Skip to content
SECURITY · DOMAINS · 6 min read · Updated 2026-06-02

What is WHOIS?

The public record behind every domain — what it shows, what it now hides, and how to read one.

By the Check.Systems team

TL;DR
WHOIS is the public lookup for a domain's registration: its registrar, creation and expiry dates, and name servers. Personal contact details are mostly redacted now for privacy, and a newer, structured protocol called RDAP is quietly replacing it. You can look up any domain with our WHOIS tool.

What WHOIS is

Think of WHOIS like the ownership record at a land registry. You can't see inside the house, but you can look up when the property was registered, who the managing agent is, and when the paperwork is up for renewal. WHOIS does the same for domain names.

Every time a domain is registered, that fact is recorded — and WHOIS is the long-standing way to ask the public-facing question: "who registered this name, through whom, and when?" The name is a leftover from a 1980s command literally called whois ("who is responsible for this?"), and the service has been running, in one form or another, ever since.

How to read a WHOIS record

A WHOIS result looks like a block of labelled fields. The ones worth knowing:

FieldWhat it tells you
RegistrarThe company the domain was bought through (e.g. Namecheap, Cloudflare).
Creation dateWhen the domain was first registered — a rough age signal.
Expiry dateWhen it's next due for renewal. Useful for spotting a name about to drop.
Updated dateThe last time the record changed (a transfer, a renewal, new name servers).
Name serversWhich DNS servers are authoritative for the domain — i.e. where it's actually run from.
Status codesThings like clientTransferProhibited (a transfer lock) or pendingDelete.

The name servers are often the most useful line for troubleshooting — they tell you who really controls a domain's DNS, which may be a different company from the registrar. To see them for any domain, run it through our WHOIS tool, then cross-check what those name servers resolve to with the DNS lookup tool.

Why so much is redacted now

If you ran a WHOIS lookup a decade ago, you'd often see the registrant's real name, email, phone, and postal address — wide open to anyone, spammers included. That changed. Two forces redacted most of it:

  • Privacy regulation — Europe's GDPR (2018) made publishing personal contact data by default a legal problem, so registries and registrars began withholding it globally.
  • Registrar privacy services — many registrars now replace your details with a proxy contact for free.

So today, a typical WHOIS record shows the operational facts (registrar, dates, name servers, status) but hides the personal ones behind "Redacted for Privacy" or a proxy address. That's a feature, not a fault — but it does mean WHOIS reveals far less about who a person is than people expect.

The hard truth about WHOIS privacy
"Redacted" hides you from casual lookups, not from everyone. Registrars still hold your real details, and they can be disclosed to law enforcement or through legal process. WHOIS privacy stops spam and casual snooping — it is not anonymity.

RDAP: the modern replacement

Classic WHOIS has a weakness: it returns a blob of free-form text with no consistent format, which makes it awkward for software to parse and offers no real access control. Its successor, RDAP (Registration Data Access Protocol), fixes that:

  • Structured data — clean, predictable JSON instead of loose text.
  • Standard, secure access — it runs over HTTPS, with a path to tiered access (public fields for everyone, more for authorized parties).
  • Built-in internationalization — proper support for non-Latin scripts and consistent fields.

RDAP is now the official direction for registration data. In fact, since early 2025 gTLD registrars and registries are no longer required to run the old WHOIS service at all — RDAP is the system of record, even if many providers still offer legacy WHOIS during the transition. For everyday "who runs this domain?" questions, the answers are the same — RDAP just delivers them in a tidier, machine-friendly way.

What WHOIS is actually good for

Even redacted, a lookup earns its keep:

  • Buying a domain — check whether a name is taken, who holds it, and when it expires.
  • Due diligence — a domain registered last week behaving like an established brand is a useful red flag against phishing.
  • Troubleshooting — confirm the name servers and registrar when a site or its email misbehaves.
  • Catching expirations — your own domains and ones you'd like to acquire.

In short: WHOIS (and increasingly RDAP) is the public registration record for a domain — strong on the operational facts, deliberately quiet on personal ones. Treat it as a "who runs this and when does it renew?" tool, not a people-finder, and it'll rarely steer you wrong.

Related reading: What is RDAP? · What is GDPR? · What is a domain name? · What is a domain registrar? · IP address privacy

References: RFC 3912 (WHOIS Protocol) · RFC 9083 (RDAP responses) · ICANN — RDAP