WHOIS Lookup with
modern RDAP protocol.
Look up domain registration details, expiry dates, nameservers, and registrar information. Uses RDAP first with traditional WHOIS as fallback.
Look up domain registration, expiry date, and registrar details using RDAP with WHOIS fallback.
Note: All checks are public. To keep your checks private, create a free account.
Global Network Diagnostics
Run a check to see your service from around the world.
- Tested from 28 monitoring locations worldwide
- Results in seconds, not minutes
- Shareable result links for your team
- No account or signup required
What is WHOIS?
WHOIS is a query and response protocol used to look up records associated with domain name registrations. It was developed in the early days of the internet, when ARPANET administrators needed a reliable way to look up who was responsible for a domain and how to reach them. The name is simply a phonetic shorthand for "who is" — as in, who is the owner of this domain?
When a domain is registered, the registrar collects information from the domain owner and submits it to a central registry. WHOIS servers maintained by registries and registrars expose this information over TCP port 43. A WHOIS query sends the domain name to the appropriate server and receives a plain-text response containing the registration record.
The data returned typically includes the registrar (the company through which the domain was purchased), registration and expiry dates, authoritative nameservers, domain status codes, and contact information for the registrant, administrative, and technical contacts — though contact details are increasingly hidden by privacy services.
ICANN mandates that domain registrars maintain accurate WHOIS data for all registered domains under generic top-level domains (gTLDs). Country-code TLD registries operate under their own policies, which is why WHOIS availability and detail level can vary significantly between TLDs.
What WHOIS Returns
| Field | Description |
|---|---|
Registrar |
Company the domain is registered through |
Created |
Date the domain was first registered |
Expires |
Date the registration lapses if not renewed |
Updated |
Last modification to the registration record |
Nameservers |
Authoritative DNS servers for the domain |
Status |
EPP status codes controlling domain operations |
DNSSEC |
Whether the domain has DNSSEC signed |
RDAP: The Modern WHOIS
The Registration Data Access Protocol (RDAP) is the modern successor to WHOIS, standardized by the IETF in 2015 (RFC 7480–7484). It was designed to address the long-standing limitations of the aging WHOIS protocol and is now mandated by ICANN for all accredited registrars managing gTLD domains.
The most significant improvement RDAP brings is structured data. Traditional WHOIS responses are free-text with no enforced schema — every registrar formats responses differently, making programmatic parsing unreliable. RDAP returns JSON, which is machine-readable, consistently structured, and straightforward to process in code without brittle regex patterns.
Beyond structured output, RDAP offers several important advantages over traditional WHOIS:
| Capability | WHOIS | RDAP |
|---|---|---|
| Response format | Free-text, unstructured | Structured JSON |
| Standardized schema | No — varies by registrar | Yes — IETF standardized |
| Internationalization | Limited — ASCII-centric | Full Unicode support |
| Access control | None | Role-based, authenticated tiers |
| Transport security | Plaintext TCP/43 | HTTPS |
| RESTful API design | No | Yes |
| Referral mechanism | Manual, inconsistent | Bootstrapped via IANA |
How Emercom queries domains
Emercom queries RDAP first. The IANA RDAP bootstrap registry is consulted to find the authoritative RDAP service for each TLD, and a structured JSON response is retrieved over HTTPS.
If no RDAP service is available for the TLD — common with some country-code TLDs and legacy registrars — Emercom automatically falls back to the traditional WHOIS protocol and parses the plain-text response.
Most major TLDs including .com, .net, .org, .io, and hundreds of others now have full RDAP support.
Understanding WHOIS Results
A WHOIS or RDAP response contains several key fields that tell you about the domain's history, current state, and configuration. Here is what each field means and why it matters.
Registration Fields
Registrar is the accredited company through which the domain was purchased — for example, GoDaddy, Namecheap, Cloudflare, or Google Domains. Each registrar has a unique IANA ID. Knowing the registrar is the first step when you need to transfer a domain, update contact records, or dispute ownership.
Registration Date tells you when the domain was first registered. A domain registered many years ago is generally considered more established, while a very recently registered domain can be a signal worth noting for security or trust assessments.
Expiry Date is the most operationally critical field. If a domain is not renewed before this date, it enters a grace period before eventually becoming available for anyone to register. Monitoring expiry dates is essential — an accidentally expired domain will take down every service running under it, from websites to email to API endpoints.
Last Updated reflects the most recent change to the registration record. Unexpected updates to this field can indicate a domain transfer, nameserver change, or registrant information update.
Technical Fields
Nameservers are the authoritative DNS servers for the domain. These are the servers that hold the zone file and answer DNS queries for all records under the domain. Changing nameservers is how you move DNS management from one provider to another — for instance, from your registrar's default DNS to Cloudflare or Route 53.
DNSSEC (Domain Name System Security Extensions) adds cryptographic signatures to DNS records. When DNSSEC is enabled, resolvers can verify that the DNS responses they receive have not been tampered with in transit. The WHOIS record will indicate whether DNSSEC is signed and, if so, provide the delegation signer (DS) key data.
EPP Status Codes
Domain status codes use the Extensible Provisioning Protocol (EPP) standard. They control what operations can be performed on the domain. Understanding these codes helps you know what actions are currently locked or permitted.
| Status Code | Meaning |
|---|---|
clientTransferProhibited |
Transfer to another registrar is locked at the registrant's request. The most common status — protects against unauthorized domain hijacking. |
serverTransferProhibited |
Transfer prohibited by the registry (not the registrant). Often set during dispute resolution or ICANN proceedings. |
clientDeleteProhibited |
The domain cannot be deleted by the registrar at the registrant's request. Common on high-value domains. |
serverDeleteProhibited |
Deletion prohibited by the registry. Typically set during a legal hold or dispute. |
clientUpdateProhibited |
Domain record updates (nameservers, contacts) are locked at the registrant's request. |
serverUpdateProhibited |
Updates prohibited by the registry. |
clientHold |
Domain is suspended by the registrar — it will not resolve in DNS. Can occur for non-payment or policy violations. |
serverHold |
Domain suspended by the registry. Common during the Add Grace Period immediately after new registration. |
pendingDelete |
The domain is scheduled for deletion after the redemption period has expired. It will shortly become available for re-registration. |
redemptionPeriod |
The domain has expired and is in the registrar's redemption grace period. It can still be recovered by the original registrant, typically for a higher fee. |
Domain Privacy & Proxy Services
Many domain registrants use WHOIS privacy or proxy services to hide their personal contact information from the public WHOIS record. When privacy protection is active, the registrant, administrative, and technical contact details are replaced with the privacy provider's information rather than the actual domain owner's name, address, and email.
This is a legitimate and widely used practice — ICANN permits it. The domain itself is still findable, and registration and expiry dates, nameservers, and status codes are always shown. Only the contact details are obscured. Registrars and privacy services are required to maintain a confidential record of the actual registrant and can reveal it upon valid legal request.
Common privacy service providers include Domains By Proxy (GoDaddy), Privacy Guardian (NameSilo), and Cloudflare's built-in WHOIS redaction. You can usually identify proxy protection when the registrant organization contains phrases like "Privacy Service", "Whois Agent", or "Domain Protection".
Monitor domain expiry automatically
Never let a domain expire unexpectedly. Set up monitoring to track SSL certificates and domain registrations with automatic alerts.