Loading...
WHOIS
WHOIS is a query and response protocol commonly used for querying databases of Internet resources such as domain names and IP address registrations. Often used by network administrators, cybersecurity professionals, and domain registrars, it provides useful information about domain ownership, status, and contacts. Originally developed as a simple and open service, it still plays a vital role in Internet governance and investigations..
The WHOIS protocol operates primarily over TCP port 43 and facilitates the retrieval of registration information related to domain names, IP addresses, and autonomous system numbers from digital registries. A client sends a text-based query string containing a domain name or IP address, and the WHOIS server responds with a plain-text record containing details such as registrant organization, contact information, registration dates, and name server data.
Designed in the early days of the ARPANET, WHOIS is defined in a set of RFCs including RFC 3912, which describes its simple query-response model over TCP. Because WHOIS uses a line-oriented plain text format, implementations and responses vary somewhat between registries, leading to inconsistencies that can complicate automated parsing and data aggregation.
Despite the emergence of alternative systems like RDAP (Registration Data Access Protocol), WHOIS remains widely employed. It has a straightforward architecture: minimal session setup, no encryption by default, and lacks structured data formats — characteristics that make it easy to use but limit its extensibility and security.