Skip to main content
DNSnexus
Free Developer Tools
DNS
Email
Network
Webmaster
Security
IP
Guides
Live Tools
60+
Categories
6
Result URLs
Shareable
Availability
24/7
DNSnexus
Free Developer Tools
Free DNS, email, network, and security diagnostics with crawlable tool pages and shareable result URLs.
Run DNS CheckBrowse All Tools
Popular Tools
DNS Propagation CheckerDNS LookupWHOIS LookupSPF Record CheckerDMARC CheckerSSL Certificate CheckerPort Scanner
Quick Path
Fix Email Deliverability
Quick Path
Troubleshoot DNS Changes
Quick Path
Validate SSL & Open Ports
DNS Tools
A Record LookupAAAA Record LookupCERT LookupCNAME LookupDNS CheckDNS LookupDNS Propagation CheckerDNSKEY LookupDS LookupIPSECKEY LookupLOC LookupNS LookupNSEC LookupNSEC3PARAM LookupReverse DNS LookupRRSIG LookupSOA LookupSRV LookupTXT LookupWHOIS Lookup
Email Tools
BIMI LookupBlacklist CheckDKIM CheckerDMARC CheckerDMARC Report AnalyzerEmail Deliverability ReportEmail Header AnalyzerEmail Health ReportGoogle/Yahoo Compliance CheckerMicrosoft Compliance CheckerMTA-STS LookupMX Record LookupSMTP TestSPF Record Checker
Network Tools
HTTP LookupHTTPS LookupMAC Address GeneratorMAC Address LookupOnline TraceroutePingSubnet Calculator
Webmaster Tools
HTTP Headers CheckSearch Presence CheckWebsite Link AnalyzerWebsite Operating System CheckWebsite Redirect CheckerWhat is My User Agent?
Security Tools
DKIM Record GeneratorDMARC GeneratorDomain DNS Security CheckEmail Security CheckerPort ScannerSPF GeneratorSSL Certificate CheckerWebsite Vulnerability Scanner
IP Tools
ARIN LookupASN LookupIP Blacklist CheckIP Geolocation LookupWhat Is My IP
Company
All Tools DirectoryGuides & PlaybooksAbout DNSnexusContactAPI DocsPrivacy PolicyTerms & ConditionsCookie Policy
© 2026 DNSnexus — DNS, Email, Network & Security Tool Platform
All ToolsAboutContactPrivacyTerms
Home › Guides › Webmaster & Technical SEO › WHOIS Lookup: What It Is and What It Reveals
Webmaster & Technical SEO•11 min•Published 2026-07-14

WHOIS Lookup: What It Is and What It Reveals

A WHOIS lookup is the fastest way to find out who registered a domain, when it expires, and which nameservers control its DNS. It queries a public registration database maintained by domain registries and registrars, returning data like the registrar name, creation and expiration dates, nameservers, and domain status codes — though personal registrant details are now redacted by default under privacy law.

Quick Answer
A WHOIS lookup queries the registration record for a domain and returns its registrar, creation/expiration dates, nameservers, and EPP status codes. Run one with whois example.com in a terminal, or use a WHOIS Lookup tool. Since January 28, 2025, ICANN requires gTLD registries and registrars to use RDAP instead of the legacy WHOIS protocol, though the term "WHOIS lookup" is still used for both.

What Is a WHOIS Lookup?

A WHOIS lookup is a query against the registration record that a domain registry or registrar keeps for a domain name. The result — historically called a "WHOIS record" — tells you who registered the domain (or a privacy proxy, if enabled), which company manages the registration, when it was created and when it expires, which nameservers it points to, and what status codes are currently applied to it.

The name comes from the original protocol, defined in RFC 3912, which is a simple text-based query/response system: a client opens a TCP connection on port 43, sends a domain name terminated by a carriage return and line feed, and the server replies with plain text before closing the connection. RFC 3912 itself documents the protocol's limits — it has no authentication, no encryption, and no defined character set for internationalized text, since it predates modern security expectations by decades.

WHOIS data is used for a wide range of practical tasks: verifying who controls a domain before a business deal, checking when a domain you manage is due to expire, confirming that a DNS or nameserver change propagated to the registry, investigating phishing or abuse domains, and researching a competitor's infrastructure history. Every domain has a registry-level record (held by the registry that operates the top-level domain, e.g., Verisign for .com) and, for most gTLDs, a registrar-level record (held by the company you bought the domain from, e.g., GoDaddy or Namecheap) — a two-tier structure known as "thin" (registry) and "thick" (registrar) WHOIS.

Since January 2025, the underlying protocol for gTLDs has technically changed from WHOIS to RDAP, but the query is still colloquially called a "WHOIS lookup" — see WHOIS vs RDAP below.

How Does a WHOIS Lookup Work?

A WHOIS or RDAP query follows a referral chain, not a single flat database. Here's the sequence for a .com domain:

  1. Registry query. The client (a WHOIS tool, RDAP client, or command-line utility) first queries the registry's WHOIS/RDAP server for the top-level domain — whois.verisign-grs.com for .com and .net. IANA maintains the authoritative list of registry WHOIS servers per TLD.
  2. Registrar referral. The registry response includes a Registrar WHOIS Server field pointing to the domain's actual registrar (the company the owner bought the domain from).
  3. Registrar query. The client queries that registrar's server for the full record, which includes contact data (if not redacted), nameservers, and status codes.
  4. Response parsing. The client displays or parses the plain-text (WHOIS) or JSON (RDAP) response.

Here's what a real referral chain looks like using the command-line whois client against a .com domain:

Code
$ whois example.com
   Domain Name: EXAMPLE.COM
   Registry Domain ID: 2336799_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.iana.org
   Registrar URL: http://res-dom.iana.org
   Updated Date: 2024-08-14T07:01:34Z
   Creation Date: 1995-08-14T04:00:00Z
   Registry Expiry Date: 2025-08-13T04:00:00Z
   Registrar: RESERVED-Internet Assigned Numbers Authority
   Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Name Server: A.IANA-SERVERS.NET
   Name Server: B.IANA-SERVERS.NET
   DNSSEC: signedDelegation

example.com is reserved for documentation under RFC 2606, so its registrar is IANA itself — a normal commercial domain's output will show a public registrar (Namecheap, GoDaddy, Cloudflare, etc.) and, in almost every case today, REDACTED FOR PRIVACY in place of registrant name, email, and address.

What Information Does a WHOIS Lookup Reveal?

The fields below are what a WHOIS/RDAP query returns for a typical gTLD domain in 2026. Registrant contact fields are redacted by default; the rest is public.

FieldTypical VisibilityWhat It Tells You
RegistrarPublicThe company managing the registration (e.g., GoDaddy, Namecheap, Cloudflare)
Creation DatePublicWhen the domain was first registered
Registry Expiry DatePublicWhen the current registration period ends
Updated DatePublicLast time the registration record changed
Name ServersPublicWhich DNS provider or host controls the domain's records
Domain Status (EPP codes)PublicTransfer/delete/update locks and lifecycle state — see table below
DNSSECPublicWhether the domain has a signed DS record at the registry
Registrant Name/OrgRedacted (default)Domain owner — visible only if privacy is disabled or the registrant opts in
Registrant Email/PhoneRedacted (default)Contact details — replaced with REDACTED FOR PRIVACY or a proxy address

The registrar and expiry date are the two fields most people actually need day to day — the registrar tells you who to contact for a transfer or dispute, and the expiry date tells you whether a domain is about to lapse. Both remain public even on privacy-protected domains, since ICANN's registrar accreditation agreement requires that operational registry data stay accessible.

Why Is WHOIS Data Redacted or Hidden?

Registrant name, email, phone, and postal address are hidden on most domains today because of privacy regulation, not a registrar policy choice. When the EU's General Data Protection Regulation (GDPR) took effect in 2018, ICANN adopted a Temporary Specification directing registrars and registries to redact personal data from public WHOIS output for any registrant whose data falls under GDPR scope. In practice, nearly every registrar applies this redaction globally — not just to EU registrants — because maintaining two separate WHOIS pipelines is operationally impractical.

When redaction is active, you'll see placeholder text like REDACTED FOR PRIVACY in the registrant name, organization, email, and phone fields, sometimes alongside a registrar-hosted proxy email (e.g., abc123@privacy-protect.example) that forwards messages to the real registrant without exposing their address. This is distinct from a paid "WHOIS privacy" add-on, which some registrars still sell — the GDPR-driven redaction happens automatically at the registry/registrar level regardless of whether the owner pays for an extra privacy product.

Non-redacted (public) data still includes the registrar, dates, nameservers, and status codes, because that information is operationally necessary — anyone resolving or managing the domain needs it, and none of it identifies an individual.

What Do EPP Domain Status Codes Mean?

Every domain carries one or more EPP (Extensible Provisioning Protocol) status codes, defined by ICANN, that describe locks and lifecycle state. These are one of the most misread parts of a WHOIS record — a code like clientHold explains why a domain suddenly stopped resolving, and pendingDelete explains why an expired domain vanished from search.

Status CodeSet ByWhat It Means
okRegistryNo restrictions — the default state when nothing else applies
clientTransferProhibitedRegistrarRegistrar-side lock blocking transfer to another registrar
clientHoldRegistrarDomain removed from the zone file — site and email stop resolving
clientDeleteProhibitedRegistrarRegistrar-side lock blocking deletion
clientUpdateProhibitedRegistrarRegistrar-side lock blocking record changes
autoRenewPeriodRegistry45-day grace period after auto-renewal where the registrar can still get a refund
redemptionPeriodRegistry30-day window after expiry where the domain can be restored (usually for a redemption fee)
pendingDeleteRegistryFinal 5-day window before an expired, unredeemed domain is released back to the public pool

If you manage a domain and see clientHold, the fix is usually a billing or verification issue with the registrar, not a DNS problem — check the registrar account before troubleshooting DNS records with a DNS Lookup tool.

WHOIS vs RDAP: What Changed in 2025?

On January 28, 2025, ICANN formally sunset the legacy WHOIS protocol for generic top-level domains (gTLDs), replacing it with RDAP (Registration Data Access Protocol) as the required, authoritative source for registration data — confirmed in ICANN's official announcement. Registries and registrars for gTLDs (.com, .org, .net, and the newer TLDs under ICANN contracts) are contractually required to run RDAP; the old port-43 WHOIS service is being progressively decommissioned.

RDAP, standardized in RFC 9082 (query format) and RFC 9083 (JSON responses), fixes the structural problems RFC 3912 documented in WHOIS:

WHOIS (RFC 3912)RDAP (RFC 9082/9083)
TransportRaw TCP, port 43HTTPS
Response formatUnstructured plain textStructured JSON
AuthenticationNoneSupports OAuth/bearer tokens for differentiated access
InternationalizationNo defined character setUTF-8 native
Machine parsingRequires per-registrar text scrapingStandard schema, directly parseable

For most day-to-day lookups this is invisible — "WHOIS lookup" tools and the term itself persisted, and many now query RDAP endpoints under the hood while presenting the same familiar output. Country-code TLDs (ccTLDs like .io, .co, .uk) are not bound by the ICANN gTLD contract and may continue running legacy WHOIS servers indefinitely, so a .uk or .io lookup may still hit port 43 directly.

How Do You Run a WHOIS Lookup?

Command line (macOS/Linux):

Code
whois example.com

Command line (Windows, via WSL or a WHOIS client, since Windows has no built-in whois):

Code
nslookup -type=NS example.com
# then query the registrar's RDAP endpoint directly for full detail

RDAP query (structured JSON, works on any OS with curl):

Code
curl -s "https://rdap.verisign.com/com/v1/domain/example.com" | head -40

Browser tool: for a formatted result with no terminal required, use the WHOIS Lookup tool — it resolves the registry-to-registrar referral chain automatically and displays registrar, dates, nameservers, and status codes in one view. Pair it with the NS Lookup tool to confirm the nameservers WHOIS reports are actually the ones answering DNS queries — a mismatch between the two usually means a nameserver change hasn't propagated yet at the registry.

Common WHOIS Lookup Issues and Fixes

Problem: "No match for domain" on a domain you know is registered. Cause: you queried the wrong WHOIS server, or the domain uses a ccTLD with a non-standard server. Fix: use a tool that resolves the correct registry server automatically, or check IANA's WHOIS server list for that TLD.

Problem: Registrant name shows REDACTED FOR PRIVACY and you need to contact the owner. Cause: GDPR-driven redaction (see above) — this is expected on the vast majority of domains today, not a sign of anything suspicious. Fix: use the registrar's proxy email if one is listed, or the registrar's abuse contact form if the request involves abuse or a legal matter.

Problem: WHOIS shows different nameservers than what's actually resolving. Cause: a nameserver change at the registrar hasn't finished propagating at the registry, or a caching resolver is serving stale data. Fix: check the registry-level record directly (it updates faster than some caching WHOIS mirrors), and cross-check with a DNS Propagation Checker to see the live answer from resolvers worldwide.

Problem: A .io, .co, or other ccTLD lookup times out or returns nothing. Cause: some ccTLD registries run rate-limited or web-only WHOIS services rather than an open port-43 server. Fix: check the ccTLD registry's own website for a web-based lookup, since RDAP mandates only apply to ICANN-contracted gTLDs, not ccTLDs.

Key Takeaways

  • ✓ A WHOIS lookup returns registrar, dates, nameservers, and EPP status codes for a domain — registrant contact data is redacted by default under GDPR-driven policy.
  • ✓ The legacy WHOIS protocol (port 43, plain text, defined in RFC 3912) was formally sunset for gTLDs by ICANN on January 28, 2025, replaced by RDAP (RFC 9082/9083) over HTTPS with JSON output.
  • ✓ Lookups follow a referral chain — registry server first, then a redirect to the domain's registrar server for the full record.
  • ✓ EPP status codes like clientHold or pendingDelete explain lifecycle states that a plain "domain not resolving" symptom won't.
  • ✓ ccTLDs (.io, .co, .uk, etc.) aren't bound by the ICANN gTLD RDAP mandate and may still run legacy WHOIS servers.

Frequently Asked Questions

Q: What does a WHOIS lookup show?

A WHOIS lookup shows a domain's registrar, creation and expiration dates, nameservers, and EPP status codes. Registrant name, email, and phone are redacted by default on almost all domains due to GDPR-driven privacy rules.

Q: Is WHOIS lookup free?

Yes. WHOIS and RDAP are public registration-data services required by ICANN's registry/registrar agreements, so any WHOIS tool, RDAP endpoint, or command-line whois client can query them at no cost.

Q: Why can't I see who owns a domain in WHOIS?

Since 2018, ICANN's GDPR-driven Temporary Specification requires registrars to redact registrant name, email, and phone from public WHOIS/RDAP output by default, showing REDACTED FOR PRIVACY instead.

Q: What is the difference between WHOIS and RDAP?

WHOIS (RFC 3912) is an unencrypted, plain-text, port-43 protocol with no defined character set. RDAP (RFC 9082/9083) replaced it for gTLDs on January 28, 2025, using HTTPS and structured JSON with support for differentiated, authenticated access.

Q: How do I find out when a domain expires?

Run a WHOIS lookup and check the "Registry Expiry Date" field, which is public even when the registrant's contact details are redacted. The WHOIS Lookup tool displays this directly.

Q: What does clientTransferProhibited mean in a WHOIS record?

It's an EPP status code set by the registrar that blocks the domain from being transferred to another registrar. It's a normal anti-hijacking lock, not an error — it must be removed by the current registrar before a transfer can proceed.

Q: Can I do a WHOIS lookup on an IP address?

Yes. WHOIS also covers IP address allocations, managed by the five Regional Internet Registries (ARIN, RIPE NCC, APNIC, LACNIC, AFRINIC) instead of domain registrars — the query returns the allocated network block and the organization it was assigned to.

Next Steps

Run a live lookup with the WHOIS Lookup tool, then cross-check the nameservers it reports against the NS Lookup tool and the live DNS answer from the DNS Lookup tool. If you're chasing a redirect or migration issue instead of a registration question, the Website Redirect Checker traces the HTTP chain a WHOIS record can't show you.

Related Guides

  • What Are Nameservers? How They Work and How to Change Them
  • Reverse DNS Lookup Explained: PTR Records, rDNS, and Why Email Needs It
  • Domain DNS Security Posture: A Full Audit Checklist
Free Newsletter

Get guides like this by email

DNS, email auth, and security playbooks delivered when they publish. No spam.

On this page
  • What Is a WHOIS Lookup?
  • How Does a WHOIS Lookup Work?
  • What Information Does a WHOIS Lookup Reveal?
  • Why Is WHOIS Data Redacted or Hidden?
  • What Do EPP Domain Status Codes Mean?
  • WHOIS vs RDAP: What Changed in 2025?
  • How Do You Run a WHOIS Lookup?
  • Common WHOIS Lookup Issues and Fixes
  • Key Takeaways
  • Frequently Asked Questions
  • Next Steps
Related links
Whois LookupNs LookupDns LookupWebsite Redirect CheckerWhat Are NameserversReverse Dns Lookup Explained
Related Tools
HTTP Headers Check→Website Operating System Check→What is My User Agent?→Website Link Analyzer→