WHOIS Lookup
Check domain age, expiry countdown, registrar, DNS provider, and status — the domain intelligence tool built for IT admins and MSPs.
What is a WHOIS lookup?
When a domain name is registered, the registrant's information — including registration date, expiry date, registrar, nameservers, and contact details — is stored in a central registry database. A WHOIS lookup queries that database to retrieve the publicly available portion of that record.
Historically, WHOIS was a plain-text protocol running on TCP port 43. Today, the modern standard is RDAP (Registration Data Access Protocol), a structured JSON API that runs over HTTPS. This tool uses RDAP for accurate, machine-readable results directly from the official TLD registries.
For MSPs: WHOIS data is the first thing to check when troubleshooting domain issues. An expired domain, a wrong registrar, or misconfigured nameservers can silently break websites, email, and business-critical services for clients.
Domain expiry — what MSPs need to know
Domain expiry is one of the most common and preventable causes of business disruption. When a domain expires, every service tied to it stops working: the website goes down, email stops delivering, and MFA portals, VPN gateways, and cloud services that use the domain for SSO can all fail simultaneously.
Domain expiry stages
- Active — Domain resolves normally.
- Grace period (0–30 days after expiry) — Registrar may auto-renew. DNS often stops working. Domain can still be renewed at normal cost.
- Redemption period (30–60 days after expiry) — Previous owner can restore at high cost (typically $80–200+). Cannot be registered by anyone else yet.
- Pending delete (60–65 days after expiry) — Domain is queued for deletion. No renewal possible.
- Released — Domain is available for registration by anyone.
MSP best practices
- Audit all client domains at least twice a year using WHOIS data.
- Set renewal reminders at 90, 60, and 30 days before expiry.
- Enable auto-renew at the registrar for all critical domains.
- Ensure the registrar has a current, valid payment method on file.
- Use a single registrar account to manage all client domains where possible.
- Confirm registrar contact emails are monitored — expiry notices often go to a former employee's inbox.
Understanding domain status codes
RDAP returns one or more status codes for each domain. Here are the most common ones and what they mean.
| Status Code | Plain-English Meaning | Risk Level |
|---|---|---|
| ok / active | Domain is active, resolving, no restrictions | None |
| clientTransferProhibited | Registrar-level transfer lock (security best practice) | None |
| clientUpdateProhibited | WHOIS data is locked against changes | None |
| clientDeleteProhibited | Domain cannot be deleted at registrar level | None |
| serverTransferProhibited | Registry-level transfer lock (set by the TLD registry) | Low |
| clientHold | Domain is suspended by registrar — DNS may not work | High |
| serverHold | Domain is suspended by registry — DNS does not work | High |
| pendingDelete | Domain is queued for deletion, no longer recoverable | Critical |
| redemptionPeriod | Domain expired, in 30-day recovery window | Critical |
| pendingTransfer | Domain transfer to another registrar is in progress | Low |
GDPR and registrant privacy
Since the EU's GDPR (General Data Protection Regulation) took effect in 2018, and with ICANN's subsequent Temporary Specification for gTLD Registration Data, the registrant information for most gTLDs (.com, .net, .org, etc.) is now redacted by default for individuals.
When you see "REDACTED FOR PRIVACY" in the registrant section, this means the registrar is complying with privacy regulations — it does not indicate the domain is suspicious or inactive. Businesses often still appear in WHOIS records, while individuals typically do not.
What is still publicly visible
- Registration and expiry dates
- Registrar name and IANA ID
- Nameservers
- Domain status codes
- DNSSEC status
- Business registrant data (varies by registrar)
What is typically redacted
- Registrant name (individual)
- Registrant email address
- Registrant phone number
- Registrant street address
- Administrative contact details
- Technical contact details
Frequently asked questions
What is a WHOIS lookup?
A WHOIS lookup queries the domain registration database to find out who registered a domain, when it expires, which registrar manages it, and what nameservers it's using. Modern lookups use RDAP — a structured JSON API served over HTTPS — rather than the old plain-text WHOIS protocol. This tool uses RDAP directly from the official TLD registries via the IANA bootstrap service.
Why is the registrant information hidden?
Since GDPR took effect in 2018, registrars are required to redact personal contact information for individual domain owners. Many businesses also use privacy protection services. Seeing "REDACTED FOR PRIVACY" is normal and does not mean the domain is inactive or suspicious — it just means the registrar is complying with privacy rules. Registration dates, registrar, and nameserver data are still visible.
What does clientTransferProhibited mean?
clientTransferProhibited means the registrar has enabled a transfer lock. This prevents the domain from being moved to another registrar without first unlocking it — this is a security feature that protects against unauthorized domain hijacking. Most reputable registrars enable this by default. To transfer a domain away, you (or your client) must first unlock it in the registrar's control panel.
What happens when a domain expires?
When a domain expires, DNS stops resolving, taking down the website, email, and any service that depends on the domain. The domain goes through a grace period (where it can still be renewed at normal cost), then a redemption period (where recovery costs $80–200+), then a pending-delete phase, after which it is released for anyone to register. Expiry is one of the most common preventable causes of business disruption for MSP clients.
What is the difference between WHOIS and RDAP?
WHOIS is the original domain lookup protocol from the 1980s, returning unstructured plain text over TCP port 43. RDAP is its modern replacement — it returns structured JSON over HTTPS, making it easier to parse and more consistent across registries. RDAP also includes better privacy controls and standardized field names. ICANN has mandated RDAP adoption, and this tool uses it exclusively for accurate results.
What is DNSSEC?
DNSSEC adds cryptographic signatures to DNS records, allowing resolvers to verify that responses haven't been tampered with in transit. Without DNSSEC, attackers can potentially poison DNS caches to redirect users to malicious servers. DNSSEC must be enabled by both the DNS provider and the TLD registry. This tool shows whether DNSSEC delegation is signed at the registry level for the domain you look up.
How far in advance should I renew a domain?
For business-critical domains, renew at least 60–90 days before expiry. Most registrars allow renewal up to 10 years in advance. Enable auto-renew where possible and verify the registrar has a current payment method. For MSPs, set calendar reminders at 90, 60, 30, and 14 days before expiry — expiry notices often go to a former employee's email and get missed.
Can I see historical WHOIS data?
This tool shows the current WHOIS / RDAP data from the domain's registry. Historical WHOIS records (previous owners, old nameservers, past registration changes) are not available through the public RDAP protocol. Specialized services like DomainTools and SecurityTrails maintain historical WHOIS databases, though those typically require paid subscriptions.