What is WHOIS?
WHOIS is the public record of who registered a domain, when, and through whom. Here's what's in it, the modern RDAP replacement, the status codes, and why most of it is now redacted.
What WHOIS is
WHOIS is the public registration record for a domain. It answers the basic questions of domain ownership: who registered it, through which registrar, when it was created, when it expires, its status, and its nameservers. Every registered domain has one, and it is how you check whether a name is taken, when it lapses, or who to contact about it.
WHOIS vs RDAP
There are two ways to read that record. WHOIS is the legacy protocol: plain text over port 43, formatted differently by every registry. RDAP (Registration Data Access Protocol) is its modern replacement: structured JSON over HTTPS, with standardized fields, internationalization, and proper access control. They carry the same data, but RDAP is what current tools query, including browser-based ones, because it is consistent and HTTPS-native.
| WHOIS | RDAP | |
|---|---|---|
| Format | Plain text | Structured JSON |
| Transport | Port 43 (or web) | HTTPS |
| Consistency | Varies per registry | Standardized fields |
| Status | Legacy | The modern standard |
What's in a record
Domain Name: EXAMPLE.COM
Registrar: MarkMonitor Inc.
Creation Date: 1997-09-15
Registry Expiry Date: 2028-09-14
Domain Status: clientTransferProhibited
Name Server: A.IANA-SERVERS.NET
Name Server: B.IANA-SERVERS.NET
DNSSEC: signedDelegation
Registrant Organization: REDACTED FOR PRIVACY
Registrant Email: Please query the RDAP service of the registrar- Registrar, the company the domain was registered through.
- Dates, creation, registry expiry, and last update.
- Status, one or more EPP status codes (below).
- Nameservers, where the domain’s DNS is hosted.
- DNSSEC, whether the zone is cryptographically signed.
- Contacts, registrant/admin/tech, now usually redacted (see below).
The status codes
| Status | Means |
|---|---|
clientTransferProhibited | Registrar lock, blocks transfers (healthy, anti-hijack) |
clientHold | Suspended, removed from DNS so it won’t resolve |
pendingDelete | In the deletion process, about to drop |
autoRenewPeriod | Recently auto-renewed (grace window) |
ok / active | No restrictions |
Privacy & redaction
Until 2018, WHOIS published registrants’ names, emails, and addresses by default. The GDPR ended that: most records now show “REDACTED FOR PRIVACY” for personal contacts, while the registrar, dates, status, and nameservers stay public. Many registrars also offer privacy / proxy services that substitute a forwarding address. So a modern lookup tells you the shape of a registration reliably, but rarely the person behind it.
Look it up & keep yours healthy
To inspect any domain, run the WHOIS lookup tool, it queries RDAP live in your browser and shows the registrar, dates, status, and nameservers. For your own domains, the record is the early-warning system: keep the expiry date ahead with auto-renew, keep the registrar contact email current so renewal notices arrive, and leave clientTransferProhibited on except during a deliberate transfer. To see where the domain actually points, pair this with the DNS lookup.
FAQ
What is WHOIS?
WHOIS is the public registration record for a domain: who registered it, through which registrar, when it was created, when it expires, its status, and its nameservers. It is how you answer 'who owns this domain and is it about to expire?' Every registered domain has one.
What's the difference between WHOIS and RDAP?
WHOIS is the legacy protocol: plain text over port 43, with inconsistent formatting per registry. RDAP (Registration Data Access Protocol) is its modern replacement: structured JSON over HTTPS, standardized fields, internationalization, and proper access control. They expose the same registration data; RDAP is what modern tools (including browser-based ones) actually query.
Why is the registrant's name and email redacted?
Privacy law, chiefly the GDPR since 2018, ended the old default of publishing registrants' personal contact details. Most records now show 'REDACTED FOR PRIVACY' for the registrant, admin, and tech contacts. The registrar, dates, status, and nameservers stay public; personal data is gated behind a request to the registrar.
What do the domain status codes mean?
They are EPP status codes set by the registrar or registry. clientTransferProhibited is a healthy lock that blocks unauthorized transfers; clientHold means the domain is suspended and removed from DNS; pendingDelete means it is in the deletion process; ok (or active) means no restrictions. Seeing clientTransferProhibited on your own domain is good, it is anti-hijacking protection.
How do I find out who owns a domain?
Run a WHOIS/RDAP lookup. You will reliably get the registrar, key dates, status, and nameservers; the registrant's identity is usually redacted for privacy. If you need to reach the owner, registrars typically provide a contact form or a privacy-protected forwarding address rather than the raw details.
Why does my domain's expiry date matter so much?
If a domain lapses, your website and email stop resolving, and after a grace period the name can be re-registered by someone else, which is how brands lose their domains. Check the expiry date, enable auto-renew, and keep the registrar's contact email current so renewal notices actually reach you.
What is a registrar lock?
A status (clientTransferProhibited, and sometimes the stronger registry-level serverTransferProhibited) that prevents a domain from being transferred away without you first unlocking it. It is the main defense against domain hijacking, leave it on except during a deliberate transfer.
Knowing who runs a domain, and keeping your own registration locked and current, is foundational web hygiene KB Cafe has always covered. This is the modern reference: WHOIS, its RDAP successor, the status codes that matter, and why most of the record is now, rightly, private.