Back to Tools
WHOIS Domain Lookup
Look up domain registration, registrar, nameserver, and ownership data via WHOIS/RDAP.
Enter a domain name without protocol
WHOIS Results for
WHOIS vs RDAP: Understanding Domain Lookups
WHOIS is a query/response protocol (TCP port 43) that has served domain registration data since the 1980s. RDAP (Registration Data Access Protocol, RFC 7480-7485) is its modern RESTful replacement using JSON over HTTPS.
| Concept | Meaning |
|---|---|
| Registry | The organization managing a TLD (e.g., Verisign for .com, DENIC for .de). Maintains the authoritative database. |
| Registrar | The company you bought the domain from (Namecheap, GoDaddy, Porkbun). Acts as intermediary between registrant and registry. |
| Registrant | The person or organization that registered the domain. Visible in WHOIS unless privacy protection is enabled. |
| Status Codes | EPP status codes: clientTransferProhibited (locked), serverHold (suspended), redemptionPeriod (expired but recoverable), pendingDelete (gone in 5 days). |
| RDAP | Modern protocol returning structured JSON. Required for gTLDs since 2019. Many ccTLDs still use legacy WHOIS only. |
How WHOIS Works Behind the Scenes
- TLD discovery: The WHOIS client first determines which TLD registry handles the domain. For .com, it queries whois.verisign-grs.com. For country-code TLDs, each registry runs its own WHOIS server.
- Registry WHOIS: Queries the TLD registry's WHOIS server on TCP port 43. Returns thin WHOIS data: registrar name, nameservers, status codes, and dates. For thin registries (.com, .net), detailed registrant data is NOT stored here.
- Registrar WHOIS: For thick registries or follow-up queries, the client queries the registrar's WHOIS server for full registrant details. The referral from the registry WHOIS typically includes the registrar's WHOIS server hostname.
- Privacy/Redaction: GDPR (2018) forced most registries to redact registrant contact data from public WHOIS. You now see "REDACTED FOR PRIVACY" or the registrar's proxy contact instead of personal data.
- Rate limiting: Most WHOIS servers enforce rate limits and may temporarily block IPs that query too aggressively. Bulk WHOIS lookups should use RDAP or dedicated API services.
3 Common WHOIS Troubleshooting Scenarios
Domain Shows as Available — But It Is Not
- WHOIS server rate limiting may return false "not found" responses after too many queries
- Some ccTLDs have non-standard WHOIS servers — the standard whois client may connect to the wrong one
- Check via RDAP:
curl -s https://rdap.verisign.com/com/v1/domain/example.com
Transfer Failed — Domain Locked
- Check for clientTransferProhibited or serverTransferProhibited status codes
- The registrant must remove the transfer lock at the current registrar before initiating a transfer
- A domain registered or transferred within the last 60 days cannot be transferred (ICANN policy)
Whois Data Shows Old Info
- WHOIS caches can be stale for 24-48 hours after a change
- Registrar WHOIS may show updated data while registry WHOIS still shows old data during the sync window
- Nameserver changes may take 24-48 hours for full propagation even though WHOIS updates faster
5 WHOIS Gotchas
1. Thin vs thick WHOIS: .com and .net use thin registry model — registry WHOIS only shows registrar info. .org and new gTLDs use thick model — all data is at the registry.
2. Redemption period: After expiry, a domain enters redemptionPeriod (~30 days). The original registrant can restore it for a fee (often $80-150). After that, pendingDelete (~5 days) means it is gone permanently.
3. WHOIS format inconsistency: Each TLD registry returns WHOIS data in a slightly different format. There is no standard field mapping — some use "Registrar:", others "Sponsoring Registrar:", others "organisation:" in RDAP.
4. Privacy/Proxy services: WhoisGuard, Domains By Proxy, and similar services replace your contact data with theirs. This is legal and recommended. However, some TLDs (.us, .de, .au) prohibit WHOIS privacy.
CLI Equivalent
# WHOIS lookup
whois example.com
# RDAP lookup (JSON)
curl -s https://rdap.verisign.com/com/v1/domain/example.com
# Check domain expiry only
whois example.com | grep -i "expir\|Registry Expiry"