WHOIS Lookup
Look up domain registration data including registrar, registration and expiry dates, nameservers, DNSSEC status, and EPP transfer locks.
Find domain registration details via RDAP.
WHOIS Record
Use WHOIS Lookup in 4 Steps
What is WHOIS Lookup?
WHOIS is a query protocol that retrieves registration data for domain names and IP address blocks from the registries that manage them. When you register a domain, your registrar submits your contact and technical details to a registry (like Verisign for .com, Nominet for .uk). WHOIS exposes that record: registrant, administrative and technical contacts, registration and expiry dates, nameservers, and registrar.
WHOIS is used to check domain ownership during due diligence, verify expiry dates before acquisition, investigate abuse sources, confirm nameserver delegations during migrations, and research brand conflicts.
What WHOIS Returns
| Field | Description | Example |
|---|---|---|
| Domain name | The queried domain | github.com |
| Registrar | Company that registered the domain | MarkMonitor Inc. |
| Registered on | Original registration date | 1994-04-05 |
| Expires on | Date registration lapses | 2026-04-06 |
| Updated on | Last WHOIS record update | 2024-03-07 |
| Name servers | Authoritative DNS servers | ns1.p16.dynect.net |
| DNSSEC | Whether DNSSEC is signed | unsigned |
| Registrant | Owner name/org (often redacted) | Privacy-protected |
| Status | Domain lifecycle flags | clientTransferProhibited |
Domain Status Codes Explained
Domain status codes (EPP status codes) tell you what operations are permitted or locked on the domain.
| Status | Meaning |
|---|---|
clientTransferProhibited | Transfer to another registrar is locked — requires registrant unlock |
clientDeleteProhibited | Domain cannot be deleted by registrar |
clientUpdateProhibited | WHOIS contact data is locked from changes |
serverTransferProhibited | Registry-level transfer lock — strongest lock |
pendingTransfer | Transfer to another registrar is in progress |
pendingDelete | Domain is in redemption/deletion grace period |
redemptionPeriod | 30-day window after expiry — can be restored at premium cost |
ok | No special status — normal active state |
WHOIS Privacy and GDPR
Since GDPR took effect in 2018, most registrars redact personal registrant information for domains registered to individuals in the EU (and many do so globally by default). Where privacy protection is enabled, the registrant section shows the registrar's proxy contact details rather than the actual owner's information.
To investigate a privacy-protected domain owner, options include:
- RDAP (Registration Data Access Protocol) — the modern WHOIS replacement with structured JSON output
- Legal subpoena to the registrar
- Abuse contact via registrar's abuse@ address for reported violations
CLI Commands
# Standard WHOIS query
whois github.com
# Query specific WHOIS server
whois -h whois.verisign-grs.com github.com
# IP address WHOIS
whois 8.8.8.8
# RDAP (modern structured output)
curl https://rdap.org/domain/github.com | python3 -m json.tool
# Check expiry date only
whois github.com | grep -i "expir"
# Check nameservers
whois github.com | grep -i "name server"
Domain Lifecycle Timeline
Understanding domain lifecycle prevents accidental loss of a domain after expiry:
| Phase | Duration | Status | What Happens |
|---|---|---|---|
| Active | Until expiry | ok | Domain resolves normally |
| Auto-Renew Grace | 0–45 days past expiry | Various | Registrar may auto-renew |
| Redemption Period | 30 days | redemptionPeriod | Restorable at penalty cost (~$100–300) |
| Pending Delete | 5 days | pendingDelete | Cannot be restored — about to drop |
| Available | After pending delete | — | Anyone can register |
Set calendar reminders 60 and 30 days before expiry. Enable auto-renewal unless intentionally letting a domain lapse.
Frequently Asked Questions
Q: Why is the WHOIS registrant information hidden? A: GDPR and equivalent privacy regulations require registrars to mask personal contact details for individual registrants. Most registrars now apply privacy protection by default. Corporate registrations may still show full contact data.
Q: Can I find out who really owns a privacy-protected domain? A: For legitimate legal matters, the registrar can unmask ownership under subpoena. For abuse (spam, phishing, trademark), use the registrar's abuse reporting process — they are required to investigate and may reveal ownership to affected parties.
Q: What does "clientTransferProhibited" mean? A: The registrar has locked the domain against transfer to another registrar. This is a standard anti-hijacking measure. To transfer a domain, the current owner must request an unlock from their registrar first.
Q: How long does a WHOIS record take to update after changes? A: WHOIS updates propagate within minutes to hours after a registrar submits changes to the registry. DNS changes (nameservers) may take up to 24–48 hours to propagate globally even after the WHOIS record updates.
Q: What is RDAP and how does it differ from WHOIS? A: RDAP (Registration Data Access Protocol) is the structured, authenticated successor to WHOIS. It returns JSON rather than plain text, supports authentication for privileged data access, and has a standardised field structure. ICANN mandated RDAP support from all registries in 2019.
Related Tools
- DNS Lookup — check DNS records for a domain
- NS Lookup — verify authoritative nameservers match WHOIS
- DNS Propagation Checker — track DNS changes globally
- SSL Certificate Checker — verify the domain's TLS certificate
Frequently Asked Questions
Get guides like this by email
DNS, email auth, and security playbooks delivered when they publish. No spam.