What is WHOIS?
WHOIS is the original protocol for querying domain name registration information, dating back to the early days of the internet. When you perform a WHOIS lookup, you receive a text-based response containing details about a domain's registration, including registrar information, creation dates, expiration dates, and historically, registrant contact information.
The History of WHOIS
WHOIS emerged in the 1980s when the internet was a much smaller place. Originally documented in RFC 812 (1982), it was designed to let system administrators identify who was responsible for network resources. The protocol operates on TCP port 43, accepting simple text queries and returning human-readable (but machine-unfriendly) responses.
Why WHOIS is Problematic for Developers
If you've built applications that parse WHOIS data, you've encountered its fundamental flaw: there is no standard format. Each registrar and registry formats their WHOIS output differently. Consider these real-world challenges:
Inconsistent Field Names
- One registrar uses "Creation Date"
- Another uses "Created On"
- A third uses "Registration Date"
- Some use "created:" in lowercase
Varied Date Formats
2024-01-15T00:00:00Z
15-Jan-2024
January 15, 2024
15/01/2024
Unpredictable Structure
Some registrars include blank lines between sections, others don't. Some use colons as delimiters, others use tabs. This inconsistency means robust WHOIS parsing requires maintaining dozens of regex patterns and constantly updating them as registrars change their formats.
WHOIS Technical Details
A WHOIS query is simple at the protocol level:
1. Open a TCP connection to port 43 on the WHOIS server
2. Send the domain name followed by a newline
3. Read the response until the connection closes
echo "example.com" | nc whois.verisign-grs.com 43The response is plain text with no standardized structure, requiring careful parsing.
Privacy Changes to WHOIS
The introduction of GDPR in 2018 fundamentally changed WHOIS data availability. Previously, WHOIS responses included:
- Registrant name and organization
- Email addresses and phone numbers
- Physical addresses
Now, most registrars redact this personal information, showing only:
- Registrar name
- Registration and expiration dates
- Name server information
- Domain status codes
This privacy protection means WHOIS is less useful for contact lookup but still valuable for availability checking and technical domain information.
When to Use WHOIS vs RDAP
For new development, always prefer RDAP when available. RDAP provides the same information in a standardized JSON format that's trivial to parse. However, WHOIS remains necessary for:
- Legacy systems that haven't migrated
- Some ccTLDs that haven't implemented RDAP
- Historical data analysis tools
Finding WHOIS Servers
Each TLD has designated WHOIS servers. For example:
- .com/.net: whois.verisign-grs.com
- .org: whois.publicinterestregistry.org
- .io: whois.nic.io
The IANA maintains a root database at whois.iana.org that can direct you to the appropriate TLD WHOIS server.
The Future of WHOIS
ICANN has mandated RDAP adoption, and WHOIS is being phased out. While WHOIS servers will likely remain operational for years to come, new applications should be built on RDAP. DomScan uses RDAP exclusively for its domain availability checks, ensuring consistent, reliable results across all supported TLDs.