Domain ownership
WHOIS Lookup
Inspect public domain registration data, registrar details and lifecycle dates.
How to use the WHOIS lookup
- Enter a domain name (apex or IDN). The tool accepts Unicode labels and normalizes Punycode the same way registrars store internationalized names, so you can paste either the readable form or the xn-- encoded label.
- Click Check to query the registry path for that TLD. Results show registrar, lifecycle dates, nameserver delegation, status codes, and any public contact fields the registry still publishes after privacy redaction.
- Read nameservers alongside the DNS Checker on the same site. WHOIS nameservers describe registrar delegation; live NS records describe what resolvers query today. Mismatches often explain why panel edits never appear publicly.
- Copy fields into change tickets, abuse reports, or acquisition due diligence. Recent successful lookups stay in local browser history on your machine — DN01 does not build a searchable global WHOIS archive or long-term PAN storage.
WHOIS fields explained
WHOIS and RDAP answers vary by TLD policy, but most gTLDs return a predictable set of registration metadata. Use the table as a field guide before transfers, disputes, or security reviews. WHOIS tells you who holds the contract and when it expires; it does not prove a website is safe, correctly configured, or free of malware — pair with DNS Checker, SSL Certificate Checker, and HTTP header tools for live service validation.
| Field | Why it matters | Example |
|---|---|---|
| Registrar | ICANN-accredited seller that holds the domain contract | Example Registrar, Inc. |
| Created / Updated | Registration timeline for audits and renewal planning | 2018-03-14 / 2025-01-02 |
| Expiry | Hard deadline before redemption or loss of name | 2027-03-14 |
| Nameservers | Delegation targets — compare with DNS Checker NS answers | ns1.example-dns.net |
| Status codes | Registry locks, transfers, and hold states | clientTransferProhibited |
| DNSSEC | Whether the registry publishes DS records | unsigned or signed delegation |
| Registrant (if public) | Owner contact when registry does not redact | Often hidden under GDPR privacy |
| WHOIS server | Authoritative RDAP/WHOIS endpoint for the TLD | whois.example-registry.net |
When to run a WHOIS lookup
Run WHOIS before buying a domain, accepting a client transfer, or investigating phishing. Registrar, creation date, expiry, and status codes establish whether the name is locked, in redemption, or recently re-registered after a drop. Compare nameservers with DNS Checker NS output: if WHOIS still lists the previous DNS host while you edited a new panel, you are debugging the wrong zone file. WHOIS is the registration ledger; DNS is the live routing table — both must agree during migrations.
Security and brand teams use WHOIS for typosquat lookalikes, expired domains that reappear with new owners, and sudden nameserver swaps after compromise. A fresh registration date on a lookalike label is a signal to escalate, not proof by itself. Combine WHOIS age with SSL Certificate Checker results and HTTP security headers on the live host. WHOIS cannot see certificate quality or HSTS — it only sees registry metadata.
Operators renewing portfolios use WHOIS expiry fields to prioritize renewals and catch auto-renew failures before redemption fees apply. Document registrar and status codes when opening transfer tickets — clientTransferProhibited and registry locks block moves until removed in the correct panel. For internationalized domains, convert labels with the Punycode converter, then WHOIS the encoded form to match registry storage.
Investigators answering «who owns this domain?» should expect partial answers: GDPR, local privacy laws, and registrar proxy services redact registrant email and phone on many gTLDs. WHOIS still helps with registrar abuse contacts, billing context, and delegation. When contact data is hidden, use registrar-published abuse routes and pair with DIG traces on MX and TXT if the case involves mail fraud or verification tokens.
Acquisition teams should screenshot WHOIS alongside DNS Checker exports before closing deals. Sudden registrar changes weeks after purchase may indicate hijack or reseller churn. Document status codes at signing; clientDeleteProhibited and transfer locks are features, not errors — they protect the asset until you intentionally unlock for migration.
Troubleshooting confusing WHOIS results
If WHOIS returns «not found» or thin data, confirm the TLD: some ccTLDs publish minimal fields or require local presence. Typos in the label, trailing dots, or mixing Unicode with wrong Punycode encoding also produce false negatives — normalize with the Punycode converter and retry. WHOIS answers come from registry servers, not from your laptop hosts file or internal split-horizon DNS.
Nameservers in WHOIS that disagree with DNS Checker usually mean a pending registrar update, stale WHOIS cache at the registry, or child DNS hosted separately from registrar glue. Wait for registrar propagation after NS changes, then re-query both WHOIS and DNS Checker. If authoritative NS already changed in DNS but WHOIS lags, prioritize live DNS for traffic debugging and WHOIS for contractual delegation.
Multiple expiry dates across WHOIS mirrors are rare but possible during registry migrations. Trust the registrar of record shown in the primary WHOIS server field. Status codes like serverHold or pendingDelete explain why a site vanished even when DNS records still exist in a third-party panel — the registry may have suspended the name.
Privacy redaction is not an error. «REDACTED FOR PRIVACY» registrant blocks do not mean the lookup failed. Use registrar WHOIS/RDAP portals for deeper legal requests; DN01 shows what public RDAP/WHOIS returns to unauthenticated queries, not attorney subpoena results or full historical ownership chains.
WHOIS vs DNS vs SSL — what each layer proves
WHOIS sits at the registry contract layer. It answers who is allowed to renew, transfer, or delegate the name, and which nameservers the registrar advertises. It does not execute HTTP requests, validate TLS certificates, or list SPF records. Treat WHOIS as the legal and administrative envelope around a domain, not as a health scan of the running service.
DNS Checker and DIG read the published zone that resolvers use for mail and web routing. A domain can show healthy MX and A records while WHOIS lists serverHold — mail and web fail because the registry blocked the name. Conversely, pristine WHOIS with broken MX means mail routing failed inside DNS, not at the registrar. Workflow: WHOIS for locks and dates, DNS for records, SSL Certificate Checker for HTTPS on the targets those records point to.
HTTP header checker adds application-layer signals: redirects, HSTS, caching, and security headers on the live URL. Phishing kits often use fresh WHOIS on young domains with valid Let's Encrypt certificates — WHOIS age plus header anomalies plus blacklist checks on sending IPs build a fuller picture than any single tool.
DN01 does not store full WHOIS history, resell registry data, or replace ICANN-accredited registrar portals for transfers. We provide fast, copy-friendly public lookups with localized UI, local recent history, and API access for automation — honest scope without pretending to be a domain marketplace or global WHOIS archive.
Five-step domain due diligence workflow
- WHOIS the apex domain: capture registrar, created and expiry dates, status codes, and nameserver delegation in a ticket.
- Run DNS Checker on apex and critical subdomains; diff NS against WHOIS and note TTL on MX, TXT, and A records.
- DIG selected record types (MX, TXT, NS) for resolver-style evidence to attach to abuse or vendor threads.
- Open SSL Certificate Checker and HTTP header checker on the live web host; note redirect chains and HSTS.
- If mail or reputation is in scope, run Blacklist Checker on outbound IPs and archive all outputs with timestamps — DN01 does not keep a shared case file for you.
WHOIS lookup vs registrar portals and bulk monitors
Registrar control panels show your domains with billing, DNS templates, and transfer auth codes — but only for names you manage there. DN01 WHOIS answers public registry questions for any domain you can type, which is what investigators, competitors' analysts, and pre-purchase buyers need. We do not replace your registrar login for renewals or auth-code retrieval.
Bulk WHOIS monitors track portfolio expiry across thousands of names with alerts and historical ownership graphs. DN01 focuses on fast single-domain lookups with companion DNS, DIG, SSL, and header tools on one site — not a multi-tenant portfolio dashboard or WHOIS history warehouse.
Terminal whois clients on macOS or Linux work offline-friendly, but corporate laptops often block them. Browser WHOIS with copy buttons and eight localized interfaces helps mixed teams document the same domain without installing packages. Rate limits protect the service; recurring checks can use the documented API after token registration.
Some TLDs moved from port-43 WHOIS to RDAP JSON. DN01 normalizes answers into readable panels regardless of backend protocol — you get registrar, dates, NS, and statuses without parsing raw text walls. We are honest about limits: no guaranteed registrant email when redacted, no litigation-grade chain of custody, no propagation maps — just accurate public registration metadata for operators who need quick answers.
Law enforcement and brand-protection teams with subpoena power need registry channels beyond public WHOIS — DN01 speeds up the first open-source look that decides whether a domain warrants deeper spend. Document WHOIS timestamps in your case system; we do not retain query history server-side for third-party analytics.
Why use DN01 WHOIS
- Public registration metadata with registrar, lifecycle dates, status codes, and nameserver delegation in one readable view.
- Pairs naturally with DNS Checker, DIG, SSL Certificate Checker, and HTTP header tools for end-to-end domain validation.
- Eight localized interfaces plus documented API access — without claiming full historical WHOIS archives or registrar billing features.
- Local recent lookup history in your browser for quick comparisons; no false promises about global propagation grids or PAN storage.
FAQ
WHOIS FAQ
Domain ownership, expiry, privacy redaction, and when to pair WHOIS with DNS checks.
What does a WHOIS lookup show?
It can show registrar, creation and expiry dates, nameservers, status codes, and public contact data when the registry publishes it. For basics, see the WHOIS domain lookup guide.
Why is some WHOIS contact data hidden?
Many registries redact personal details for privacy or legal reasons. The lookup can still help with registrar, status, and dates; the WHOIS privacy note explains the limits.
How is WHOIS different from DNS?
WHOIS describes registration metadata. DNS Checker shows the records currently published for traffic, mail, and verification.
When should I also check SSL?
If you are investigating a live site, pair WHOIS dates with SSL Certificate Checker to confirm certificate issuer, expiry, and host coverage.
How do I check when a domain expires?
Run the domain here and read the expiry or registry-paid-until field. For renewal planning, see domain expiration WHOIS.
Can WHOIS show the real domain owner?
Only when the registry publishes registrant contact and privacy is not enabled. Many gTLDs redact personal data — WHOIS still reveals registrar, status, and nameservers.
What are WHOIS status codes?
Status codes like clientTransferProhibited or serverHold describe registry locks and lifecycle states. They explain why transfers fail or why a name may not resolve even when DNS looks fine.
Should I compare WHOIS nameservers with DNS?
Yes. WHOIS nameservers show registrar delegation intent. Live NS records from DNS Checker or DIG show what resolvers query today — mismatches are a common migration bug.
Is WHOIS the same as RDAP?
RDAP is the structured successor to classic WHOIS text. DN01 returns registry data through our backend path; you get the same practical fields operators need without installing `whois` locally.
Can I automate WHOIS lookups?
Use the browser tool for spot checks. For scripts and monitoring, see the API docs after you request an API token.
Does WHOIS prove a domain is safe?
No. WHOIS helps with ownership context and expiry. For abuse or phishing triage, also check live DNS, HTTP headers, and certificate details — registration age alone is not a safety score.
Why do WHOIS answers differ between tools?
Thin registries, rate limits, and privacy redaction change the visible fields. Query the authoritative path for the TLD and compare registrar plus nameserver fields — those are the ones that matter for transfers.
Tool switcher
Continue with another check
Pick the next step in your domain or security workflow.
- Domain Age CheckerCreation date, age, registrar and expiryOpen
- Domain IP LookupA and AAAA IP addresses for a domainOpen
- DMARC AnalyzerDMARC policy, alignment and reporting checksOpen
- DKIM ValidatorDKIM selector lookup and record validationOpen
- Blacklist CheckerDNSBL reputation for IP and domainOpen
- BIN CheckerCard brand, bank and country from BIN/IINOpen
- DNS CheckerAll major record types in one passOpen
- DIGOne record type, resolver-style answerOpen
- Punycode ConverterUnicode ↔ Punycode for IDN domainsOpen
- SSL Certificate CheckerCertificate chain, SAN and TLS versionOpen
- HTTP/2 TesterHTTP/2 support, ALPN and TLS negotiationOpen
- HTTP Header CheckerResponse headers, redirects and cachingOpen
- IP CalculatorSubnet math for IPv4 and IPv6 CIDROpen
- Base64 CodecEncode and decode Base64 textOpen
- Password GeneratorStrong random passwords for ops workOpen
- Password Strength CheckerEntropy, crack time and password suggestionsOpen
- Passphrase GeneratorMemorable random word phrases for safer sharing testsOpen
- URL SplitterBreak a URL into parts and query paramsOpen
- Browser Update CheckerBrowser version, update status and Client HintsOpen
Related articles
Practical guides for common WHOIS tasks — DNS records, troubleshooting steps, and links to our free tools.
whois domain lookup, whois check domain, domain whois search
WHOIS Domain Lookup — Read Registration Data
Complete guide to WHOIS domain lookup: registrar, dates, status codes, nameservers, RDAP fallback, and responsible use of registration data.
Read article →whois privacy protection, whois redaction, gdpr whois domain
WHOIS Privacy and GDPR Redaction Explained
What WHOIS privacy services do, why fields show REDACTED, GDPR impact on gTLD WHOIS, and what remains visible in lookups.
Read article →domain expiration check, when does domain expire, whois expiry date
Domain Expiration Check via WHOIS
How to read domain expiry from WHOIS, renewal grace and redemption periods, auto-renew pitfalls, and avoiding lost domain names.
Read article →rdap vs whois, rdap domain lookup, registration data access protocol
RDAP vs WHOIS — Modern Domain Lookups
Compare RDAP and classic WHOIS for domain registration data, JSON output, rate limits, and when DN01 uses each protocol.
Read article →whois nameservers, check domain nameservers, ns delegation whois
Domain Nameservers in WHOIS — Delegation Checks
How to read nameserver fields in WHOIS, match them to DNS NS records, fix delegation after migrations, and avoid split-brain DNS.
Read article →whois domain expiry alerts, domain expiration monitoring, whois renewal reminder
WHOIS Domain Expiry Alerts — Don't Miss Renewal
Track expiry dates from WHOIS before auto-renew fails or transfer locks block fixes.
Read article →whois abuse contact, report domain abuse whois, registrar abuse email
WHOIS Abuse Contacts — Responsible Reporting
Find registrar abuse channels in WHOIS for phishing and malware reports.
Read article →