Domain Industry

WHOIS

Protocol and database that shows domain details: registrar, dates, nameservers and status.

What is WHOIS

WHOIS is a protocol and database that provides information about registered domains, IP blocks, and autonomous systems (ASN). When you perform a WHOIS lookup on a domain you receive details such as:

  • Registrar (who it was purchased from)
  • Creation, updated, and expiry dates
  • Authoritative nameservers
  • Domain status flags (clientTransferProhibited, autoRenewPeriod, etc.)
  • Owner contact details (usually masked by GDPR/privacy services today)

How It Works

WHOIS runs on TCP port 43. You send plain text (the domain you are looking up) and get plain text back. The flow is hierarchical:

  1. Query the thin WHOIS server for the TLD (e.g. whois.verisign-grs.com for .com).
  2. It returns basic information + the thick WHOIS server of the registrar.
  3. Query the registrar for full details.

Example Output

Domain Name: example.com
Registry Domain ID: 2336799_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.iana.org
Registrar: ICANN
Updated Date: 2024-08-14T07:01:31Z
Creation Date: 1995-08-14T04:00:00Z
Registry Expiry Date: 2025-08-13T04:00:00Z
Domain Status: clientDeleteProhibited
Name Server: A.IANA-SERVERS.NET
Name Server: B.IANA-SERVERS.NET
DNSSEC: signedDelegation

GDPR & Redacted Records

Since 2018, due to GDPR, most registrars hide the personal details of the domain owner. You will now see "REDACTED FOR PRIVACY" instead of names, addresses, and emails. To contact the owner, registrars provide a web form or a masked email address.

RDAP — the Successor

The old WHOIS protocol is gradually being replaced by RDAP (Registration Data Access Protocol): a JSON/HTTP-based version with authentication, structured data, and internationalization. All modern registries support both.

Domain Status Codes

The most important status codes you will see in WHOIS:

  • clientTransferProhibited — the registrar blocks transfers (usually what you want for security)
  • clientUpdateProhibited — changes are not allowed
  • clientDeleteProhibited — the domain cannot be deleted
  • serverHold — the domain is suspended (usually for legal reasons)
  • pendingDelete — scheduled for deletion in a few days
  • redemptionPeriod — expired but can still be recovered for an extra fee

Related tools

Domain WHOIS Domain registration & registrar info
IP WHOIS IP geolocation, ASN, ISP

Related terms

Registrar — Καταχωρητής TLD — Top-Level Domain
All terms