WHOIS

A decades-old protocol and public database for looking up the registered owner of an IP address, ASN, or domain name.

Last updated: April 21, 2026

What is WHOIS?

WHOIS is a query-and-response protocol for retrieving the registered owner of an internet resource — a domain name, an IP address block, or an ASN. It was defined in the 1980s (RFC 3912 is the current specification) and originally ran over TCP port 43 as plain text. WHOIS remains widely deployed, but RDAP is the modern replacement, providing the same data in structured JSON over HTTPS.

What WHOIS returns

For a domain name (e.g. example.com), WHOIS returns:

Registrar (the company that sold the registration)
Registration date and expiry date
Name servers
Registrant contact (though most fields are now redacted under GDPR and ICANN's registration data policy)

For an IP address, WHOIS returns:

The allocated range (a CIDR block) that contains the IP
The organization that holds the allocation
Abuse contact details — the email address to report abuse originating from that block
Parent ASN

Limitations and replacement

WHOIS has accumulated significant problems over its 40-year history:

Inconsistent output — each registry and registrar formats responses differently, so parsing requires dozens of regex rules
No internationalization — non-ASCII registrant data doesn't round-trip
No authentication or access tiers — it's either fully public or fully hidden
Privacy conflicts — GDPR forced registrars to redact most personal fields in 2018, leaving responses much less useful

These limitations are why ICANN mandated RDAP as the replacement in 2019. Most modern tools now fall back to WHOIS only when RDAP is unavailable. Our WHOIS lookup tool queries both protocols and presents the richest available data.

Frequently Asked Questions

Yes — WHOIS was designed as a fully public protocol with no authentication. Anyone can query it. However, much of the personal data that used to be returned (registrant name, email, phone, postal address) is now redacted or replaced with proxy services because of GDPR and ICANN's 2018 registration data policy. The structural fields — registrar, dates, name servers, IP allocation, abuse contact — remain public.

In 2018 the EU's GDPR took effect and made the public listing of personal contact details for EU residents incompatible with privacy law. ICANN responded with a Temporary Specification that required registrars worldwide to redact most personal fields by default, since registrars cannot easily tell which registrants are EU residents. The redaction has since become permanent under ICANN's Registration Data Policy. Law enforcement and IP-rights holders can still request the full data through formal disclosure channels.

RDAP (Registration Data Access Protocol) is the modern replacement for WHOIS. It returns the same data but in structured JSON over HTTPS instead of unstructured text over TCP port 43. RDAP supports internationalized data, has a consistent response format across registries, and includes built-in access tiers so registrars can release more detail to authenticated requesters. ICANN mandated RDAP support for all gTLD registries in 2019; WHOIS still works as a fallback.

Sometimes. Pre-2018 it usually could; today most consumer domain registrations are behind privacy protection or full GDPR redaction that hides the registrant's name and contact details. The registrar, registration date, expiry date, and name servers are still visible. For business domains, the registrant organization is often still listed because legal-entity data is not protected the same way as personal data.

Variable. Registrars are required by ICANN to validate registrant contact data, but enforcement is uneven and bulk fraud registrations frequently use forged details. Allocation data for IP addresses and ASNs (held by the RIRs — ARIN, RIPE, APNIC, LACNIC, AFRINIC) is significantly more reliable because the RIRs require ongoing organizational verification to maintain an allocation.

Back to glossary