WHOIS is a TCP-based query-response protocol operating on port 43. It provides access to databases maintained by domain name registrars and Regional Internet Registries (RIRs). The protocol is designed to identify domain owners, registration dates, expiration timelines, and technical contact information for IP networks.
Technical Operation
A client sends a plain-text query to a WHOIS server, which responds with data including authoritative DNS servers and domain status codes like active or serverHold. While the original protocol is text-heavy, the newer RDAP (Registration Data Access Protocol) is replacing it in many scenarios to provide machine-readable JSON responses.
Engineers use WHOIS for network troubleshooting and verifying IP address blocks. Cybersecurity professionals utilize it to track malicious infrastructure during incident response. Since the enforcement of GDPR in 2018, many registries redact personal details such as names and phone numbers to comply with data protection laws.
A standard response contains fields such as Registrar WHOIS Server and Updated Date. ICANN policies mandate that registrants provide accurate data; failure to maintain valid contact information in the WHOIS record can result in domain cancellation or suspension by the registrar.