How to create your own WHOIS server
May 22, 2019Learn how to create your very own Ip WHOIS server that runs on AppEngine (Google cloud infrastructure)
A WHOIS server is incredibly easy to build - from a technical standpoint. All you have to do is grab a database, load it and run queries against it.
The above example uses the GeoIP2-City
MaxMind database which is a surprisingly accurate and updated database. You can wrap a webserver around this code and be done with it but there's one issue here: ip addresses change often or they get reassigned.
To solve this issue you can create a cron that runs daily and downloads the database from source to keep everything up to date. We already have a webserver that needs to stay up and monitored so adding a cron with an external dependency tends to complicate things even more.
If you're also doing any sort of scaling you have to be careful to run the cron on a single instance and avoid getting banned on Maxmind for downloading the same resource multiple times at once. Of course, running the cron on a single instance presumes you have a way of distributing the downloaded file to all instances…I can go on like this forever.
If the above scares you don't despair! I have a simple solution. AppEngine (part of Google's cloud offering) servers offer geolocation information in all requests that aim at their servers - via headers. This is extremely useful because we can take advantage of this information and create a simple Ip Whois server with minimal code. The requests are super light and the costs attached to running this server will be close to zero.
A bit of warning though: I've tested the info they provide and it doesn't seem to be quite accurate - especially for the city info. The information returned should not be used for critical applications. For that I recommend a premium service such as infoip.
I also created a github repo as an example of such server. It is written in Go but the code is super thin and I'm sure you can adapt it in any way you desire and I strongly recommend setting up a key authentication system to prevent abuse.