How does WhoIs work?

Whois, pronounced "who is", is a system that allows users to look up the name and contact information of a registered domain name (website). When someone registers a new domain, the registrar asks for specific contact information, most of which is required by The Internet Corporation for Assigned Names and Numbers (ICANN). This information is held in the Whois Database, which is available for anyone to access through a Whois lookup tool like the one here at NameCheap. All you need is a website address to search for and contact the party responsible for any given internet resource.

Information contained within the lookup depends on the registrar to some extent. However, you’ll see details like who a domain is registered to, when it was registered, when it expires, and where the DNS is hosted. In some cases, you will have to go to the registrar's website to get more information.

The registrar will keep a record of your contact information and submit key details to the registry that’s maintaining the central directory for that top level domain (TLD). Similar to IP addresses, domain names must be unique so that they can be associated with a single entity, be it an individual or organization. This also eases the process of locating them within the domain name system.

Each Top Level Domain (TLD) — .com and .org, for example — has its own authoritative name server that provides other computers on the web the information needed to find a website, or route an email to its destination. For this reason, the Whois database is vital to the workings of the domain name system.

We’re going to help you understand the inner workings of the Whois lookup, how searches are performed and how the Whois records are organized. We’ll also cover Whois privacy, a tool which conceals your contact details in the DNS system if you’d prefer to keep this information private when registering your own domain.

The origins of Whois can be traced back to 1982 when the Internet Engineering Task Force released a protocol for ARPANET users. The protocol was a directory initially listing the contact information of any users transmitting data around ARPANET. As the internet evolved, the protocol changed. Until ICANN inherited the protocol in 1998, it remained fundamentally unchanged, based on those original IETF standards.

These days, Whois is not a single, centrally-operated database. Data is managed by independent entities known as registries and registrars that are using the same system standard. In 1999, ICANN opened up the market for other entities to provide domain name registration services. The new registries were given the responsibility of maintaining the registries of TLDs.

To become a registrar, the entity must earn accreditation from ICANN. Similarly, registries are under contract with ICANN to operate gTLDs, such as .com, .net, or new gTLDs like .cafe and .club. The .org registry, for example, is maintained by the Public Interest Registry (PIR) and their associated Whois service.

ICANN responded to the change in the direction and expansion of the internet by modifying the Whois service requirement agreements with registrars and registries over the years. These agreements set up the basic framework of how Whois would be operated. ICANN have implemented several policies to improve the Whois service for current users, including:

• Measures to track down malicious behavior

• Regulating the domain name registration process

• Helping businesses and other users and organizations in fighting fraud and safeguarding public interest

• Assisting in the battle against abusive uses of information

Whois might look like an acronym, but it’s simply a system that asks the question, "Who is the owner responsible for a domain name or IP address?"

Year after year, millions of people, from individuals to businesses, governments and organizations register domain names. When a domain name is registered, the person registering must provide contact information and something to identify them as the owner. The information provided is generally known as Whois data, held in a record within the Whois database.

We’ve mentioned that Whois is used for finding information about a domain's registration. The amount of information available in a record will depend on the type of TLD or ccTLD, and the registrar of the domain. For example, the .au domain provides limited information (the registrar name, the name and email of the registrant, domain status, and name servers) whereas many other registries, including .com, .org, and .net, provide full contact details, including domain registration and expiration dates, as well as the registrant’s name, domain status, and nameservers.

As we’ve discussed, Whois records vary from registrar to registrar, but they all share mandatory information provided during registration, including:

• The central registry information

  This shows the domain name, plus the company it was registered plus a link to their Whois server, nameservers, the status of the domain, and creation/expiration dates. Once you’ve got this information, the Whois client connects to the registrar's servers to locate the queried domain names contact information.

• Registrar information

  Includes contact information. This needs to be kept up to date, in the event of any problems regarding domain ownership, which will require that the details of a domain names ownership details be accurate so it can be resolved.

Whois records have proven themselves to very useful. They've become integral to the integrity of the process of domain name registration and site ownership.

Theoretically, anyone can identify a domain name registrant by searching the Whois protocol. A standard Whois search will provide anyone querying the public Whois database with information regarding a domain name. You can retrieve key data about a domain like ownership, availability, registration, and expiration details.

There are different ways to implement a whois search. Traditionally, a command line interface application was used, but nowadays, web based tools are widely used and have simplified the process.

Web-based Whois queries

ICANN has made Whois lookups as easy as possible these days. To perform a search, users only need to go to one of many web based Whois lookup tools, enter a domain name, and click "Lookup".

Command line Whois Queries

It’s possible to override third party services and perform a Whois query from your own computer. If you use a supporting operating system, you can use the Windows command prompt, or Linux’s lookup command, for example.

Search via a registrar

There are a few domain extensions where the record needs to be checked on the specific domain’s Whois server to perform a search. At the time of writing, there’s no standardized method for finding out the responsible Whois server for a given domain extension. This means these types of Whois lookups require extra work, like performing a search through the domain name's registrar to retrieve the details of ownership.

Whois IP Queries

It’s also possible to discover who controls an IP address. So-called IP lookups are browser-based tools used for discovering the contact data and IP geolocation for the owner of the address being queried. To perform an IP lookup, you just need to type the IP address into the IP lookup search box. If the owner doesn’t use domain privacy protection, the results will be displayed.

Whois is designed to work in the same way as a DNS query. The registry to be queried will depend on the furthest right part of the domain (e.g. .co.uk, .edu, .ny), the TLD. When an ISP doesn’t have this information in its cache, it can find which name server needs to be asked for any part of the domain name, starting with the root server. Root servers are located around the world and point computers querying the Whois database to the appropriate downstream servers that can answer the query.

This process illustrated above is for a "thick" registry. If the registry hasn’t yet transitioned to the thick model, it will be using the "thin" data model which requires an additional process query at the registrar's database to obtain the full Whois data for a domain name.

We’ve mentioned the different data models, thin and thick, used to store Whois information. Let’s look at them in more detail.

Thin Model

The Thin Whois lookup provides the registrar, name servers, and registration dates. For additional information, it's necessary to perform a further lookup, this time at the registrar on file, to get hold of full information on the domain name ownership.

Thick Model

With the Thick Whois lookup, you can attain additional information beyond what's available from a thin Whois record. The extra details may contain contact information (registrant, administrative, and technical).

A thick lookup supplies all the necessary information on who registered the domain name, where it is registered when it was registered, when it may expire and the nameservers it uses. With the thick model, only one Whois server needs to be contacted, ensuring more consistent data and slightly faster queries.

Some TLD registries have no Whois servers. This might be because they are new, or because they are relatively small. They are still obliged to provide other ways to query their databases, such as from the registry's website; there’s generally a link within the returned Whois record that you can follow. In other cases, they might provide limited information on their Whois servers, but, for full information, you will have to access that registry’s site.

Each top level domain handles Whois differently: each have different central Whois servers and different formats to respond in. For example, some top-level domains, including .com and .net, follow the thin Whois model, where domain registrars maintain their customers' data,whereas many larger, global TLD registries operate under the thick model. CcTLDs on the other hand play by their own rules, which vary nation to nation.

The records stored among domain registries vary; for instance, .com and .net are managed by the domain name registry VeriSign. These gTLDs operate differently than standard Whois systems. The central Whois server will display information regarding the domain registered, when it expires, and the registrar it was registered with; however, you’ll find nothing about the domain owner. Whois records on these TLDs will tell you the Whois server of the registrar that registered the domain. You must make a further Whois request against the registrar's Whois server to attain full information on the actual owner. This two-stage look up is understandable. There almost 100 million domain names registered with .com. By making this process twofold, Verisign’s data is easier to maintain and serve out.

ICANN is committed to providing unrestricted and public access to complete and accurate Whois information, subject to applicable laws. To do that, registrars and registries are required to allow access to data collected for all their registered domain names. It is important to understand that there is no way to hide the existence of a registered domain. Since ICANN required contact information is publicly available in Whois directories, anyone can perform a quick search on the Whois database to confirm the status of a domain.

You can’t duck out of Whois by providing inaccurate information. Failing to supply accurate and reliable information can result in the loss of your right to use the domain name.The information stored in a Whois record is collected at the stage when a domain name is initially registered. Chances are, the information will change over time and become of date. Updating this information is key since domain name registrants must adhere to the rules of their registrar, or they risk losing their domain name.

A registrar may require a response to an email that is sent to the email entered, or contact numbered entered in the Whois database. Submitting false data or failing to respond to registrar inquiries related to their data will risks a domain name being canceled or suspended.

Most registrars offer private domain registration services where the registrar's contact information is shown in place of the registrant’s contact details. With Whois privacy protection, the organization providing the domain privacy service is the domain registrant and contact.

All of a domain registrant’s contact details can be hidden from the Whois record simply by adding domain privacy. This service is offered by most registrars for an additional fee. The organization providing the domain privacy service replaces the registrant's contact information with their own. The domain registered will still show up in a Whois search, even with privacy, but the organization may appear as "Namecheap Whois Privacy Service" and an email address like "contact@namecheapwhoisprivacyservice.com."

It’s important to note that even if domain privacy services are in place, it's not a guarantee of anonymity. Registrars are legally obliged to release even private information.

Don't assume that your website is too small or insignificant to be searched for, even newly registered domains can see an influx of attention within moments of registration. If you are interested in protecting your contact details via private domain registration, look no further than Namecheap.

The domain privacy service provided by Withheld for Privacy prevents people from seeing your name, address, phone number and email. Best of all, it’s FREE for the life of your domain.