WhoisXML API Blog

WhoisXML API has released a Python script that tells you whether a domain’s top-level domain (TLD) (including multi-level TLDs like .co.uk) supports RDAP, WHOIS, both protocols, or neither, based on a reference TLD dataset.

The script is useful for anyone performing programmatic WHOIS lookups who wants to know in advance which protocol a TLD responds to. It works in two modes and requires a TLD reference CSV (which you can get from rdap.wxapros.com) as its first input:

WhoisXML API is proud to have been named one of the companies that continues to make an impact in the Pacific by Inc. in 2026, ranking 121st in the Regionals list.

The Inc. Regionals list acknowledges the achievements of private companies in generating sustainable growth and jobs. Making it to the list means the company has had remarkable revenue growth over a two-year period (2022–2024) and met strict revenue requirements during those years.

Modern operating systems offer a variety of tools to retrieve DNS records. One of the simplest and most efficient tools for this purpose is the host command, a lightweight utility designed for quick, human-readable DNS queries on Linux and Unix-like systems.

In this guide, we’ll explain how it works, break down its syntax and options, and walk you through some practical examples. Whether you’re troubleshooting DNS issues or performing quick lookups, you’ll learn how to use host effectively — as well as what its limitations are and when you might want to consider alternatives like nslookup, dig, or a DNS Lookup API.

WhoisXML API analyzed 8.9+ million domains registered between 1 and 31 March 2026 that appeared in Newly Registered Domains to identify the most popular registrars, TLD extensions, and other global domain registration trends. This number rose by 1.7% from 8.7+ million NRDs last month.

We also determined the top TLD extensions used by 2.1+ million domains registered with malicious intent from the First Watch Malicious Domains Data Feed in March 2026. This number decreased by 11.6% from the previous month.

Next, we studied the top TLD extensions of 1.1+ million confirmed malicious domains from the Threat Intelligence Data Feeds this month, which rose by 4.8% from 1.0+ million in February.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.

Understanding a domain’s infrastructure starts with knowing where it points, and one of the things to check is name servers — the servers that store DNS records and answer queries about domain names, translating them into IP addresses. Name servers are one of the components that make DNS resolution possible, and they are defined by NS records.

Every domain is associated with at least one NS record, and so, NS records could be a valuable source of information when investigating something domain-related. For example, many threat actors tend to use the same DNS setup across their domain-based campaigns. So, in many cases, a group of malicious domains would have the same NS records. Find one such domain, look up its NS record — and it becomes a signal for identifying other domains in the cluster used by the same threat actor.

For identifying such domain clusters that share the same DNS delegation patterns, you’ll need to do a reverse NS lookup. This post explains what it is, how it works, and how to do it.

WhoisXML API analyzed 8.7+ million domains registered between 1 and 28 February 2026 that appeared in Newly Registered Domains to identify the most popular registrars, TLD extensions, and other global domain registration trends. This number dropped by 0.5% from 8.8+ million NRDs last month.

We also determined the top TLD extensions used by 2.3+ million domains registered with malicious intent from the First Watch Malicious Domains Data Feed in February 2026. This number increased by 5.4% from the previous month.

Finally, we summed up our findings and provided links to the threat reports produced using DNS and domain intelligence sources during the period.