtered examples above for faster monitoring and investigations.