Most of the Internet is held together by best practices and good intentions, and WHOIS servers are one of those. One security company was investigating vulnerabilities in WHOIS and got a whole lot more than they bargained for:

Each TLD (the bit at the end of the domain), you see, has a separate WHOIS server, and there’s no real standard to locating them - the only ‘real’ method being examining a textual list published by IANA. This list denotes the hostname of a server for each TLD, which is where WHOIS queries should be directed.

As you can imagine, maintainers of WHOIS tooling are reluctant to scrape such a textual list at runtime, and so it has become the norm to simply hardcode server addresses, populating them at development time by referring to IANA’s list manually. Since the WHOIS server addresses change so infrequently, this is usually an acceptable solution.

However, it falls down in an ungraceful manner when server addresses change.

IANA is the Internet Assigned Numbers Authority responsible for managing the DNS root zone, including top-level domain names like .mobi.