WHOIS

WHOIS guide

The complete WHOIS lookup guide

This guide starts from zero: what the WHOIS protocol is, why it exists, how it works, how to run a WHOIS lookup, and how to read every field in the result. Every section maps to something you can try in this site's tool.

Key facts about WHOIS

  • Protocol: TCP port 43, plain text (RFC 3912, with RFC 812 as the 1982 origin).
  • Successor: RDAP (RFC 7480–7484, 2015) — HTTPS, JSON, mandated by ICANN for all gTLDs.
  • Maintained by: TLD registries and ICANN-accredited registrars; this site queries authoritative servers in real time, never a third-party cache.
  • Privacy redaction (REDACTED FOR PRIVACY) is mandated by ICANN's 2018 post-GDPR policy — not a site decision.
  • This service is free, requires no signup, has no rate limits, and supports both IPv4 and IPv6 WHOIS.

What is WHOIS?

WHOIS is a public internet protocol used to query a domain's registration data. When you buy a domain from a registrar, the registrar records your details (subject to GDPR-style privacy rules) together with technical fields — registration and expiry dates, nameservers, domain status — at the TLD registry's database. A WHOIS lookup is a request to those authoritative registry or registrar servers to retrieve that data. This site contacts the official WHOIS/RDAP endpoints published by IANA, with no third-party cache database.

Evolution of WHOIS and the move to RDAP

WHOIS traces back to RFC 812 (1982), with RFC 3912 as the current baseline — a plain-text protocol on TCP port 43, originally designed for ARPANET. As domain volume and privacy requirements grew, IETF defined a successor in RFC 7480–7484: RDAP (Registration Data Access Protocol). RDAP runs over HTTPS, returns JSON, and is consistent across TLDs. All gTLDs and most major ccTLDs already serve RDAP. This site prefers RDAP automatically and only falls back to port-43 WHOIS when the registry lacks RDAP support.

How to run a WHOIS lookup: three approaches

There are three common ways to run a WHOIS lookup, from easiest to most technical:

Step-by-step (using this site)

  1. Enter a domain or IP

    On the home page, type the domain name (e.g. example.com) or IP address (IPv4 or IPv6) and click Lookup.

  2. The system picks RDAP or WHOIS automatically

    The backend consults the IANA bootstrap registry, calls the official RDAP endpoint when available, and falls back to port-43 WHOIS otherwise.

  3. Read the structured result

    The result page shows registrar, creation date, expiry, nameservers, domain status, DNSSEC and more — plus links to the site's DNS, SSL, performance and email-health checks for the same domain.

Command-line example

Prefer the terminal? Here are the two equivalent ways to look up a domain via legacy WHOIS and via RDAP:

# Query via the legacy WHOIS protocol (TCP port 43)
$ whois example.com

# Query via RDAP (HTTPS, JSON)
$ curl https://rdap.org/domain/example.com

Reading WHOIS result fields

WHOIS results have many fields, but they group into three buckets: domain lifecycle (creation, updated, expiry), registrar and registrant, and technical/security (nameservers, status, DNSSEC). Common fields include Registrar, Created Date, Expiry Date, Updated Date, Nameservers (ICANN requires at least two), EPP Status Codes such as clientTransferProhibited (registrar-locked, prevents transfers), and DNSSEC. If you see REDACTED FOR PRIVACY in some fields, that is the standard ICANN-mandated mask after the GDPR policy — not something this site hides.

Run a WHOIS lookup now

Head back to the home page, type any domain, and see a real WHOIS result.

Go to the home page

WHOIS lookup FAQ

What is the fastest way to run a WHOIS lookup?

For most people, a web tool like whois.net.tw is the fastest — type the domain and read a structured result. The command-line whois tool is also fast, but for non-RDAP TLDs you may need to specify the upstream server manually.

Is clientTransferProhibited a sign of trouble?

No. clientTransferProhibited is an EPP status code that means your registrar has locked the domain against transfers — a defense against social-engineering or theft. Unless you actually want to move to another registrar, this status is a good thing.

Does a domain stop working the day it expires?

Not immediately. Most gTLDs have a 30-45 day auto-renew grace period followed by a 30-day redemption period — roughly 60-75 days total before the domain is released. The exact length depends on the TLD.

Why are the registrant's name/email/phone redacted?

Since ICANN's 2018 post-GDPR policy, registrars must redact personally identifiable fields of natural-person registrants, usually shown as REDACTED FOR PRIVACY. To contact the owner, write to the registrar's abuse address or use their forwarding form.

Should I prefer RDAP over WHOIS?

If you are writing code, prefer RDAP — JSON, structured, consistent across TLDs. For a quick visual lookup of an older domain, plain WHOIS is still fine. Users of this site never have to choose — the backend picks the best protocol automatically.

Related reading

Yuanjhen InformationPublished Updated