What is WHOIS? Domain registration data explained
WHOIS is a public database of domain registration records. Learn what a WHOIS record contains, what you can find, and how it works.
WHOIS is both a protocol and a public database that stores the registration information for domain names. Its most immediate use is simple: finding out who owns a domain. The protocol dates back to the early 1980s, when it was developed to track users and hosts on ARPANET. Decades later, the underlying data remains central to how the internet is administered, monitored, and investigated.
What does a WHOIS record contain?
A typical WHOIS record includes the following fields:
| Field | What it means |
|---|---|
| Registrant name / organization | The person or company who registered the domain |
| Registrant email | Contact email for the owner (often hidden) |
| Registrar | The company through which the domain was purchased (e.g., Namecheap, GoDaddy) |
| Created date | When the domain was first registered |
| Updated date | Last time the record was modified |
| Expiry date | When the domain registration expires |
| Name servers | DNS servers responsible for the domain |
| Domain status | EPP status codes indicating the domain's current state |
Here is what a raw WHOIS output for example.com looks like:
Domain Name: EXAMPLE.COM
Registry Domain ID: 2336799_DOMAIN_COM-VRSN
Registrar: IANA
Registrar WHOIS Server: whois.iana.org
Creation Date: 1995-08-14T04:00:00Z ← first registered
Updated Date: 2023-08-14T07:01:31Z ← last record update
Registry Expiry Date: 2024-08-13T04:00:00Z ← renewal deadline
Name Server: A.IANA-SERVERS.NET ← DNS infrastructure
Name Server: B.IANA-SERVERS.NET
Domain Status: clientDeleteProhibited ← EPP lock flags
DNSSEC: signedDelegation
Why registrant details are often hidden
In many records, the registrant name and email show a proxy service rather than an actual person. This is WHOIS privacy protection at work: the registrar substitutes its own contact details for those of the domain owner. Since the GDPR came into effect in 2018, most European registrars redact personal registrant data by default. For a full explanation of what gets hidden and what does not, see the article on WHOIS privacy protection.
What is WHOIS used for?
WHOIS data serves several practical purposes:
- Ownership verification before a purchase. Before making an offer on a domain listed for sale, you can confirm who currently holds it and check registration history.
- Identifying a hosting provider or registrar to report abuse. If a site is hosting malicious content, the registrar contact in WHOIS is the right place to file a complaint.
- Monitoring expiry dates. Domain portfolio managers use WHOIS data to track when registrations need renewal, avoiding accidental drops.
- Brand protection and lookalike detection, Searching WHOIS for domains similar to a trademark can surface cybersquatting attempts early.
- Due diligence on secondhand domains. Before buying a domain through a marketplace, checking its registration history and current status is standard practice.
How does WHOIS work technically?
WHOIS is a TCP protocol running on port 43, defined in RFC 3912. A client sends a plain-text domain name query; the WHOIS server for that registry responds with a plain-text record. For .com domains, the authoritative server is whois.verisign-grs.com. For .fr it is whois.afnic.fr. Each registry formats its response differently, there is no enforced standard. This is precisely why RDAP was created: to replace the inconsistent text format with structured JSON over HTTPS.
WHOIS vs. RDAP: what is changing
RDAP (Registration Data Access Protocol) is the official successor to WHOIS. It carries the same registration data but delivers it as structured JSON via HTTPS, with proper support for internationalization and access control. The ICANN has required all gTLD registries to support RDAP since 2019. Domain Sentinel queries RDAP first for every lookup, falling back to WHOIS only for TLDs that have not yet migrated. For a full technical comparison, see WHOIS vs RDAP.
WHOIS data accuracy and limitations
WHOIS data is not always reliable. A few things to keep in mind:
- Records go out of date. Registrants rarely update contact information after the initial registration.
- Privacy protection hides the real owner's details behind a proxy service.
- Country-code TLDs (ccTLDs) like
.de,.uk, or.jphave their own policies, and some publish significantly less data than gTLDs like.comor.org. - WHOIS shows only the current state of a record. Past owners, registrar transfers, and nameserver history are not part of the protocol, that data lives in third-party archives. See domain registration history for how to find it.
Privacy protection active? Domain Sentinel still returns the registrar, nameservers, expiry date, and EPP status codes, the fields that matter for monitoring. Personal contact data being redacted does not block the data that counts.
Look up any domain on Domain Sentinel to see a live RDAP record, complete with interpreted status codes and expiry alerts.
Start with a domain you care about
Look it up for free. If you want alerts when status changes or expiry gets close, create an account. Takes about 30 seconds.