WhoisXML API Blog

Modern operating systems offer a variety of tools to retrieve DNS records. One of the simplest and most efficient tools for this purpose is the host command, a lightweight utility designed for quick, human-readable DNS queries on Linux and Unix-like systems.

In this guide, we’ll explain how it works, break down its syntax and options, and walk you through some practical examples. Whether you’re troubleshooting DNS issues or performing quick lookups, you’ll learn how to use host effectively — as well as what its limitations are and when you might want to consider alternatives like nslookup, dig, or a DNS Lookup API.

WhoisXML API analyzed 8.9+ million domains registered between 1 and 31 March 2026 that appeared in Newly Registered Domains to identify the most popular registrars, TLD extensions, and other global domain registration trends. This number rose by 1.7% from 8.7+ million NRDs last month.

We also determined the top TLD extensions used by 2.1+ million domains registered with malicious intent from the First Watch Malicious Domains Data Feed in March 2026. This number decreased by 11.6% from the previous month.

Next, we studied the top TLD extensions of 1.1+ million confirmed malicious domains from the Threat Intelligence Data Feeds this month, which rose by 4.8% from 1.0+ million in February.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

WhoisXML API analyzed 8.7+ million domains registered between 1 and 28 February 2026 that appeared in Newly Registered Domains to identify the most popular registrars, TLD extensions, and other global domain registration trends. This number dropped by 0.5% from 8.8+ million NRDs last month.

We also determined the top TLD extensions used by 2.3+ million domains registered with malicious intent from the First Watch Malicious Domains Data Feed in February 2026. This number increased by 5.4% from the previous month.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

In this post, we explain what the nslookup command does, how to use it, and when you might want to use a different tool for retrieving DNS data.

What could possibly go wrong when managing a domain? Buy it once, don’t forget to renew later — and that’s it, right? Well, those who do it for a living know that it’s more than just a set-it-and-forget-it task — there are plenty of other domain risks.

Why it matters (and why admins keep waking up at nights wondering whether they did something wrong with domain configurations) is that the price of making a mistake is very high when it comes to domain management. A single mistake can take down your website, affect email deliverability, or damage customer trust. 

This post breaks down some of the biggest risks associated with domains, illustrates them with real-life examples, and provides a remediation/mitigation/prevention plan.

Cyber attribution — the process of identifying the person or group behind a cyber attack or other activity — is, perhaps, one of the most interesting tasks in cybersecurity. It feels like detective work. You find clues and use them to identify the murderer, but in the case of cybersecurity, a) it’s not always the gardener, and b) you’re looking for cyber threat actors rather than murderers.

At the same time, cyber attribution is very challenging — those clues are often needles in large haystacks, and attributing something to a specific threat group is often quite difficult and time-consuming. Not to mention that the majority of analysts’ time is usually spent on threat containment. 

And yet, cyber attribution has to be done.