WHOIS Lookup Guide: How to Check Domain Registration Details

WHOIS is one of the oldest protocols on the internet, dating back to 1982 when RFC 812 first defined it. Despite being over 40 years old, WHOIS remains the primary method for looking up domain registration information. Whether you want to find out who owns a domain, check when it expires, or verify its registration status, a WHOIS lookup is the starting point. However, the landscape has changed significantly in recent years. GDPR privacy regulations have restricted much of the personal data that WHOIS once exposed freely, and a newer protocol called RDAP is gradually replacing the traditional system. This guide covers everything you need to know about performing WHOIS lookups effectively in 2026.

What Is WHOIS?

WHOIS is a query-and-response protocol used to look up information about registered domain names, IP addresses, and autonomous systems. The protocol operates on TCP port 43 and returns plain-text results. When you perform a WHOIS query for a domain name, your request goes to the appropriate WHOIS server for that domain's TLD. For example, querying a .com domain connects to Verisign's WHOIS server at whois.verisign-grs.com, which returns the domain's registration data. ICANN requires all ICANN-accredited registrars to maintain accurate WHOIS records for the domains they manage.

The WHOIS system uses a hierarchical structure. A thin WHOIS server at the registry level contains basic data like the registrar name, nameservers, and status codes. A thick WHOIS server at the registrar level holds more detailed information including registrant contact details, creation and expiration dates, and administrative contacts. Since 2005, ICANN has been transitioning gTLD registries from thin to thick WHOIS models to improve data accuracy. Verisign completed the transition for .com and .net domains in 2018, consolidating all WHOIS data at the registry level.

What Information Does WHOIS Provide?

A WHOIS record contains several categories of information about a domain name. The exact fields vary depending on the TLD and whether GDPR or other privacy protections apply. For domains without privacy protection, WHOIS historically provided full registrant name, organization, address, phone number, and email. Since May 2018, when GDPR took effect, most registrars redact personal information for domains with European registrants, and many have extended this practice globally. Despite these changes, WHOIS still provides essential technical and registration data that is valuable for domain research and monitoring.

• Domain name and registration status codes (such as clientTransferProhibited or serverHold)
• Creation date, last updated date, and expiration date
• Registrar name, IANA ID, and abuse contact information
• Nameserver records showing where DNS is hosted
• DNSSEC signing status (signed or unsigned)
• Registrant contact information (often redacted for privacy under GDPR)
• Administrative and technical contact details (also frequently redacted)
• Referral URL pointing to the registrar's WHOIS service

How to Perform a WHOIS Lookup

There are several ways to perform a WHOIS lookup, ranging from command-line tools to web-based services. On Linux and macOS systems, the whois command is typically pre-installed. Simply open a terminal and type "whois example.com" to get results. On Windows, you can use the Sysinternals Whois utility from Microsoft or install whois through the Windows Subsystem for Linux. For most users, web-based WHOIS lookup tools are the easiest option. ICANN operates a free lookup tool at lookup.icann.org that queries the authoritative WHOIS data for any gTLD domain.

When interpreting WHOIS results, pay attention to a few key fields. The domain status codes tell you whether the domain is active, locked, or in some phase of expiration. The dates section shows when the domain was first created, last renewed, and when it will expire next. Nameserver entries reveal where the domain's DNS is hosted, which can be useful for troubleshooting or competitive research. If you are monitoring multiple domains, manually running WHOIS lookups becomes impractical. Automated tools can query WHOIS data on a schedule and alert you to changes, upcoming expirations, or status changes across your entire portfolio.

WHOIS and GDPR Privacy

The EU's General Data Protection Regulation, which took effect on May 25, 2018, fundamentally changed WHOIS data availability. Before GDPR, anyone could look up the full contact details of a domain registrant, including name, address, phone number, and email. GDPR classified this information as personal data, making its unrestricted publication illegal for EU residents. ICANN responded with a Temporary Specification for gTLD Registration Data that allowed registrars to redact personal fields from public WHOIS output. In practice, most registrars now redact registrant details by default for all customers, not just those in the EU. Typical redacted WHOIS records show "REDACTED FOR PRIVACY" or "Data Protected" in contact fields. Legitimate parties such as law enforcement, intellectual property holders, and cybersecurity researchers can request access to full WHOIS data through the registrar, but the public-facing data is now limited to technical fields, dates, registrar information, and status codes.

WHOIS vs RDAP

RDAP, or Registration Data Access Protocol, is the modern replacement for WHOIS. Defined in RFC 7480 through RFC 7484 and published in 2015, RDAP was designed to address the technical limitations of WHOIS. While WHOIS returns unstructured plain text that varies between registrars and registries, RDAP returns data in standardized JSON format. This makes RDAP output far easier to parse programmatically. RDAP also supports HTTPS, providing encrypted communication that WHOIS (running on plain TCP port 43) does not offer. ICANN mandated RDAP support for all gTLD registries and registrars beginning in 2019.

• WHOIS returns plain text with no standardized format - RDAP returns structured JSON
• WHOIS uses TCP port 43 with no encryption - RDAP uses HTTPS for secure queries
• WHOIS has no built-in authentication - RDAP supports differentiated access levels
• WHOIS provides no standardized error messages - RDAP uses HTTP status codes
• WHOIS has no referral mechanism beyond text hints - RDAP uses HTTP redirects for referrals
• WHOIS offers no internationalization support - RDAP handles Unicode and multilingual data natively

Using WHOIS for Domain Monitoring

WHOIS data is the foundation of domain expiry monitoring. By regularly querying WHOIS records, monitoring tools can track expiration dates, detect status changes, and identify domains that have lost their transfer lock. For domain owners, this means automated alerts before renewal deadlines. For domain buyers and investors, WHOIS monitoring reveals when interesting domains are approaching expiry and may soon become available. DomainExpiryCheck.com uses both WHOIS and RDAP protocols to provide accurate expiry data, automatically falling back to RDAP when WHOIS data is unavailable or unreliable. Whether you are tracking 3 domains or 500, automated WHOIS monitoring eliminates the risk of missing a critical renewal date or an acquisition opportunity.