What is WHOIS? Domain Registration Data Explained
Learn what WHOIS is, how it works, the impact of GDPR on domain privacy, and how RDAP is replacing WHOIS as the modern standard for registration data lookup.
WHOIS is a public directory service that answers a simple question: who is responsible for a domain name or IP address? When you register a domain, your contact and administrative details are stored in a distributed database that anyone can query. WHOIS has been a cornerstone of internet infrastructure since the earliest days of ARPANET.
A Brief History of WHOIS
WHOIS traces its origins to the 1970s, when Elizabeth Feinler and her team at SRI International's Network Information Center (NIC) maintained a directory of ARPANET users. As the network grew, a formal protocol was needed to look up this information remotely.
The protocol was first standardized as RFC 812 in 1982 under the name NICNAME/WHOIS, updated in RFC 954 (1985), and finalized in its current form as RFC 3912 (2004). Despite decades of evolution around it, the core protocol has remained remarkably simple β and that simplicity is both its strength and its biggest limitation.
How WHOIS Works
WHOIS is a TCP-based query/response protocol running on port 43. A client sends a plain-text query (typically a domain name), and the server responds with human-readable text containing the registration data.
The lookup follows a three-tier hierarchy:
- Root WHOIS (
whois.iana.org) β Directs your query to the correct registry server based on the top-level domain (TLD). - Registry WHOIS β The TLD operator (e.g., Verisign for
.com) returns the registrar responsible for the domain and basic registration data. - Registrar WHOIS β The registrar (e.g., Namecheap, GoDaddy) returns the full registration record including registrant contact details.
Thick vs. Thin WHOIS
Not all registries store the same amount of data:
- Thin WHOIS stores only technical data at the registry level β registrar name, nameservers, and dates. You must query the registrar's WHOIS server separately for contact details.
- Thick WHOIS stores the complete registration record, including all registrant contact information, directly at the registry level.
ICANN required .com and .net registries to transition from thin to thick WHOIS by the end of 2020, making thick WHOIS the standard for most gTLDs today.
What Data Is in a WHOIS Record?
A typical WHOIS record contains:
- Registrant details β Name, organization, email, phone number, and mailing address of the domain owner
- Administrative contact β The person authorized to manage the domain
- Technical contact β The person responsible for DNS and technical configuration
- Registrar information β The company through which the domain was registered
- Important dates β Creation date, expiration date, last updated date
- Nameservers β The DNS servers authoritative for the domain
- Status codes β EPP status flags like
clientTransferProhibitedorserverDeleteProhibitedthat indicate what actions are allowed on the domain
Privacy and GDPR
For most of WHOIS's history, all registration data was fully public. Anyone could look up the name, address, and phone number of a domain owner. This created real problems β spam, identity theft, harassment, and stalking.
The GDPR Turning Point
When the EU's General Data Protection Regulation (GDPR) took effect on May 25, 2018, the public WHOIS model became incompatible with European privacy law. ICANN adopted a Temporary Specification on May 17, 2018 β just eight days before enforcement β to bring WHOIS into compliance.
The key changes:
- Personal data redacted from public WHOIS output (registrant name, email, phone, address)
- Registrars still collect the full data, but only share it with parties who demonstrate a legitimate purpose
- Anonymized contact methods allow third parties to reach domain owners without exposing personal details
- State/province and country remain visible, along with all technical and registrar data
Permanent Framework
Following the Temporary Specification, ICANN launched the Expedited Policy Development Process (EPDP) in July 2018 to create a permanent replacement. This resulted in the Registration Data Policy, which formalized the tiered access model β different levels of data visibility depending on who is requesting it and why.
RDAP β The Modern Replacement
WHOIS was designed in an era when the internet had a few hundred hosts. Its limitations became increasingly painful as the internet grew:
- No standard format β Each registry and registrar returned differently formatted plain text, making automated processing unreliable
- No internationalization β Unable to properly handle non-ASCII characters in names and addresses
- No authentication or access control β No way to provide different data to different requesters
- No encryption β Queries and responses transmitted in plain text
The Failed IRIS Attempt
The IETF's first attempt to replace WHOIS was IRIS (Internet Registry Information Service), developed by the CRISP working group around 2003-2005. IRIS used XML serialization with multiple transport protocols. It failed due to excessive complexity β a cautionary tale that directly shaped RDAP's design philosophy of simplicity.
Enter RDAP
The Registration Data Access Protocol (RDAP) was developed as a practical, modern replacement for WHOIS. Standardized as Internet Standard 95, it is defined across three core RFCs:
- RFC 9082 β Query format (RESTful HTTP URLs)
- RFC 9083 β Response format (structured JSON)
- RFC 9224 β Bootstrap mechanism for finding the authoritative RDAP server
RDAP solves every major limitation of WHOIS:
| Feature | WHOIS | RDAP |
|---|---|---|
| Data format | Unstructured text | Structured JSON |
| Transport | TCP port 43 | HTTPS (encrypted by default) |
| Authentication | None | Built-in (OpenID Connect via RFC 9560) |
| Access control | All-or-nothing | Tiered/differentiated access |
| Internationalization | None | Full Unicode support |
| Service discovery | Manual configuration | Standardized bootstrap (RFC 9224) |
| Redaction | Ad-hoc | Standardized (RFC 9537) |
WHOIS Sunset
On January 28, 2025, ICANN formally retired WHOIS obligations for gTLDs and replaced them with RDAP requirements. By mid-2025, hundreds of gTLDs had stopped offering WHOIS entirely, and RDAP query volume surpassed WHOIS for the first time. RDAP is now the standard protocol for registration data access.
How to Look Up Domain Registration Data
Despite the protocol transition, looking up domain information remains straightforward:
Command line (traditional WHOIS):
whois example.comCommand line (RDAP via curl):
curl -s https://rdap.org/domain/example.com | jq .Web-based tools:
- ICANN Lookup β the official ICANN registration data lookup tool
- Your registrar's built-in WHOIS/RDAP search
Why WHOIS Matters for DNS Management
Understanding domain registration data is essential for day-to-day DNS operations:
- Verifying ownership β Confirm who controls a domain before making DNS changes or initiating transfers
- Troubleshooting β Check nameserver delegation, expiration dates, and domain status codes when diagnosing DNS issues
- Security investigations β Identify the registrar and abuse contacts for domains involved in phishing or spam
- Domain transfers β WHOIS/RDAP data reveals transfer locks and registrar details needed to move a domain
Whether you manage one domain or thousands, registration data provides the context you need to operate your DNS infrastructure confidently. DNScale gives you the tools to manage your zones and records efficiently, while WHOIS and RDAP help you verify the registration layer underneath.