WHOIS (pronounced as the phrase who is) is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.
WHOIS is the global catalog of domain ownership and controller information. When it was created it was likened to the white pages of the internet. It contains things such as who the domain is registered with, name, address, phone number, email, and name server information.
Here is The example of WHOIS database
Domain Name: TECHFACTS007.IN
Registry Domain ID: D414400000005860101-AFIN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2018-03-31T11:30:23Z
Creation Date: 2018-03-31T11:30:14Z
Registrar Registration Expiration Date: 2019-03-31T11:30:14Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR315891034
Registrant Name: Shanu Raj
Registrant Street: New Delhi
Registrant City: New Delhi
Registrant State/Province: Delhi
Registrant Postal Code: 110092
Registrant Country: IN
Registrant Phone: +91.xx718906xx
Registrant Phone Ext:
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID: CR315891036
Admin Name: Shanu Raj
Admin Street: New Delhi
Admin City: New Delhi
Admin State/Province: Delhi
Admin Postal Code: 110092
Admin Country: IN
Admin Phone: +91.xx718906xx
Admin Phone Ext:
Admin Fax Ext:
Admin Email: [email protected]
Registry Tech ID: CR315891035
Tech Name: Shanu Raj
Tech Street: New Delhi
Tech City: New Delhi
Tech State/Province: Delhi
Tech Postal Code: 110092
Tech Country: IN
Tech Phone: +91.xx718906xx
Tech Phone Ext:
Tech Fax Ext:
Tech Email: [email protected]
Name Server: NS3.HOSTSELLS.COM
Name Server: NS4.HOSTSELLS.COM
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2018-05-16T17:00:00Z <<<
Most computers have a WHOIS command line utility and there are several sites like https://dnsimple.com/whois which can show you the public registry domain information on your domain. The information in WHOIS is considered the single source of truth for who truly owns and controls a domain as we will explore more.
Why do I need this?
The short answer is that the Internet Corporation for Assigned Names and Numbers (ICANN) requires that every domain has up-to-date and valid WHOIS information. This is a general rule that applies also to non-ICANN TLDs (such as most of ccTLDs), although in the case of ICANN TLDs (such as
.NET, and all the various new gTLDs such as
.CLOUD, …) there are some additional restrictions that I’ll explain in a second.
Actually the longer answer is that having up-to-date and valid WHOIS information is extremely important! The name and email fields of your contact information are used to validate your domain in many stages. This information is used in case any type of dispute arises about the domain name.
Since 2013, whenever you update your contact details on an existing domain, or purchase a new domain with a new contact, the registrar (the entity you register the domain through) is required to validate whether or not all the content is of valid format. Registrars are also required to send you an email at the WHOIS address that you must click through to verify.
If you do not verify your information the domain will be completely suspended and neither your email nor web page will work. We’ve seen a lot of great sites go down because of this, sometimes for extended periods of time, because re-instating this is not an instantaneous procedure and can often take your email out of commission; make sure to always check for this email when updating your contact information.
Buying a certificate
An important part of SSL Certificates is not just encrypting your web traffic, but also validating that the website is who they claim to be. This is a major part HTTPS and SSL Certificates because of a flaw in validating the correctness of DNS on the client level; we’ll be writing more about this later when talking about DNSSEC in another article.
Most certificates require you to validate the purchase of the certificate beforehand by sending an email to either admin, hostmaster, or webmaster at yourdomain, or they can send an email to the contact in your WHOIS information. Since most people don’t actually use emails like admin, hostmaster, or webmaster it’s important to have your WHOIS data up-to-date so you can use a more convenient email. The validation email for an SSL Certificate can never just be sent to an arbitrary email address you give us—it has to be publicly verifiable.
Let’s Encrypt certificates don’t need this because they let you use domain level validation by making special DNS records on your domain that are used to validate domain ownership.
When there are issues with your domain, especially legal ones, then the contact information in your WHOIS information comes into play. For example, if there is a spam or copyright issue that needs to be addressed you are contacted via that data. Not replying to those can also cause your domain to be parked, or taken offline, which can result in a painfully long wait to resolve while your website and email are offline.
Many people have gone through the process of transferring a domain and know how much of a hassle it can be. This is all for good reasons though. Back in the early days of the internet domain theft was a really big deal. If someone were to steal your domain it would take serious legal action to get it back. Part of the domain transfer process is sending an email to the contact listed in the WHOIS information and getting them to verify that they do indeed approve this transfer of their domain.
What are the problems with WHOIS?
Time to update
When you submit a change to us to update your contact information we instantly push that information up a chain where it has to go all the way up to the reigstry. While this isn’t very slow unto itself, there are a lot of places where your information could be cached. This means it can slow down resolution of already-in-place issues, like trying to get ssl certificates issued rapidly or transferring domains on a deadline.
Starting December 1st, 2016 registrars are required to lock a domain from transfer for 60 days after updating the contact information. This is designed as an extra safeguard to prevent domain theft. Now if someone gets access to your account, they lack the ability to rapidly drain out your domains and leave you to fight a legal battle to get them back.
However people sometimes don’t realize their contact information is not up to date until it’s time to make a transfer and now you are locked in for another 60 days!
Of course posting all of this information publicly is a problem itself for a lot of people. Who wants their address, phone number, and email public? We’ve personally seen and gotten a lot of reports of people who get flooded by spam and sometimes even calls or junk mail after buying new domains. Having this happen is the pits. However you can’t just put junk information in the WHOIS information as we have outlined; doing so may cause serious problems in the future.
This is why we have WHOIS Privacy Protection available for domains. WHOIS Privacy Protection is actually you hiring a proxy to catalogue your information and put in their own with a special identifier so that on request they can provide information on the true domain owner. This makes it much harder for spammers to get a hold of your information, while leaving it accessible to authorized parties.
However, this also means any time you need to take action on your domain for things like transfers and SSL Certificates you need to disable this momentarily so you can expose yourself as the true domain owner and get things done.
Not all top level domains support WHOIS Privacy either! Many TLDs have it written into their rules that proxies absolutely may not be used; be aware of this when picking out your domains if this is important to you.