What is WHOIS?

Understanding the WHOIS Protocol

WHOIS (pronounced "who is") is a query and response protocol used to query databases that store registered users or assignees of Internet resources, such as domain names and IP addresses.

What is the WHOIS Database?

The WHOIS database is a publicly accessible directory that contains information about registered domain names, including:

  • Registrant Information: Name, organization, contact details of the domain owner
  • Registration Dates: When the domain was created and when it expires
  • Registrar Information: Which company registered the domain
  • Nameservers: DNS servers associated with the domain
  • Domain Status: Current state of the domain (active, locked, expired, etc.)
  • Administrative and Technical Contacts: People responsible for managing the domain

History of WHOIS

WHOIS was created in 1982 as part of the ARPANET project to provide a way to look up information about network resources. It has evolved over the decades to become an essential tool for:

  • Domain research and investigation
  • Trademark protection
  • Law enforcement investigations
  • Network troubleshooting
  • Business intelligence

How WHOIS Works

  1. Query Submission: User submits a domain name to a WHOIS lookup tool
  2. Server Selection: The tool determines which WHOIS server to query based on the TLD
  3. Database Query: The WHOIS server searches its database for the domain
  4. Response: The server returns all available information about the domain
  5. Display: The information is formatted and displayed to the user

WHOIS Server Hierarchy

WHOIS operates through a hierarchical system:

  • ICANN WHOIS: Central reference for all accredited registrars
  • Registry WHOIS: Maintained by TLD registries (e.g., Verisign for .com)
  • Registrar WHOIS: Maintained by individual registrars

Uses of WHOIS

WHOIS lookups are commonly used for:

  • Domain Availability: Check if a domain is available for registration
  • Ownership Verification: Verify who owns a domain
  • Contact Information: Find contact details for domain owners
  • Expiration Tracking: Monitor when domains expire
  • Trademark Protection: Identify potential trademark infringements
  • Fraud Investigation: Investigate suspicious websites
  • Competitive Research: Research competitor domains
  • Network Administration: Troubleshoot DNS and email issues

WHOIS Privacy and GDPR

With the implementation of GDPR (General Data Protection Regulation) in 2018, WHOIS data access has changed:

  • Personal information may be redacted from public WHOIS results
  • Domain privacy protection services have become more common
  • Some registries require legitimate purpose for accessing full WHOIS data
  • Contact methods are often provided through anonymized email forwarding

Limitations of WHOIS

  • Data accuracy depends on registrants providing correct information
  • Privacy protection can hide owner details
  • Different registries may have different data formats
  • Some information may be delayed or cached
  • Not all domains have the same level of information available
← Previous: Understanding Domain Ownership Next: How to Perform a WHOIS Lookup →