1. Knowledge Base
  2. WHOIS Domain Data

Where can I learn more about WHOIS-related terms?

1 Domains, domain names

The naming of resources on the Internet is organized into the well-known dot-separated hierarchy of domain names, like "whoisxmlapi.com". Their exact syntax is specified by RFCs 10351123, and 2181.

1.1 top-level domain (TLD)

The top level domain is the last portion of a domain name separated by a dot, e,g. ".com", and the highest level of the hierarchy of the domain name system. TLDs can be subdivided into categories: there are ccTLDs and gTLDs.

1.1.1 ccTLD

Country-code top-level domains, as specified in RFC 1591, are ISO-3166 country codes, e.g. ".uk" for United Kingdom. Since 2018, IANA has been introducing internationalized country code top-level domains consisting of language-native characters when displayed in end-user applications.

1.1.2 gTLD

Generic TLDs, independent of countries, were originally those in the short list in RFC 1591: .edu, .com, .net, .org, .gov, .mil, .int. Currently, their standard list is extended with .info, .us, .biz, .asia, .tel, and .aero. Their list has then been significantly extended with new gTLDs.

  1. new gTLD

    ICANN announced the "New GTLD program" around 2012, which has opened doors for registering a larger number of gTLDs in addition to the original few. More than 1000 new gTLDs have been registered so far.

1.2 second-level domain (SLD)

It is the second level in the domains hierarchy, e.g. "whoisxmlapi.com" is an SLD in the TLD ".com".

2 WHOIS system

A worldwide distributed database containing information about entities related to Internet resources such as domain names or IP addresses. It is the "phone-book of the Internet".

2.1 WHOIS data

The data available in the WHOIS system. It is organized into WHOIS records. The records can have different field structure on different WHOIS servers.

2.2 WHOIS server

Servers holding WHOIS data. They are typically operated by registries and registrars, and use the WHOIS protocol.

2.2.1 Authoritative WHOIS server

A WHOIS server which provides original WHOIS data that was not obtained from another WHOIS server, serving as the primary source of the information.

2.2.2 Non-authoritative WHOIS server

A WHOIS server which provides WHOIS data collected and cached from other, typically authoritative WHOIS servers.

2.3 WHOIS protocol

A query/response protocol to obtain WHOIS data from a WHOIS server. It is specified in RFC 3912. It provides data in a textual form with strictly defined structure. It lacks standards internationalization and security. The frequency of the queries are limited on some WHOIS servers.

3 Entities related to the WHOIS system

3.1 registry

Registries are organizations mainly responsible for the domain name system (DNS) and IP WHOIS data. Besides the five regional registries (RIRs):

  • ARIN, North America
  • APNIC, Asia-Pacific
  • AfriNIC, Africa
  • RIPE NCC, Europe
  • LACNIC, Latin America/Caribbean

there are smaller local Internet registries, with scopes of a country or a smaller region. Registries typically run WHOIS servers which are authoritative for IP WHOIS data and also provide Domain WHOIS records, possibly non-authoritatively.

3.2 registrar

A registrar is an organization which manages domain name registrations. Registrars are contracted by registries and have to be accredited by IANA. Upon accreditation, they get an ID from IANA and they are put on the list of accredited registrars. The end-users choose a designated registrar to provide the registration service for the chosen domain. Registrars run authoritative WHOIS servers.

3.3 registrant

The entity that has registered the domain, owns it and is responsible for it.

3.4 IANA

The Internet Assigned Numbers Authority is the global coordinator of most Internet protocol resources. Notably, registrars have to be accredited by IANA, thus IANA is the top-level registry. It maintains the list of accredited registrars, and runs a WHOIS server, too.

3.5 ICANN

The Internet Corporation of Assigned Names and Numbers is not-for-profit public-benefit corporation which plays a coordinating role in the naming system of the Internet. They run the InterNIC website.

3.6 InterNIC website

https://www.internic.net is run by ICANN in order to provide public information on internet domain name registration services. They also run a WHOIS server, whois.internic.net.

4 Types of WHOIS records

4.1 domain WHOIS records

Domain WHOIS records provide information on entities related to domains, typically SLDs.

4.2 IP WHOIS records

These describe entities related to IP addresses. We refer to https://ip-netblocks-whois-database.whoisxmlapi.com/blog/ip-whois-lookups-vs-an-ip-netblocks-whois-database for further details.

4.3 WHOIS records of registrars and registries

Registries and registrars also have special WHOIS records which can be obtained from certain WHOIS servers, e.g. from InterNIC WHOIS server, whois.internic.net.

4.4 registry WHOIS record

Registries run WHOIS services to provide registration information on the domains they are responsible for. The registry record can be modified by the designated registrar.

4.5 registrar WHOIS record

Most of the registrars also run WHOIS servers. The WHOIS records obtained from the registry and from the registrar are not always identical.

4.6 thin WHOIS record

A thin record has registrar and name server data but no contact data. Some registries and registrars provide thin data only (e.g. all .COM and .NET registry records are thin, the further details can be obtained by some additional web services, typically involving CAPTCHAs).

4.7 thick WHOIS record

A thick WHOIS record, as opposed to a thin record, contains all available WHOIS information. In some cases, even thin records may contain partial information, e.g. in some ccTLDs, all contact data are those of the registry operator.

5 WHOIS record fields

5.1 contact details in domain WHOIS records

WHOIS records have contact details (name, organization, postal address, phone number, e-mail) of the registrant and the registrar. Contact details facilitate a variety of validity checks which are useful in cybersecurity solutions. In addition, they can have the same type of contact information to be used in conjunction with other matters related to the domain. In case of domain WHOIS data, these include administrative, technical, billing, abuse, and zone contacts. Regardless of the presence of these latter contact details, it is the registrant, the holder of the domain who is entirely responsible for the domain. There is a significant debate going on about the privacy issues related to contact details. As the WHOIS system is not designed for privacy, it could become a source of data collection with malicious purposes. On the other hand, it is currently the only way to locate the owner of a resource, which is crucial in maintaining cybersecurity. Certain data protection regulations (notably the new GDPR of the EU) have already affected the WHOIS systems in some regions; the future consequences of this are largely uncertain.

5.1.1 administrative contact

A block of fields with contact details to be used in conjunction with administrative issues related to the domain.

5.1.2 technical contact

A block of fields with contact details details to be used in conjunction with technical issues related to the domain.

5.1.3 billing contact

A block of fields with contact details to be used in conjunction with billing issues related to the domain.

5.1.4 abuse contact

A block of fields with contact details to be used in conjunction with abuse issues, threats and other IT security related matters related to the domain.

5.1.5 zone contact

A block of fields with contact details to be used in conjunction with the DNS zones corresponding to the domain. The DNS zones are a part of the Domain Name System: they are sets of IP addresses for which the authority can be delegated. Hence, zone issues are related to IP number use and name resolution. A domain is related to one or more zones.

5.2 created date

A WHOIS field providing the datetime when the domain was registered.

5.3 updated date

A WHOIS field providing the datetime when the WHOIS record was last updated.

5.4 expires date

A WHOIS field providing the datetime when the registration of the record will expire. See also the status codes.

5.5 IANA ID

The identification number assigned to the registrar by IANA upon accreditation. It is contained in domain WHOIS records.

5.6 Domain status code

Domains have their life cycle, and they can be in several statuses. Domain WHOIS records nay contain one or more status codes, whose meaning is explained in detail at domainlife cycle. It can show that the domain has expired and is not visible anymore but its owner can still redeem it (i.e. it is in the redemption grace period), etc. For details see the list of status codes.

5.7 Name servers

Each domain has to have at least two name servers in the domain name system (DNS), e.g. so that when an user application is looking for a host in the domain, these servers resolve it to IP numbers. Domain WHOIS records contain information on the name servers of the domain.

6 Domain life cycle

Domains have their life cycles consisting of certain periods. Their current status can be deduced from the data in various whois fields, notably the domain status code.

6.1 Periods

6.1.1 Available / released

The domain name does not exist in the Domain Name System: either it has never existed or it was released, which makes it available for purchase.

6.1.2 Add grace period

A period of an average of 5 days after the registration of a domain in which the registration can be still canceled, or errors in the registration can be corrected. The domain is there in the zone file. Domains deleted during this period will be available again.

6.1.3 Registered

The domain is up and alive; it is in the DNS zone files and WHOIS records are supposed to be up-to-date. This period ends on the expiry date.

6.1.4 Auto-renew grace period

A period of up to 45 days which starts at the expiry date. During this period, the registrar may delete the domain e.g. if the registrant does not pay for it again. The domain may or may not be in the zone file during this period, so the related web pages, mail servers, etc. may or may not work. If renewed (possibly automatically), the domain remains registered with a new expiry date; otherwise, it starts its redemption grace period. It is also possible to transfer the domain during this period to a new registrar.

6.1.5 Renew grace period

A period similar to the add grace period, but provided after a renewal by the registrar.

6.1.6 Redemption grace period

or "Pending-delete restorable" period, of 30 days. The domain is not in the zone file anymore, so websites, e-mail, etc. do not work. Yet, the domain can be still redeemed (or restored) upon the registrant's request. All registrars are obliged to provide this opportunity to their clients for the 30-day period, as is enforced by their contract with ICANN. If not renewed (in which case it becomes registered again), the domain continues in the Pending Delete status.

6.1.7 Pending delete

A five-day period before the deletion/release of the domain. At this stage the deletion is not reversible anymore. The domain is not in the zone file, and it ceases to work. After this stage the domain name will be available again.

6.2 Status codes

6.2.1 Codes set by the registry

 
  1. addPeriod

    It means that the domain is in the add grace period.

  2. autoRenewPeriod

    It means that the domain is in the Auto renew period.

  3. inactive

    It means that the domain is not active in the sense that no name servers are associated with it, so it cannot be used. It may be due to some delay in processing by the registrar, or some issues with its data.

  4. ok

    It is the standard status of a domain showing that there are no pending operations or prohibitions.

  5. pendingCreate

    It means that the registration of the domain is in progress.

  6. pendingDelete

    It means that the domain is now in the pending delete status.

  7. pendingRenew

    It means that the renewal of the domain has been initiated during the auto-renew grace period, so the domain is being renewed.

  8. pendingRestore

    It means that the process of restoring the domain has been initiated in the redemption grace period and it is in progress.

  9. pendingTransfer

    It means that the domain is being transferred to a new registrar.

  10. pendingUpdate

    It means that an update of the domain, normally initiated by the registrant is in progress.

  11. redemptionPeriod

    It means that the domain is in the redemption period.

  12. renewPeriod

    It means that the domain is in the renew period.

  13. serverDeleteProhibited

    A special status to prevent the domain from deletion for miscellaneous reasons, e.g. ongoing legal disputes.

  14. serverHold

    A special status indicating that there are some issues with the domain which have to be resolved. The domain is inactive in the domain name system.

  15. serverRenewProhibited

    A special status showing that the domain cannot be renewed for various reasons, e.g. ongoing legal disputes.

  16. serverTransferProhibited

    A special status showing that the domain cannot be transferred from one registrar to another for various reasons, e.g. ongoing legal disputes.

  17. serverUpdateProhibited

    A special status showing that the domain cannot be transferred from one registrar to another for various reasons, e.g. ongoing legal disputes or upon the registrant's request.

6.2.2 Codes set by the registrar

These all are uncommon statuses appearing in case of certain disputes or during the prevention of some malicious activity.

  1. clientDeleteProhibited

    The registry will reject requests to delete the domain's registration.

  2. clientHold

    The registry will not activate the domain and introduce it in the zone file.

  3. clientRenewProhibited

    The registry will reject renewal requests for this domain.

  4. clientTransferProhibited

    The registry will reject requests to transfer the domain from one registrar to the other.

  5. clientUpdateProhibited

    The registry will reject requests to update the domain.

7 Other sources of WHOIS data

7.1 rdap

The rdap protocol is a proposed alternative to replace the WHOIS protocol, resolving many of its shortcomings. It is in an experimental phase, there are some pilot projects to introduce it, but the amount of WHOIS data available through this protocol is limited.

7.2 WEB-based WHOIS services

Many WHOIS servers provide web-based access to their WHOIS data. E.g. the InterNIC website has this service. Some services provide details only through their non-standard web pages, using CAPTCHAs and posing limitations against the queries to prevent from bulk use of their service.

7.3 WHOIS databases

WHOIS databases contain bulk WHOIS data collected from the decentralized WHOIS system into a central database, which can be relational or no-SQL based, depending on the application. A WHOIS database may contain all WHOIS data or just a part (e.g. for some domains or countries). It may be a (possibly historic) snapshot of the system on a given date or a continuously updated one to reflect the actual status. Such databases have many applications ranging from scientific research through cybersecurity to marketing. Due to the nature of the WHOIS system it is hard to set up a WHOIS database directly from the WHOIS system. WhoisXML API, Inc. offers downloadable datasets from which all possible WHOIS database configurations can be set up.

7.4 WHOIS APIs

The WHOIS system is frequently criticized because of the shortcomings of the WHOIS protocol, especially the lack of a standard, parsable data format and the limitations on WHOIS queries posed by servers. These make the use of WHOIS in its original form complicated in modern development environments. Various companies provide RESTful APIs providing WHOIS data as an alternative. WhoisXML API, Inc. offers market-leading RESTful WHOIS APIs providing real-time WHOIS data with high throughput and reliability.