- The Most Common Reasons Why a Reverse DNS Lookup is Utilized
- Protect Your Website with Reverse DNS Lookup
- Domain Name System Primer
- WHOIS Database Download: 5 Newsworthy Use Cases
- Manage Your Domain’s WHOIS Database Downloads Effectively Now!
- Using BASH and other Linux tools on Windows 10 for processing WHOIS data
- 5 uses of WHOIS data for Cyber Security Professionals
- Things you need to know about WHOIS Data – FAQs
- WHOIS Database Download: 13 Business, Cybersecurity, and other Applications Explored
- The Benefits Finance Specialists and Fraud Detection Experts Can Get from WHOIS Databases
- Marketing and Media Teams Can Streamline Their Services with WHOIS Databases
- How Domainers and Registrars Can Leverage WHOIS Databases
- WHOIS Databases for Cybersecurity, Threat Intelligence, and Law Enforcement
- Setting up a whois database from WhoisXML API data
- The use of WHOIS databases in practice and research
- On the Way to a Safer Internet: 5 Tough Challenges to Overcome with WHOIS API
- Research Any Domain’s History With WHOIS History API!
- Discover Which IP Range a Suspicious IP Belongs to by Using IP Netblocks WHOIS Data Feed – and Keep Your Network Safe
- IP WHOIS lookups vs. an IP Netblocks WHOIS database
- Who owns the Internet? IP Netblocks WHOIS Data will tell you
- The IP Geolocation API Guide: Why Tracking Web Users’ Whereabouts Matters
- IP Geolocation Analysis in Python Made Simple
- The Collaboration Between Machine Learning and IP Geolocation
- 3 Reasons To Use IP Geolocation API To Enhance Location Targeting and Improve Mobile Marketing
- How IP Geolocation can Help Business Security Management
- Is It Time for an IP Geolocation Registry?
- How IP Geolocation Can Improve Price Optimization Strategies
- Where? Here: An Introduction to IP Geolocation
- IP Geolocation Finds Hacker Origins of Attack
- How to obtain IP geolocation data?
- The use of IP geolocation data: an overview
- IP Geolocation API by WHOIS API, Inc. Launches Comprehensive IP Geolocation Database
- How Does IPv6 Compare With IPv4 Geolocation?
- Geolocation Usage in Modern Marketing
- IP Address Geolocation: 4 Secrets You Didn’t Know
A hierarchical glossary of domain WHOIS-related terms
Table of Contents
- 1. Domains, domain names
- 2. WHOIS system
- 3. Entities related to the WHOIS system
- 4. Types of WHOIS records
- 5. WHOIS record fields
- 6. Domain life cycle
- 7. Other sources of WHOIS data
1 Domains, domain names
1.1 top-level domain (TLD)
The top level domain is the last portion of a domain name separated by a dot, e,g. ".com", and the highest level of the hierarchy of the domain name system. TLDs can be subdivided into categories: there are ccTLDs and gTLDs.
Generic TLDs, independent of countries, were originally those in the short list in RFC 1591: .edu, .com, .net, .org, .gov, .mil, .int. Currently, their standard list is extended with .info, .us, .biz, .asia, .tel, and .aero. Their list has then been significantly extended with new gTLDs.
A worldwide distributed database containing information about entities related to Internet resources such as domain names or IP addresses. It is the "phone-book of the Internet".
A WHOIS server which provides original WHOIS data that was not obtained from another WHOIS server, serving as the primary source of the information.
A WHOIS server which provides WHOIS data collected and cached from other, typically authoritative WHOIS servers.
A query/response protocol to obtain WHOIS data from a WHOIS server. It is specified in RFC 3912. It provides data in a textual form with strictly defined structure. It lacks standards internationalization and security. The frequency of the queries are limited on some WHOIS servers.
3 Entities related to the WHOIS system
Registries are organizations mainly responsible for the domain name system (DNS) and IP WHOIS data. Besides the five regional registries (RIRs):
- ARIN, North America
- APNIC, Asia-Pacific
- AfriNIC, Africa
- RIPE NCC, Europe
- LACNIC, Latin America/Caribbean
there are smaller local Internet registries, with scopes of a country or a smaller region. Registries typically run WHOIS servers which are authoritative for IP WHOIS data and also provide Domain WHOIS records, possibly non-authoritatively.
A registrar is an organization which manages domain name registrations. Registrars are contracted by registries and have to be accredited by IANA. Upon accreditation, they get an ID from IANA and they are put on the list of accredited registrars. The end-users choose a designated registrar to provide the registration service for the chosen domain. Registrars run authoritative WHOIS servers.
The Internet Corporation of Assigned Names and Numbers is not-for-profit public-benefit corporation which plays a coordinating role in the naming system of the Internet. They run the InterNIC website.
4 Types of WHOIS records
Domain WHOIS records provide information on entities related to domains, typically SLDs.
These describe entities related to IP addresses. We refer to https://ip-netblocks-whois-database.whoisxmlapi.com/blog/ip-whois-lookups-vs-an-ip-netblocks-whois-database for further details.
4.3 WHOIS records of registrars and registries
Registries and registrars also have special WHOIS records which can be obtained from certain WHOIS servers, e.g. from InterNIC WHOIS server, whois.internic.net.
4.4 registry WHOIS record
Registries run WHOIS services to provide registration information on the domains they are responsible for. The registry record can be modified by the designated registrar.
4.5 registrar WHOIS record
Most of the registrars also run WHOIS servers. The WHOIS records obtained from the registry and from the registrar are not always identical.
4.6 thin WHOIS record
A thin record has registrar and name server data but no contact data. Some registries and registrars provide thin data only (e.g. all .COM and .NET registry records are thin, the further details can be obtained by some additional web services, typically involving CAPTCHAs).
4.7 thick WHOIS record
A thick WHOIS record, as opposed to a thin record, contains all available WHOIS information. In some cases, even thin records may contain partial information, e.g. in some ccTLDs, all contact data are those of the registry operator.
WHOIS records have contact details (name, organization, postal address, phone number, e-mail) of the registrant and the registrar. Contact details facilitate a variety of validity checks which are useful in cybersecurity solutions. In addition, they can have the same type of contact information to be used in conjunction with other matters related to the domain. In case of domain WHOIS data, these include administrative, technical, billing, abuse, and zone contacts. Regardless of the presence of these latter contact details, it is the registrant, the holder of the domain who is entirely responsible for the domain. There is a significant debate going on about the privacy issues related to contact details. As the WHOIS system is not designed for privacy, it could become a source of data collection with malicious purposes. On the other hand, it is currently the only way to locate the owner of a resource, which is crucial in maintaining cybersecurity. Certain data protection regulations (notably the new GDPR of the EU) have already affected the WHOIS systems in some regions; the future consequences of this are largely uncertain.
A block of fields with contact details to be used in conjunction with administrative issues related to the domain.
A block of fields with contact details details to be used in conjunction with technical issues related to the domain.
A block of fields with contact details to be used in conjunction with billing issues related to the domain.
A block of fields with contact details to be used in conjunction with abuse issues, threats and other IT security related matters related to the domain.
A block of fields with contact details to be used in conjunction with the DNS zones corresponding to the domain. The DNS zones are a part of the Domain Name System: they are sets of IP addresses for which the authority can be delegated. Hence, zone issues are related to IP number use and name resolution. A domain is related to one or more zones.
5.2 created date
A WHOIS field providing the datetime when the domain was registered.
5.3 updated date
A WHOIS field providing the datetime when the WHOIS record was last updated.
A WHOIS field providing the datetime when the registration of the record will expire. See also the status codes.
5.5 IANA ID
Domains have their life cycle, and they can be in several statuses. Domain WHOIS records nay contain one or more status codes, whose meaning is explained in detail at domainlife cycle. It can show that the domain has expired and is not visible anymore but its owner can still redeem it (i.e. it is in the redemption grace period), etc. For details see the list of status codes.
5.7 Name servers
Each domain has to have at least two name servers in the domain name system (DNS), e.g. so that when an user application is looking for a host in the domain, these servers resolve it to IP numbers. Domain WHOIS records contain information on the name servers of the domain.
The domain name does not exist in the Domain Name System: either it has never existed or it was released, which makes it available for purchase.
A period of an average of 5 days after the registration of a domain in which the registration can be still canceled, or errors in the registration can be corrected. The domain is there in the zone file. Domains deleted during this period will be available again.
The domain is up and alive; it is in the DNS zone files and WHOIS records are supposed to be up-to-date. This period ends on the expiry date.
A period of up to 45 days which starts at the expiry date. During this period, the registrar may delete the domain e.g. if the registrant does not pay for it again. The domain may or may not be in the zone file during this period, so the related web pages, mail servers, etc. may or may not work. If renewed (possibly automatically), the domain remains registered with a new expiry date; otherwise, it starts its redemption grace period. It is also possible to transfer the domain during this period to a new registrar.
or "Pending-delete restorable" period, of 30 days. The domain is not in the zone file anymore, so websites, e-mail, etc. do not work. Yet, the domain can be still redeemed (or restored) upon the registrant's request. All registrars are obliged to provide this opportunity to their clients for the 30-day period, as is enforced by their contract with ICANN. If not renewed (in which case it becomes registered again), the domain continues in the Pending Delete status.
A five-day period before the deletion/release of the domain. At this stage the deletion is not reversible anymore. The domain is not in the zone file, and it ceases to work. After this stage the domain name will be available again.
6.2.1 Codes set by the registry
It means that the domain is in the add grace period.
It means that the domain is in the Auto renew period.
It means that the domain is not active in the sense that no name servers are associated with it, so it cannot be used. It may be due to some delay in processing by the registrar, or some issues with its data.
It is the standard status of a domain showing that there are no pending operations or prohibitions.
It means that the registration of the domain is in progress.
It means that the domain is now in the pending delete status.
It means that the renewal of the domain has been initiated during the auto-renew grace period, so the domain is being renewed.
It means that the process of restoring the domain has been initiated in the redemption grace period and it is in progress.
It means that the domain is being transferred to a new registrar.
It means that an update of the domain, normally initiated by the registrant is in progress.
It means that the domain is in the redemption period.
It means that the domain is in the renew period.
A special status to prevent the domain from deletion for miscellaneous reasons, e.g. ongoing legal disputes.
A special status indicating that there are some issues with the domain which have to be resolved. The domain is inactive in the domain name system.
A special status showing that the domain cannot be renewed for various reasons, e.g. ongoing legal disputes.
A special status showing that the domain cannot be transferred from one registrar to another for various reasons, e.g. ongoing legal disputes.
A special status showing that the domain cannot be transferred from one registrar to another for various reasons, e.g. ongoing legal disputes or upon the registrant's request.
6.2.2 Codes set by the registrar
These all are uncommon statuses appearing in case of certain disputes or during the prevention of some malicious activity.
The registry will reject requests to delete the domain's registration.
The registry will not activate the domain and introduce it in the zone file.
The registry will reject renewal requests for this domain.
The registry will reject requests to update the domain.
7 Other sources of WHOIS data
The rdap protocol is a proposed alternative to replace the WHOIS protocol, resolving many of its shortcomings. It is in an experimental phase, there are some pilot projects to introduce it, but the amount of WHOIS data available through this protocol is limited.
7.2 WEB-based WHOIS services
Many WHOIS servers provide web-based access to their WHOIS data. E.g. the InterNIC website has this service. Some services provide details only through their non-standard web pages, using CAPTCHAs and posing limitations against the queries to prevent from bulk use of their service.
7.3 WHOIS databases
WHOIS databases contain bulk WHOIS data collected from the decentralized WHOIS system into a central database, which can be relational or no-SQL based, depending on the application. A WHOIS database may contain all WHOIS data or just a part (e.g. for some domains or countries). It may be a (possibly historic) snapshot of the system on a given date or a continuously updated one to reflect the actual status. Such databases have many applications ranging from scientific research through cybersecurity to marketing. Due to the nature of the WHOIS system it is hard to set up a WHOIS database directly from the WHOIS system. WhoisXML API, Inc. offers downloadable datasets from which all possible WHOIS database configurations can be set up.
7.4 WHOIS APIs
The WHOIS system is frequently criticized because of the shortcomings of the WHOIS protocol, especially the lack of a standard, parsable data format and the limitations on WHOIS queries posed by servers. These make the use of WHOIS in its original form complicated in modern development environments. Various companies provide RESTful APIs providing WHOIS data as an alternative. WhoisXML API, Inc. offers market-leading RESTful WHOIS APIs providing real-time WHOIS data with high throughput and reliability.