What Is WHOIS and What Does It Tell You About a Domain?
WHOIS is the protocol and database that records who registered a domain and when it expires. Here's everything it can tell you.
What Is WHOIS and What Does It Tell You About a Domain?
WHOIS (pronounced "who is") is both a protocol and a distributed database system that stores registration information for every domain on the internet. When someone registers a domain, the registrar submits that information to the appropriate WHOIS database. Anyone can query it.
The WHOIS Protocol
WHOIS uses a simple TCP-based protocol defined in RFC 3912. A client opens a connection to port 43 on a WHOIS server, sends a domain name as a text query, and receives a plain-text response.
Different TLDs have different WHOIS servers:
.comand.net-whois.verisign-grs.com.org-whois.pir.org.io-whois.nic.io.de-whois.denic.de- Country-code TLDs each have their own server
ElasticDomain maintains a registry of WHOIS server mappings for 50+ TLDs and queries each domain's correct server directly.
What WHOIS Data Contains
A full WHOIS record contains:
Registration Dates
- Created date - when the domain was first registered
- Updated date - when the registration record was last modified
- Expiry date - when the domain will lapse if not renewed (the most important field for monitoring)
Registrar Information
- Registrar name - e.g. GoDaddy, Namecheap, Google Domains
- Registrar IANA ID - unique identifier for the registrar
- Registrar URL - the registrar's website
Nameservers
The NS records listed in WHOIS indicate which DNS servers are authoritative for the domain. A nameserver change in WHOIS means someone has transferred DNS control.
Domain Status Codes
ICANN status codes show the current state of the registration:
clientTransferProhibited- domain cannot be transferred to another registrar (common and expected)clientDeleteProhibited- domain cannot be deletedserverHold- domain is not active (not resolving in DNS)pendingDelete- domain is in the deletion process
Registrant Contact (When Available)
- Name, organization, country, email
GDPR and Privacy Protection
Since 2018, GDPR has caused registrars to redact most registrant contact data for domains registered in Europe, and many registrars do this globally. You'll often see:
Registrant Name: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar...
The expiry date, registrar, and nameservers are never redacted - they're operational data required to be public. Contact details may be.
What WHOIS Is Used For
Domain Expiry Monitoring
The expiry date tells you exactly when a domain will lapse. Monitoring services query WHOIS regularly and alert owners before that date.
Domain Due Diligence
Before buying a domain (from a marketplace or in an acquisition), WHOIS tells you:
- How old the domain is (domain age affects SEO trust)
- Current registrar
- Whether it's currently under a transfer lock
Security Research
WHOIS is used to trace malicious domains - who registered them, when, and through which registrar.
Brand Protection
Searching WHOIS for recently registered domains containing your brand name can surface squatters or phishing domains before they cause damage.
Limitations of WHOIS
- Privacy protection hides contact details - legitimate and common
- Data can be outdated - registrars don't always update immediately
- Not all TLDs are equal - some ccTLDs (like
.eu) have minimal public WHOIS data - Rate limiting - WHOIS servers rate-limit queries; heavy scraping is blocked
ElasticDomain handles rate limiting by spacing queries appropriately and caching results per domain.