Network Tools.com Logo




Our Tools









Whois

The whois tool let you get a domain's public registration information.

Usage

In the text box, enter one of:

  • A domain name.
  • An IP address in standard form.
  • An IP address as a single decimal number, with the "Convert Base-10 to IP" box checked.

When to use it

The whois tool has several uses:

  • Finding out who owns a domain.
  • Finding out if it's active, expired, or available.
  • Getting domain contact information.
  • Finding the domain's DNS servers.
  • Seeing when its registration information was last updated.

Using whois to gather information for spamming is explicitly disallowed.

What it does

The whois tool sends an inquiry to a whois server to get information on the domain. We use several reliable servers, depending on the top-level domain in your query. For .com and .net domains, the query goes to whois.internic.net. If you enter an IP address, the tool will do a reverse DNS lookup to get the associated domain name.

There's no standard format for whois information. Typically, you'll see the following kinds of data:

  • The registered domain name and registry ID
  • The domain's dates of creation, expiration, and last modification
  • The registrar's URL, contact information, and whois server
  • The domain holder's name and contact information
  • The name servers for the domain

If the domain is unknown, you'll see the message "No match for domain." This is a good indication that a domain is available but not an absolute guarantee. The server's information may not be up to date, or it may be unavailable even though it isn't registered. If you enter an invalid top-level domain (e.g., example.qwert), you'll see "No whois server known for the given domain."

You can specify a subdomain in a query (e.g., xyz.example.com). The results will depend on how the registered domain is set up. If it supports user-created domains, you'll probably get the information on the registered domain, even if the subdomain doesn't exist. If the subdomain is hosted on a different server, you might get information on the host rather than the owning domain. It's really not useful to perform whois queries on subdomains.

Internationalized domain names (IDNs) can contain UTF-8 characters in addition to ASCII. To query these, you need to take an extra step. Click on "IDN Conversion," which will take you to a page with a conversion form. Type or paste the domain name in the "native characters" field and click "Convert." You will get an ASCII-converted form of the domain in the "Punycode" field. Copy and paste this for the whois tool to run a query on the domain.

Punycode is a way of encoding UTF-8 text in ASCII, recognized by RFC 3492. It's optimized for domain names. Most browsers and whois servers recognize it. You can use Punycode conversion with any of the tools.

The information about the domain is often followed by notices and terms of use from the whois provider. These aren't from us, and we have no control over them.

A deeper look

You'll sometimes hear about "the whois database," but it doesn't exist. There isn't any worldwide repository of whois records. Each domain registrar collects its own information and makes it available to whois services. Any given whois server covers one or a few TLDs. All of them are supposed to conform to the ICANN requirements. Very often, they don't. A domain can give every appearance of belonging to a well-known organization yet be a fake.

After registering a domain or updating its information, it can take anywhere from a few minutes to a few weeks for whois servers to get up to date. This is the main reason why a whois result isn't a strong guarantee that a domain is available or unavailable.

Every domain holder is supposed to provide contact information, which will be published through whois services. Many registrars offer a privacy option, where the registrar's information is published instead of the domain owner's contact data. This is an attractive option for individuals, who don't want their phone numbers available to every telemarketer and crank.

A few TLDs don't provide a public whois interface. We may not be able to give you information on those domains. The .aq (Antarctica) top-level domain is an example.

ICANN requires domain holders to give accurate information and keep it updated. In practice, registrars can't verify it all. Domains engaging in illegal activity are especially likely to register with intentionally inaccurate contact data.

Domains can be hijacked when their owners don't take enough precautions. Taking away the registration is one way to do this. If a domain starts to display unexpected content and the whois information shows a change in registrars, that's likely what happened.

Requests for whois information follow the WHOIS protocol, specified in RFC 3912. Domain registries can follow a "thin" or "thick" data model. Both models include information about the registrar, domain status, creation and expiration dates, name server data, and the date of the latest update. The thick model also includes administrative, billing, and technical contact information. The .com and .net TLDs use the thin model, limiting the usefulness of a whois query in identifying a domain's owner.

The protocol gives no guidance about character encoding. Plain ASCII and UTF-8 are the most common, but there's no guarantee a server will use them.

Whois servers impose a limit on how many queries they will accept from one source in a given time period. We try not to let it happen, but if our site becomes busy, your query might be rejected. Whois servers, like any other servers, can go down or be hit by DDoS attacks. If you're not getting a response, just wait a while and try later.

Interesting stuff

The beginnings of whois requests go all the way back to Arpanet in the 1980s. Originally it could look up not just servers but people and other information, and it allowed wild-card requests. Arpanet was a much smaller and more trusting network than the Internet is today.