WHOIS: How to Look Up Domain Information and Why It Matters
WHOIS is a protocol and database that stores registration information about domain names. A WHOIS query reveals who owns a domain, when it was registered, when it expires, and which registrar manages it.
What Is WHOIS
WHOIS (from "who is") is a public registry of domain information. When you register a domain, your data (or your organization's data) is recorded in the WHOIS database. This registry is maintained by ICANN and Regional Internet Registries (RIRs).
The WHOIS protocol is defined in RFC 3912 and operates over TCP port 43. Modern implementations are also available through web interfaces and API документацию.
What Data Does WHOIS Return
A typical WHOIS response contains these fields:
| Field | Description | Example |
|---|---|---|
Domain Name | The domain name | example.com |
Registrar | Domain registrar | GoDaddy, Namecheap, Cloudflare |
Creation Date | Registration date | 2005-03-15 |
Expiry Date | Expiration date | 2026-03-15 |
Updated Date | Last update date | 2025-01-10 |
Name Servers | Domain's DNS servers | ns1.example.com, ns2.example.com |
Status | Domain statuses (EPP codes) | clientTransferProhibited |
Registrant | Owner (may be redacted) | Organization or individual |
DNSSEC | DNSSEC presence | signedDelegation / unsigned |
Why WHOIS Matters
Domain Due Diligence
Before registering or purchasing a domain, check its history. WHOIS reveals the domain's age, current status, and previous owners. An aged domain with a clean history can be more valuable than a new one.
Expiration Monitoring
One of the most common problems is domains expiring unnoticed. The result: your website goes down, email stops working, and customers move to competitors. Regular WHOIS checks or automated monitoring with alerts prevent this scenario.
Security Incident Investigation
During phishing attacks or spam campaigns, WHOIS helps identify who registered a suspicious domain, when, and through which registrar. This is the first step for filing an abuse report.
Competitive Analysis
WHOIS reveals a competitor's site age, hosting infrastructure, DNS providers, and when they last updated their domain records.
Domain Statuses (EPP Codes)
Every domain has one or more statuses that determine which actions are possible:
| Status | Meaning |
|---|---|
ok | Domain is active with no restrictions |
clientTransferProhibited | Transfer to another registrar is blocked by the client |
serverTransferProhibited | Transfer is blocked by the registry |
clientDeleteProhibited | Deletion is blocked |
redemptionPeriod | Domain is in redemption period after deletion (30 days) |
pendingDelete | Domain will be deleted and become available for registration |
serverHold | Domain is blocked by the registry (does not resolve) |
Privacy Protection and GDPR
Since GDPR took effect in 2018, many registrars began redacting personal data from WHOIS records. Instead of real information, WHOIS displays proxy service details (e.g., "Redacted for Privacy" or "WHOIS Privacy Service").
This creates a tension between transparency and privacy. ICANN's Temporary Specification allows registrars to redact personal data while still providing technical and administrative contact information when legally required.
RDAP — The Modern WHOIS Replacement
RDAP (Registration Data Access Protocol) is the modern alternative to WHOIS, defined in RFC 7480-7484. Key advantages:
- Structured response format (JSON instead of free-form text)
- Support for internationalized domain names (IDN)
- Access control and authentication capabilities
- Standardized responses (unlike varied WHOIS formats across registrars)
ICANN has required RDAP support from all accredited registrars since 2019.
How to Perform a WHOIS Lookup
Command Line
whois example.com
whois -h whois.verisign-grs.com example.comOnline Tools
Web services let you check WHOIS without installing utilities. Enterno.io provides a free WHOIS tool with a clean display of all fields, including DNS servers and domain statuses.
API
For automated domain monitoring, use WHOIS via API. This lets you integrate domain expiration checks into your scripts and monitoring systems.
Practical Tips
- Enable auto-renewal — most registrars offer automatic domain renewal. This is the most reliable way to avoid losing a domain.
- Set up monitoring — use domain monitoring with alerts at 30, 14, and 7 days before expiration.
- Lock transfers — enable Transfer Lock (clientTransferProhibited) to prevent unauthorized domain transfers.
- Use Privacy Protection — hide your personal data in WHOIS through your registrar's privacy service.
- Verify Name Servers — ensure the Name Servers in WHOIS point to the correct DNS infrastructure.
Check your website right now
Check now →