You found a domain name you want to buy — but who owns it? You need to check when your domain expires — but your registrar's dashboard is down. You're investigating a suspicious website — and want to see who registered it. WHOIS lookup answers all of these questions. This guide covers everything: what WHOIS data means, why most owner info is hidden (GDPR redaction), how to decode domain status codes, and how to run a free WHOIS lookup right now.
🔍 Run a free WHOIS lookup now: Our WHOIS Lookup tool uses the modern RDAP protocol to query domain registration data instantly. Check any domain's registrar, expiry date, nameservers, and status — no signup, no ads, no tracking.
What Is WHOIS?
WHOIS is a query and response protocol (defined in RFC 3912) that lets you look up domain registration information from a registry or registrar's database. When someone registers a domain, the registrar is required to submit registrant contact information (name, organization, email, phone, address) to the domain's registry. WHOIS exposes a subset of this data to the public.
WHOIS dates back to the early days of the internet (1982, RFC 812) as a simple directory service for ARPANET users. It evolved into the domain registration lookup system we use today, though it's gradually being replaced by the modern RDAP protocol (more on that below).
What Information Can a WHOIS Lookup Reveal?
A typical WHOIS query returns these fields (availability varies by TLD and privacy settings):
| Field | What It Tells You | Visibility (post-GDPR) |
|---|---|---|
| Domain Name | The queried domain | ✅ Always visible |
| Registry Domain ID | Unique identifier at the TLD registry | ✅ Always visible |
| Registrar | Company where the domain was registered (e.g., GoDaddy, Namecheap, Cloudflare) | ✅ Always visible |
| Registrar IANA ID | Numeric identifier for the registrar (useful for identifying resellers) | ✅ Always visible |
| Creation Date | When the domain was first registered | ✅ Almost always visible |
| Registry Expiry Date | When the registration expires (if not renewed) | ✅ Almost always visible |
| Updated Date | Last modification to the WHOIS record | ✅ Usually visible |
| Domain Status | EPP status codes indicating domain state (active, locked, pending transfer, etc.) | ✅ Always visible |
| Nameservers | DNS servers authoritative for the domain | ✅ Always visible |
| DNSSEC | Whether DNSSEC is enabled (signed or unsigned) | ✅ Always visible |
| Registrant Name | Name of the domain owner (individual or organization) | ⚠️ Redacted for most gTLDs |
| Registrant Email | Contact email of the domain owner | ⚠️ Redacted for most gTLDs |
| Registrant Phone | Contact phone number | ⚠️ Redacted for most gTLDs |
| Registrant Address | Physical or postal address | ⚠️ Redacted for most gTLDs |
| Admin/Tech Contact | Administrative and technical contacts | ⚠️ Usually redacted or identical to registrant |
💡 Key insight: Even with GDPR redaction, you can still learn a lot: who the registrar is, when the domain expires, whether it's locked, and what nameservers it uses. This is often enough for practical purposes — checking if a domain is available soon, identifying the hosting provider, or auditing your own domains.
WHOIS vs RDAP — The Modern Replacement
RDAP (Registration Data Access Protocol) is the modern successor to WHOIS, defined in RFC 7480-7485. ICANN has mandated that all gTLD registries and registrars support RDAP since 2019. Our WHOIS Lookup tool uses RDAP exclusively because it's the direction the internet is moving.
| Capability | WHOIS (port 43) | RDAP (HTTPS) |
|---|---|---|
| Output format | Plain text (unstructured, varies by TLD) | JSON (structured, machine-readable) |
| Protocol | Custom TCP-based (port 43) | RESTful HTTP/HTTPS |
| Authentication | None | Optional access tiers (public, authenticated, privileged) |
| Internationalization | ASCII only, no standard encoding | Full UTF-8 support |
| Redirection | Manual referral in text (unreliable) | HTTP 301/302 redirects (follows the delegation chain automatically) |
| Search & filtering | No standard mechanism | Standardized query parameters (domain, nameserver, entity searches) |
| Error handling | Unstructured text messages | HTTP status codes + structured error objects |
| Standardization | RFC 3912 (2004) — thin specification | RFC 7480-7485 (2015) — comprehensive IETF standard |
| CORS support | N/A (not web-compatible) | Varies by server (our tool handles this) |
🔧 Why we use RDAP: JSON output means we can parse and display results reliably across all TLDs. HTTPS means the transport is encrypted. And the protocol's design is web-native — it works over the same HTTP stack browsers already use, unlike legacy WHOIS which requires a specialized TCP client on port 43.
How to Do a Free WHOIS Lookup — 3 Methods
Method 1: Our Web-Based WHOIS Tool (Recommended)
The fastest way: our free WHOIS lookup tool. It queries RDAP servers directly from your browser:
- Go to WHOIS Lookup
- Enter any domain name (e.g.,
github.com) - Instantly see: registrar, expiry date, creation date, domain status, and nameservers
- Expiry status is color-coded: ✅ healthy, ⚠️ expiring soon, 🚫 expired
No signup, no ads, no rate limits. Works for all gTLDs (.com, .org, .net, .io, .dev, etc.) and many ccTLDs with RDAP support.
Method 2: Command-Line WHOIS
macOS and Linux include the whois command by default. Windows users can install it via WSL or use nslookup for basic info:
# Basic WHOIS query
whois example.com
# Query a specific WHOIS server (useful for ccTLDs)
whois -h whois.nic.io example.io
# Get just the registrar and expiry (Linux)
whois example.com | grep -iE "registrar|expir|creation"
# macOS — similar output, slightly different field names
whois example.com | grep -iE "Registrar|Expir|Creation"⚠️ Cross-platform note: WHOIS output format varies dramatically between registrars, TLDs, and even different versions of the whois client. There is no standard text format — which is exactly why RDAP (JSON) was created. For reliable, structured data, use our RDAP-based web tool instead.
Method 3: ICANN's Official Lookup
ICANN operates a free web-based WHOIS at lookup.icann.org. It's the most authoritative source (queries directly from the registry) but has a CAPTCHA and rate limits. Use it as a reference point when you need the absolute latest data from the registry, or to cross-check results from other tools.
🔄 WHOIS → DNS → SSL pipeline: After checking a domain's registration with WHOIS Lookup, verify its DNS configuration with DNS Record Lookup and check its certificate validity with SSL Checker. Three free tools, one complete domain audit in under 60 seconds.
WHOIS Privacy & GDPR Redaction
If you've done a WHOIS lookup recently, you've probably seen "REDACTED FOR PRIVACY" or "Data protected by GDPR" where the owner's name and email should be. Here's why:
GDPR (2018) — The Watershed Moment
When the EU's General Data Protection Regulation (GDPR) took effect in May 2018, it became illegal for registrars to publicly display personal data of EU residents without explicit consent. Since registrars can't easily determine which domain owners are EU residents, most applied redaction globally for all gTLD domains (.com, .org, .net, .info, etc.).
What Gets Redacted
- Registrant name, organization, email, phone, and street address — hidden on almost all gTLD domains
- Admin and Tech contacts — hidden or merged into registrant
What Still Shows
- Registrar name and IANA ID — always public (required by ICANN contract)
- Domain status codes — always public
- Creation, expiry, and update dates — always public
- Nameservers — always public
- Country/State — sometimes shown (varies by registrar policy)
Exceptions: When Data Is Still Visible
- Some ccTLDs — Country-code TLDs (.io, .ai, .co, .us) have their own privacy policies. .us (United States) and .ca (Canada) often show full registrant data because their local laws don't mandate redaction.
- Privacy Protection Services — Many registrars offer "WHOIS privacy" as an add-on. With GDPR, this is largely redundant for gTLDs (data is already redacted), but it still matters for ccTLDs without mandatory redaction.
- Business/organization domains — GDPR protects "natural persons," not legal entities. Some registrars redact organization data anyway to be safe; others show it.
🔒 Can I get hidden WHOIS data? Law enforcement agencies and parties with legitimate legal claims can request unredacted WHOIS data through ICANN's Registration Data Request Service (RDRS) or by contacting the registrar directly with a subpoena or court order. For average users — the answer is no, and that's by design.
Understanding Domain Status Codes (EPP)
The Domain Status field in WHOIS uses standardized EPP (Extensible Provisioning Protocol) status codes defined in RFC 5730-5733. Each code tells you the operational state of the domain. Understanding these codes is essential for diagnosing domain issues.
Common Status Codes
client* vs server* — Who Set the Status?
EPP status codes follow a naming convention that tells you who applied the status:
client*codes — Set by the registrar. You can remove these by contacting your registrar (e.g., unlock a domain for transfer).server*codes — Set by the registry. These override client codes and require registry-level action to resolve (e.g., dispute resolution, fraud investigation).
For example, a domain with both clientTransferProhibited and serverTransferProhibited has two layers of transfer protection — you'll need to remove both before transferring.
📋 Audit your domain portfolio: Use WHOIS Lookup to check status codes for all your domains. Look for unexpected locks, pending transfers, or domains nearing redemption period. Then use Domain Expiry Calculator to plan renewals. Both tools are free and instant.
Common WHOIS Lookup Use Cases
1. Checking Domain Availability
WHOIS can tell you if a domain is registered or available — but it's not the best tool for this job. Registrars use a different backend (EPP check command) that's faster and more accurate. Use our WHOIS tool for a quick check, but if you're serious about buying a domain, search directly on a registrar like Namecheap, GoDaddy, or Cloudflare Registrar.
2. Finding the Domain Owner
Pre-GDPR, this was WHOIS's primary use case. Post-GDPR, you usually can't see the owner's contact info for gTLDs. What you can do:
- Check if the domain has a website — look for contact info there
- Look up the domain in a web archive (archive.org) for historical contact pages
- If the domain uses a privacy/proxy service, there's typically an anonymized email that forwards to the real owner
- For ccTLDs (.us, .ca, .de), owner data may still be visible — check the TLD's specific policy
3. Monitoring Your Own Domains
The most practical WHOIS use case: regular audits of your own domain portfolio. Check that:
- Registrar lock is enabled (
clientTransferProhibited) on all domains - Expiry dates are accurate and no domains are in redemption period
- Nameservers point to your intended DNS provider
- Registrant email (if visible) is correct — this is where renewal and transfer notices go
4. Investigating Suspicious Domains
WHOIS provides basic forensic data for phishing investigations and brand protection. You can see:
- Creation date — domains registered yesterday with your brand name are highly suspicious
- Registrar — fraud domains often use specific registrars with lax verification
- Nameservers — may reveal the hosting infrastructure behind malicious sites
- Pattern analysis — check multiple suspicious domains for shared registrar, creation date patterns, or nameserver clusters
How WHOIS Works — The Technical Flow
When you query WHOIS, the request follows a specific delegation chain:
- IANA Root WHOIS (
whois.iana.org) — The starting point. Knows which registry operates every TLD. - TLD Registry WHOIS — For
.com, this is Verisign (whois.verisign-grs.com). The registry holds the thin WHOIS data: domain status, nameservers, expiry dates, and which registrar manages the domain. - Registrar WHOIS — For
.com, the registry's response includes a referral to the registrar's WHOIS server, which holds the thick WHOIS data: registrant contact details (now mostly redacted), full registration dates, and billing info.
This two-tier system (registry → registrar) is why whois commands sometimes take 2–3 seconds — your client is following referrals between servers. RDAP simplifies this with HTTP redirects, but the same delegation chain applies.
🌐 Thin vs. Thick WHOIS: Some TLDs use a thin registry (the registry only stores minimal data and refers to the registrar for details). .com and .net are thin registries. Other TLDs like .org use a thick registry (all data stored at the registry level). RDAP is designed to bridge both models transparently.
FAQ
Is WHOIS lookup really free?
Yes. WHOIS and RDAP queries are free by design — the protocol was created for public access to domain registration data. Some commercial services wrap WHOIS data behind paywalls by adding monitoring, historical data, or bulk lookup features. But for individual queries, you can always look up domain data for free using our WHOIS Lookup tool, command-line whois, or ICANN's official lookup at lookup.icann.org.
Why does my WHOIS lookup show "REDACTED FOR PRIVACY"?
This is GDPR compliance. Since May 2018, ICANN requires registrars to redact personal data (name, email, phone, address) from public WHOIS for all gTLD domains (.com, .org, .net, etc.). Some registrars offer a "WHOIS privacy" service, but for gTLDs it's now essentially redundant — redaction is mandatory regardless. Certain ccTLDs (.us, .ca, .in) may still show full data because their local privacy laws differ. See our privacy section above for details.
How do I find out who owns a domain?
For gTLDs post-GDPR, you generally can't see the owner's identity from WHOIS alone. Try these approaches: (1) Visit the domain — the website may have contact information or an About page. (2) Search the domain at archive.org for historical versions that may have included contact info. (3) Check if the domain has a privacy/proxy email — messages sent to it will forward to the real owner. (4) Check the registrar — some registrars have a contact form that forwards messages to domain owners. (5) For legal matters, request unredacted data through ICANN's RDRS or via subpoena to the registrar.
What's the difference between WHOIS and DNS lookup?
WHOIS tells you about the domain registration — who registered it, when it expires, which registrar manages it. DNS lookup tells you about the domain's technical configuration — what IP address it points to, what mail servers handle its email, what security records it has. Use WHOIS for registration questions (ownership, expiry, status). Use DNS Record Lookup for technical questions (A records, MX records, nameservers). They answer entirely different questions. See our What is DNS? guide for a complete introduction to DNS.
Can I hide my WHOIS information?
For most gTLDs, your personal data is already hidden due to GDPR redaction — you don't need to do anything. However: (1) Some registrars still display your state/province and country even with redaction. (2) For ccTLDs without GDPR-style redaction (.us, .ca, .de), check if your registrar offers WHOIS privacy protection (most do, often free). (3) Organization/company domains may have fewer protections than individual domains. Check your current WHOIS record with our WHOIS Lookup to see exactly what's publicly visible.
How accurate is WHOIS data?
WHOIS accuracy depends on the registrant. ICANN requires registrars to validate registrant contact information annually (the WDRP — Whois Data Reminder Policy), but there's no real-time verification. Common inaccuracies: outdated email addresses (especially for older domains), placeholder phone numbers, and privacy service addresses that appear to be the registrant. For expiry dates and domain status, WHOIS data is generally accurate because these fields are maintained by the registry, not the registrant.