1.1 top-level domain (TLD)
The top level domain is the last portion of a domain name separated by a dot, e,g. ".com", and the highest level of the hierarchy of the domain name system. TLDs can be subdivided into categories: there are ccTLDs and gTLDs.
Country-code top-level domains, as specified in RFC 1591, are ISO-3166 country codes, e.g. ".uk" for United Kingdom. Since 2018, IANA has been introducing internationalized country code top-level domains consisting of language-native characters when displayed in end-user applications.
Generic TLDs, independent of countries, were originally those in the short list in RFC 1591: .edu, .com, .net, .org, .gov, .mil, .int. Currently, their standard list is extended with .info, .us, .biz, .asia, .tel, and .aero. Their list has then been significantly extended with new gTLDs.
- new gTLD
ICANN announced the "New GTLD program" around 2012, which has opened doors for registering a larger number of gTLDs in addition to the original few. More than 1000 new gTLDs have been registered so far.
2 WHOIS system
A worldwide distributed database containing information about entities related to Internet resources such as domain names or IP addresses. It is the "phone-book of the Internet".
2.1 WHOIS data
The data available in the WHOIS system. It is organized into WHOIS records. The records can have different field structure on different WHOIS servers.
2.2 WHOIS server
Servers holding WHOIS data. They are typically operated by registries and registrars, and use the WHOIS protocol.
2.2.1 Authoritative WHOIS server
A WHOIS server which provides original WHOIS data that was not obtained from another WHOIS server, serving as the primary source of the information.
2.3 WHOIS protocol
A query/response protocol to obtain WHOIS data from a WHOIS server. It is specified in RFC 3912. It provides data in a textual form with strictly defined structure. It lacks standards internationalization and security. The frequency of the queries are limited on some WHOIS servers.
3 Entities related to the WHOIS system
Registries are organizations mainly responsible for the domain name system (DNS) and IP WHOIS data. Besides the five regional registries (RIRs):
- ARIN, North America
- APNIC, Asia-Pacific
- AfriNIC, Africa
- RIPE NCC, Europe
- LACNIC, Latin America/Caribbean
there are smaller local Internet registries, with scopes of a country or a smaller region. Registries typically run WHOIS servers which are authoritative for IP WHOIS data and also provide Domain WHOIS records, possibly non-authoritatively.
A registrar is an organization which manages domain name registrations. Registrars are contracted by registries and have to be accredited by IANA. Upon accreditation, they get an ID from IANA and they are put on the list of accredited registrars. The end-users choose a designated registrar to provide the registration service for the chosen domain. Registrars run authoritative WHOIS servers.
The Internet Assigned Numbers Authority is the global coordinator of most Internet protocol resources. Notably, registrars have to be accredited by IANA, thus IANA is the top-level registry. It maintains the list of accredited registrars, and runs a WHOIS server, too.
The Internet Corporation of Assigned Names and Numbers is not-for-profit public-benefit corporation which plays a coordinating role in the naming system of the Internet. They run the InterNIC website.
4 Types of WHOIS records
4.1 domain WHOIS records
Domain WHOIS records provide information on entities related to domains, typically SLDs.
4.2 IP WHOIS records
These describe entities related to IP addresses. We refer to https://ip-netblocks-whois-database.whoisxmlapi.com/blog/ip-whois-lookups-vs-an-ip-netblocks-whois-database for further details.
4.3 WHOIS records of registrars and registries
Registries and registrars also have special WHOIS records which can be obtained from certain WHOIS servers, e.g. from InterNIC WHOIS server, whois.internic.net.
4.4 registry WHOIS record
Registries run WHOIS services to provide registration information on the domains they are responsible for. The registry record can be modified by the designated registrar.
4.5 registrar WHOIS record
Most of the registrars also run WHOIS servers. The WHOIS records obtained from the registry and from the registrar are not always identical.
4.6 thin WHOIS record
A thin record has registrar and name server data but no contact data. Some registries and registrars provide thin data only (e.g. all .COM and .NET registry records are thin, the further details can be obtained by some additional web services, typically involving CAPTCHAs).
4.7 thick WHOIS record
A thick WHOIS record, as opposed to a thin record, contains all available WHOIS information. In some cases, even thin records may contain partial information, e.g. in some ccTLDs, all contact data are those of the registry operator.
5 WHOIS record fields
5.1 contact details in domain WHOIS records
WHOIS records have contact details (name, organization, postal address, phone number, e-mail) of the registrant and the registrar. Contact details facilitate a variety of validity checks which are useful in cybersecurity solutions. In addition, they can have the same type of contact information to be used in conjunction with other matters related to the domain. In case of domain WHOIS data, these include administrative, technical, billing, abuse, and zone contacts. Regardless of the presence of these latter contact details, it is the registrant, the holder of the domain who is entirely responsible for the domain. There is a significant debate going on about the privacy issues related to contact details. As the WHOIS system is not designed for privacy, it could become a source of data collection with malicious purposes. On the other hand, it is currently the only way to locate the owner of a resource, which is crucial in maintaining cybersecurity. Certain data protection regulations (notably the new GDPR of the EU) have already affected the WHOIS systems in some regions; the future consequences of this are largely uncertain.
5.1.1 administrative contact
A block of fields with contact details to be used in conjunction with administrative issues related to the domain.
5.1.2 technical contact
A block of fields with contact details details to be used in conjunction with technical issues related to the domain.
5.1.3 billing contact
A block of fields with contact details to be used in conjunction with billing issues related to the domain.
5.1.4 abuse contact
A block of fields with contact details to be used in conjunction with abuse issues, threats and other IT security related matters related to the domain.
5.1.5 zone contact
A block of fields with contact details to be used in conjunction with the DNS zones corresponding to the domain. The DNS zones are a part of the Domain Name System: they are sets of IP addresses for which the authority can be delegated. Hence, zone issues are related to IP number use and name resolution. A domain is related to one or more zones.
5.2 created date
A WHOIS field providing the datetime when the domain was registered.
5.3 updated date
A WHOIS field providing the datetime when the WHOIS record was last updated.
5.4 expires date
A WHOIS field providing the datetime when the registration of the record will expire. See also the status codes.
5.5 IANA ID
The identification number assigned to the registrar by IANA upon accreditation. It is contained in domain WHOIS records.
5.6 Domain status code
Domains have their life cycle, and they can be in several statuses. Domain WHOIS records nay contain one or more status codes, whose meaning is explained in detail at domainlife cycle. It can show that the domain has expired and is not visible anymore but its owner can still redeem it (i.e. it is in the redemption grace period), etc. For details see the list of status codes.
5.7 Name servers
Each domain has to have at least two name servers in the domain name system (DNS), e.g. so that when an user application is looking for a host in the domain, these servers resolve it to IP numbers. Domain WHOIS records contain information on the name servers of the domain.
6 Domain life cycle
Domains have their life cycles consisting of certain periods. Their current status can be deduced from the data in various whois fields, notably the domain status code.
6.1.1 Available / released
The domain name does not exist in the Domain Name System: either it has never existed or it was released, which makes it available for purchase.
6.1.2 Add grace period
A period of an average of 5 days after the registration of a domain in which the registration can be still canceled, or errors in the registration can be corrected. The domain is there in the zone file. Domains deleted during this period will be available again.
The domain is up and alive; it is in the DNS zone files and WHOIS records are supposed to be up-to-date. This period ends on the expiry date.
6.1.4 Auto-renew grace period
A period of up to 45 days which starts at the expiry date. During this period, the registrar may delete the domain e.g. if the registrant does not pay for it again. The domain may or may not be in the zone file during this period, so the related web pages, mail servers, etc. may or may not work. If renewed (possibly automatically), the domain remains registered with a new expiry date; otherwise, it starts its redemption grace period. It is also possible to transfer the domain during this period to a new registrar.
6.1.5 Renew grace period
A period similar to the add grace period, but provided after a renewal by the registrar.
6.1.6 Redemption grace period
or "Pending-delete restorable" period, of 30 days. The domain is not in the zone file anymore, so websites, e-mail, etc. do not work. Yet, the domain can be still redeemed (or restored) upon the registrant's request. All registrars are obliged to provide this opportunity to their clients for the 30-day period, as is enforced by their contract with ICANN. If not renewed (in which case it becomes registered again), the domain continues in the Pending Delete status.
6.2 Status codes
6.2.1 Codes set by the registry
It means that the domain is in the add grace period.
It means that the domain is in the Auto renew period.
It means that the domain is not active in the sense that no name servers are associated with it, so it cannot be used. It may be due to some delay in processing by the registrar, or some issues with its data.
It is the standard status of a domain showing that there are no pending operations or prohibitions.
It means that the registration of the domain is in progress.
It means that the domain is now in the pending delete status.
It means that the renewal of the domain has been initiated during the auto-renew grace period, so the domain is being renewed.
It means that the process of restoring the domain has been initiated in the redemption grace period and it is in progress.
It means that the domain is being transferred to a new registrar.
It means that an update of the domain, normally initiated by the registrant is in progress.
It means that the domain is in the redemption period.
It means that the domain is in the renew period.
A special status to prevent the domain from deletion for miscellaneous reasons, e.g. ongoing legal disputes.
A special status indicating that there are some issues with the domain which have to be resolved. The domain is inactive in the domain name system.
A special status showing that the domain cannot be renewed for various reasons, e.g. ongoing legal disputes.
A special status showing that the domain cannot be transferred from one registrar to another for various reasons, e.g. ongoing legal disputes.
A special status showing that the domain cannot be transferred from one registrar to another for various reasons, e.g. ongoing legal disputes or upon the registrant's request.
6.2.2 Codes set by the registrar
These all are uncommon statuses appearing in case of certain disputes or during the prevention of some malicious activity.
The registry will reject requests to delete the domain's registration.
The registry will not activate the domain and introduce it in the zone file.
The registry will reject renewal requests for this domain.
The registry will reject requests to transfer the domain from one registrar to the other.
The registry will reject requests to update the domain.
7 Other sources of WHOIS data
The rdap protocol is a proposed alternative to replace the WHOIS protocol, resolving many of its shortcomings. It is in an experimental phase, there are some pilot projects to introduce it, but the amount of WHOIS data available through this protocol is limited.
7.2 WEB-based WHOIS services
Many WHOIS servers provide web-based access to their WHOIS data. E.g. the InterNIC website has this service. Some services provide details only through their non-standard web pages, using CAPTCHAs and posing limitations against the queries to prevent from bulk use of their service.
7.3 WHOIS databases
WHOIS databases contain bulk WHOIS data collected from the decentralized WHOIS system into a central database, which can be relational or no-SQL based, depending on the application. A WHOIS database may contain all WHOIS data or just a part (e.g. for some domains or countries). It may be a (possibly historic) snapshot of the system on a given date or a continuously updated one to reflect the actual status. Such databases have many applications ranging from scientific research through cybersecurity to marketing. Due to the nature of the WHOIS system it is hard to set up a WHOIS database directly from the WHOIS system. WhoisXML API, Inc. offers downloadable datasets from which all possible WHOIS database configurations can be set up.
7.4 WHOIS APIs
The WHOIS system is frequently criticized because of the shortcomings of the WHOIS protocol, especially the lack of a standard, parsable data format and the limitations on WHOIS queries posed by servers. These make the use of WHOIS in its original form complicated in modern development environments. Various companies provide RESTful APIs providing WHOIS data as an alternative. WhoisXML API, Inc. offers market-leading RESTful WHOIS APIs providing real-time WHOIS data with high throughput and reliability.