How to find out who owns a domain?

The short version

There are many reasons you might want to find out who owns a domain. You may want to buy it, sell them yours, clarify a trademark, or just want to chat. One of the ways to know who owns a domain is to consult the Whois directory and look at the associated Whois record for the domain name you’re interested in. Here’s a quick summary of what that entails:

As part of the domain registration process, registrants must provide their registrar with correct and dependable contact details and keep this information up to date. Failing to provide reliable information or a willful failure to replace out-of-date data supplied to a registrar can lead to your registration being canceled.

The registrar you pick will ask you to offer contact and technical records, some of which are required by ICANN (The Internet Corporation for Assigned Names and Numbers).

The registrar will maintain the registrant's information (known as the Whois record) and will publish certain technical records to the registry which maintains the critical directory for that TLD. Every TLD domain has an authoritative registry, which supplies computer systems connected through the Internet with the information essential to send you an email or to find your website. The Public Interest Registry (PIR), for instance, operates the .org registry.

Who (or What) is Whois lookup?

If you want to contact a website owner, their information isn’t on the website in question, and you desperately want to know if you can find out who owns a domain name, the Whois directory is a good place to start.

You’re probably pondering, what is Whois anyway, and how does Whois work? Well, Whois, pronounced "who is", is a system that allows users to look up the name and contact information of a registered domain name (website). When someone registers a new domain, the registrar asks for specific contact information, most of which is required by The Internet Corporation for Assigned Names and Numbers (ICANN).

This information is held in the Whois directory, which is available for anyone to access through a Whois lookup tool like the one here at Namecheap. All you need is a website address to search for and contact the party responsible for any given Internet resource.

Information contained within the lookup depends on the registrar to some extent. However, you’ll see details like who a domain is registered to, when it was registered, when it expires, and where the DNS is hosted. In some cases, you will have to go to the registrar's website to get more information.

The registrar will keep a record of your contact information and submit key details to the registry that’s maintaining the central directory for that top-level domain (TLD). Similar to IP addresses, domain names must be unique so that they can be associated with a single entity, be it an individual or organization. This also eases the process of locating them within the domain name system.

Each Top-Level Domain (TLD) — .com and .org, for example — has its own authoritative name server that provides other computers on the web the information needed to find a website, or route an email to its destination. For this reason, the Whois database is vital to the workings of the domain name system.

We’re going to help you understand the inner workings of the Whois lookup, how searches are performed and how the Whois records are organized. We’ll also cover Whois domain privacy, a tool that conceals your contact details in the DNS system if you’d prefer to keep this information private when registering your own domain.

The origins of Whois can be traced back to 1982 when the Internet Engineering Task Force released a protocol for ARPANET users. The protocol was a directory initially listing the contact information of any users transmitting data around ARPANET. As the Internet evolved, the protocol changed. Until ICANN inherited the protocol in 1998, it remained fundamentally unchanged, based on those original IETF standards.

These days, Whois is not a single, centrally-operated database. Data is managed by independent entities known as registries and registrars that are using the same system standard. In 1999, ICANN opened up the market for other entities to provide domain name registration services. The new registries were given the responsibility of maintaining the registries of TLDs.

To become a registrar, the entity must earn accreditation from ICANN. Similarly, registries are under contract with ICANN to operate gTLDs, such as .com, .net, or new gTLDs like .cafe and .club. The .org registry, for example, is maintained by the Public Interest Registry (PIR) and their associated Whois service.

Evolution of Whois

ICANN responded to the change in the direction and expansion of the internet by modifying the Whois service requirement agreements with registrars and registries over the years. These agreements set up the basic framework of how Whois would be operated. ICANN has implemented several policies to improve the Whois service for current users, including:

Measures to track down malicious behavior;
Regulating the domain name registration process;
Helping businesses and other users and organizations in fighting fraud and safeguarding the public interest;
Assisting in the battle against abusive uses of information.

How to use Whois

You will now learn how to see who owns a domain using Whois. It’s easy to do a Whois ‘lookup’ — theoretically, anyone can identify a domain name registrant.

A standard Whois search will provide anyone querying the public Whois database with information regarding a domain name. You can retrieve key data about a domain like ownership, availability, registration, and expiration details.

There are different ways to implement a whois search. Traditionally, a command-line interface application was used, but nowadays, web-based tools are widely used and have simplified the process.

Web-based Whois queries

ICANN has made Whois lookups incredibly easy. To perform a search, users only need to go to one of many web-based Whois lookup tools, enter a domain name, and click "Lookup".

Command-line Whois queries

It’s possible to override third-party services and perform a Whois query from your own computer. If you use a supporting operating system, you can use the Windows command prompt, or Linux’s lookup command, for example.

Search via a registrar

There are a few domain extensions where the record needs to be checked on the specific domain’s Whois server to perform a search. At the time of writing, there’s no standardized method for finding out the responsible Whois server for a given domain extension. This means these types of Whois lookups require extra work, like performing a search through the domain name's registrar to retrieve ownership details.

Whois IP queries

It’s also possible to discover who controls an IP address. So-called IP lookups are browser-based tools used for discovering the contact data and IP geolocation for the owner of the address being queried. To perform an IP lookup, you just need to type the IP address into the IP lookup search box. If the owner doesn’t use domain privacy protection, the results will be displayed.

Whois data

Whois might look like an acronym, but it’s simply a system that asks the question, "Who is the owner responsible for a domain name or IP address?"

Year after year, millions of people, from individuals to businesses, governments and organizations register domain names. When a domain name is registered, the person registering must provide contact information and something to identify them as the owner. The information provided is generally known as Whois data, held in a record within the Whois database.

You now know that you can use Whois to find information about a domain's registration. The amount of information available in a record will depend on the type of TLD or ccTLD, and the registrar of the domain. For example, the .au domain provides limited information (the registrar name, the name, and email of the registrant, domain status, and name servers) whereas many other registries, including .com, .org, and .net, provide full contact details, including domain registration and expiration dates, as well as the registrant’s name, domain status, and nameservers.

Breakdown of a Whois record

As we’ve discussed, Whois records vary from registrar to registrar, but they all share mandatory information provided during registration, including:

The central registry information
This shows the domain name, plus the company it was registered plus a link to their Whois server, nameservers, the status of the domain, and creation/expiration dates. Once you’ve got this information, the Whois client connects to the registrar's servers to locate the queried domain names' contact information.
Registrar information
Includes contact information. This needs to be kept up to date, in the event of any problems regarding domain ownership, which will require that the details of a domain name's ownership details be accurate so it can be resolved.

Whois records have proven themselves to be very useful. They've become integral to the integrity of the process of domain name registration and site ownership.

Querying Whois nameservers

Whois is designed to work in the same way as a DNS query. The registry to be queried will depend on the furthest right part of the domain (e.g. .co.uk, .edu, .ny), the TLD. When an ISP doesn’t have this information in its cache, it can find which name server needs to be asked for any part of the domain name, starting with the root server. Root servers are located worldwide and point computers querying the Whois database to the appropriate downstream servers that can answer the query.

This process illustrated above is for a "thick" registry. Suppose the registry hasn’t yet transitioned to the thick model. In that case, the "thin" data model will be used, which requires an additional process query at the registrar's database to obtain the complete Whois data for a domain name.

Whois thick and thin models

We’ve mentioned the different data models, thin and thick, used to store Whois information. Let’s look at them in more detail.

Thin model

The Thin Whois lookup provides the registrar, name servers, and registration dates. For additional information, it's necessary to perform a further lookup, this time at the registrar on file, to get hold of full information on the domain name ownership.

Thick model

With the Thick Whois lookup, you can attain additional information beyond what's available from a thin Whois record. The extra details may contain contact information (registrant, administrative, and technical).

A thick lookup supplies all the necessary information on:

who registered the domain name,
where it is registered,
when it was registered,
when it may expire,
and the nameservers it uses.

Only one Whois server needs to be contacted with the thick model, ensuring more consistent data and slightly faster queries.

TLDs handle Whois differently

Some TLD registries have no Whois servers. This might be because they are new, or because they are relatively small. They are still obliged to provide other ways to query their databases, such as from the registry's website; there’s generally a link within the returned Whois record that you can follow. In other cases, they might provide limited information on their Whois servers, but, for complete information, you will have to access that registry’s site.

Each top-level domain handles Whois differently: each has different central Whois servers and different formats to respond to. For example, some top-level domains, including .com and .net, follow the thin Whois model, where domain registrars maintain their customers' data, whereas much larger, global TLD registries operate under the thick model. CcTLDs on the other hand play by their own rules, which vary from nation to nation.

The records stored among domain registries vary; for instance, .com and .net are managed by the domain name registry VeriSign. These gTLDs operate differently than standard Whois systems. The central Whois server will display information regarding the domain registered, when it expires, and the registrar it was registered with; however, you’ll find nothing about the domain owner.

Whois records on these TLDs will tell you the registrar's Whois server that registered the domain. You must make a further Whois request against the registrar's whois server to attain full information on the actual owner. This two-stage look-up is understandable. There are almost 100 million domain names registered with .com. Verisign’s data is easier to maintain and serve by making this process twofold.

Accuracy of information

ICANN is committed to providing unrestricted and public access to complete and accurate Whois information, subject to applicable laws. To do that, registrars and registries are required to allow access to data collected for all their registered domain names. It is important to understand that there is no way to hide the existence of a registered domain. Since ICANN required contact information is publicly available in Whois directories, anyone can perform a quick search on the Whois database to confirm the status of a domain.

You can’t duck out of Whois by providing inaccurate information. Failing to supply accurate and reliable information can result in the loss of your right to use the domain name. The information stored in a Whois record is collected at the stage when a domain name is initially registered. Chances are, the information will change over time and become of date. Updating this information is the key since domain name registrants must adhere to the rules of their registrar, or they risk losing their domain name.

A registrar may require a response to an email that is sent to the email entered or contact number entered in the Whois database. Submitting false data or failing to respond to registrar inquiries about their data will risk a domain name being canceled or suspended.

Domain privacy

You’re probably wondering, what is domain privacy? Most registrars offer private domain registration services where the registrar's contact information is shown in place of the registrant’s contact details. With domain privacy protection, the organization providing the domain privacy service is the domain registrant and contact.

A domain registrant’s contact details can be hidden from the Whois record with domain privacy. Most registrars offer this service for an additional fee. The organization providing the domain privacy service replaces the registrant's contact information with their own. The domain registered will still show up in a Whois search, even with privacy, but the organization may appear as "Namecheap Whois Privacy Service" and an email address like "contact@namecheapwhoisprivacyservice.com."

It’s important to note that even if domain privacy services are in place, it's not a guarantee of anonymity. Registrars are legally obliged to release even private information.

Find out more about Domain Privacy →

Why you might want to keep your information private

Reduce spam

This article has shown you how to find the owner of a domain — and how easy it is with Whois. Unfortunately, leaving your contact details visible in a Whois search leaves you wide open to a great deal of spam.

Telemarketers scour Whois to develop lists to blanket target organizations via mass unsolicited emails trying to earn your business. Within moments of registering, your phone might be ringing with offers from web designers and others in the field with ‘deals’. The fun doesn’t stop there; you can also find yourself the victim of registration scams and fake alerts by giving your information out willingly.

Reduce identity theft

It might come as a surprise, but not all identity thieves are looking to score credit card information. As a domain owner, you need to be aware that scammers may try to take control of your site by using the information available. Domain privacy protection reduces the risk of someone creating an account in your name, causing havoc with your site, and any other malicious intent.

Control your contact information

Running a business site, you will likely have specific contact information listed, instead of providing your home phone number and personal email address for customers to make inquiries. Without domain privacy, you have no control of how and when people get in touch. Imagine being contacted at silly o’clock in the morning by a marketer trying to sell your business something.

Hide your physical location

Not everyone using the Internet is friendly. Listing your home or business address opens the floodgates for pranks and junk mail. On the extreme end, If something you post inflames others, they could target your property.

Your Whois data

Don't assume that your website is too small or insignificant to be searched for — even newly registered domains can see an influx of attention within moments of registration. If you are interested in protecting your contact details via private domain registration, look no further than Namecheap. The domain privacy service provided by Withheld for Privacy prevents people from seeing your name, address, phone number, and email. Best of all, it’s FREE for the life of your domain.