What Is WHOIS?
What Is the WHOIS Protocol?
WHOIS is a query-and-response protocol used to look up information about registered domain names, IP addresses, and autonomous system numbers. It provides details about who registered a domain, when it was registered, when it expires, and which nameservers it uses.
The WHOIS protocol has been in use since the early 1980s (standardized in RFC 3912). It operates on TCP port 43, and anyone can query a WHOIS server to retrieve publicly available registration data.
What Data Does WHOIS Show?
A typical WHOIS query for a domain name returns the following information:
| Field | Description | Example |
|---|---|---|
| Domain Name | The registered domain | example.com |
| Registrar | Company where the domain was registered | GoDaddy, Namecheap, Cloudflare |
| Registrant | Person or organization that owns the domain | Name, org, email (may be redacted) |
| Creation Date | When the domain was first registered | 1997-09-15 |
| Expiration Date | When the registration expires | 2025-09-14 |
| Updated Date | Last modification to the WHOIS record | 2024-08-14 |
| Nameservers | DNS servers authoritative for the domain | ns1.example.com |
| Status | Domain status codes (locks, holds) | clientTransferProhibited |
WHOIS vs RDAP
RDAP (Registration Data Access Protocol) is the modern replacement for WHOIS, designed to address many of its limitations:
- Structured data: RDAP returns data in JSON format, making it easier to parse programmatically. WHOIS uses inconsistent plain text.
- Standardized responses: RDAP follows a consistent format across all registries and registrars.
- Better security: RDAP supports HTTPS and authentication, allowing differentiated access levels.
- Internationalization: Proper support for non-ASCII characters and IDN domains.
- Privacy-aware: Built-in support for access control, making GDPR compliance easier.
ICANN has been transitioning from WHOIS to RDAP, and all registries and registrars are required to support RDAP. However, the traditional WHOIS protocol remains widely used.
WHOIS Privacy Protection
When you register a domain, your contact information (name, email, phone, address) may become publicly visible in WHOIS records. To protect your privacy, several options exist:
- WHOIS Privacy / ID Protection: Most registrars offer a privacy service that replaces your personal details with the registrar's proxy information. This is often free or low-cost.
- GDPR redaction: For registrants in the EU (and often applied globally), registrars redact personal data by default.
- Privacy/proxy registration: Some services register the domain on your behalf through a proxy entity.
How to Perform a WHOIS Lookup
There are several ways to query WHOIS data:
- Online tools: Use our Domain/WHOIS Lookup tool for instant results with a clean interface.
- Command line (Linux/macOS): Run
whois example.comin your terminal. - Command line (Windows): Windows does not include a native WHOIS command. You can install Sysinternals
whois.exefrom Microsoft, or use PowerShell with web-based APIs. - RDAP: Query directly via URL:
https://rdap.org/domain/example.com
For IP address lookups, WHOIS will return information about the IP block owner (usually the ISP or organization), the RIR that allocated it, and the associated ASN.