WHOIS Lookup: a beginner's guide

WHOIS (pronounced "who is") is a public database of who registered every domain name on the internet. When you buy a domain — `example.com`, `mybrand.io`, `cool-startup.dev` — the registrar that sold it to you submits a record to a public registry that includes the registrant's name, organization, address, email, the registration date, the expiry date, and the domain's nameservers. Anyone in the world can query that database for free. WHOIS has been around since 1982 and is one of the oldest pieces of internet infrastructure still in active use. A newer protocol called RDAP (Registration Data Access Protocol) is gradually replacing WHOIS with a structured JSON format, but the underlying data is the same.

You should care because WHOIS is the only public source of truth about who actually controls a domain, and that information is sometimes the only way to answer high-stakes questions: Is this domain about to expire and become hijackable? Is this competitor about to lose their main brand? Is the supplier I'm about to wire money to actually a real registered business or an anonymous shell? Is this typosquatting domain owned by my brand or by someone targeting it? In every one of those situations, WHOIS is the first place to look.

The five fields every WHOIS check returns:

• Registrant — the name and (sometimes) the organization that owns the domain. Often redacted for privacy under GDPR on `.com`/`.net` and similar TLDs since 2018.

• Registrar — the company that sold the domain (GoDaddy, Namecheap, Cloudflare Registrar, Google Domains, etc.).

• Registration and expiry dates — when the domain was first registered and when it next has to be renewed. The expiry date is critical for high-value domains.

• Nameservers — the DNS servers responsible for answering queries about this domain. This is how you can tell at a glance whether a domain is on Cloudflare, Route 53, GoDaddy, or somewhere else.

• Status codes — flags like `clientTransferProhibited` (the registrant has locked the domain to prevent transfers) or `clientHold` (the registrar has suspended the domain).

Three questions a WHOIS check answers:

• Who actually owns this domain, and when does it expire?

• Is this domain locked against transfers, or could a scammer move it?

• Is the WHOIS data consistent with a legitimate, established business — or with a brand-new shell?

The cost of skipping a WHOIS check is making decisions about a domain without any actual data on who controls it. The fix is one query and zero dollars. This is also the standard first step in any abuse investigation, brand-protection sweep, or M&A due-diligence pass on a target company. Both the legacy WHOIS protocol and its modern RDAP successor are documented at ICANN's lookup tool.

In one sentence: Get domain registration data via RDAP (Registration Data Access Protocol), the modern [WHOIS (who is)](/guides/dns-whois) replacement

Retrieves comprehensive domain registration data via RDAP (Registration Data Access Protocol). As of January 2025, ICANN officially sunsetted WHOIS (who is) for gTLDs — RDAP is now the definitive source. Returns registrar details (name, IANA ID, URL (web address)), registration dates (created, updated, expires) with computed age and expiry indicators, EPP status codes, authoritative nameservers, DNSSEC (Domain Name System Security Extensions) signing status, and registrant/admin/tech contacts (name, organization, email, phone, address). Results are cached for 1 hour.

Don't worry if some of the words above are still unfamiliar — there's a plain-language glossary at the bottom of this page, and most of the terms link to their own beginner guides if you want to learn more.

Here's what's actually happening behind the scenes when you call this endpoint:

Queries RDAP (Registration Data Access Protocol) servers to retrieve domain registration metadata including registrar name, IANA accreditation ID, and URL (web address); registration dates (created, updated, expires) with computed domain age in days, newly-registered flag (< 30 days), days until expiry, and expiring-soon flag (< 30 days); EPP status codes (clientTransferProhibited, serverHold, redemptionPeriod, etc.); authoritative nameservers; DNSSEC (Domain Name System Security Extensions) signing status; and registrant, administrative, and technical contacts — each with name, organization, email, phone, and full address (street, city, state, postal code, country). Handles GDPR-redacted registrant data gracefully and supports RDAP automatic locating for both gTLDs and many ccTLDs. Optionally returns the full raw RDAP response via the include_raw parameter.

If you're using an AI assistant through MCP, you don't need to understand any of the technical details — the assistant calls the tool and translates the result for you.

Let's skip the marketing fluff and answer the only question that actually matters: why should you, a real human with a real to-do list, care about the WHOIS Lookup tool? Here's the plain-English version, written the way you'd hear it from a friend who happens to do this for a living.

With WHOIS (who is) officially deprecated, RDAP (Registration Data Access Protocol) is the only reliable source for gTLD registration data. EdgeDNS handles RDAP automatic locating automatically — essential for due diligence, brand protection, phishing detection, and competitive research. Assess domain age, trustworthiness, and identify potential typosquatting domains.

Picture this in real life. Imagine a business development. Here's the situation they're walking into: Before purchasing a domain, verify ownership history, registration dates, and any existing disputes or holds. Without the right tool, that person would be stuck copy-pasting between five browser tabs, reading documentation written for engineers, and crossing their fingers that the answer they cobble together is correct. With the WHOIS Lookup tool, the same person gets a clear answer in seconds — no spreadsheets, no guessing, no waiting for someone on the infrastructure team to free up.

Three questions this tool answers in plain English. If any of these have ever crossed your mind, the WHOIS Lookup tool is built for you:

• Is my domain pointing to the right place right now?

• Did the DNS change I just made actually take effect everywhere in the world?

• Is anything in my DNS misconfigured in a way that could break email or break the website?

You can either click the tool and get the answer yourself, or ask your AI assistant — connected through MCP (Model Context Protocol) — to ask the question for you and translate the answer into something you can paste into Slack.

Who gets the most out of this. Founders running their own infrastructure, marketers coordinating launches, IT admins inheriting domains from a former employee, and ops engineers troubleshooting live outages. If you see yourself in that list, this is one of the EdgeDNS tools you should bookmark today.

What happens if you skip this entirely. Skip it and you're flying blind on the one piece of config that decides whether your website and email work at all. That's why running this check — even once a month — is one of the cheapest forms of insurance you can give your domain.

If you're still on the fence about whether the WHOIS Lookup tool belongs in your toolbox, this section is for you. Below you'll meet three real people — a business development, a security analyst, and a product manager — facing three real situations where this tool turns a stressful afternoon into a five-minute task. Read whichever story sounds closest to your week.

Story 1: Due Diligence for Domain Acquisition

Imagine you're a business development. Before purchasing a domain, verify ownership history, registration dates, and any existing disputes or holds.

Why it matters: Avoid purchasing domains with legal issues or poor reputation history.

Story 2: Phishing Domain Detection

Imagine you're a security analyst. Investigate suspicious domains reported by users. RDAP (Registration Data Access Protocol) data reveals registration date, registrar, and EPP status — newly registered domains from budget registrars with privacy enabled are strong phishing indicators.

Why it matters: Quickly triage phishing reports by identifying domains registered within the last 30 days with high-risk registration patterns.

Story 3: Competitive Intelligence

Imagine you're a product manager. Monitor when competitors register new domains to anticipate product launches or market expansions.

Why it matters: Stay ahead of competitor moves with early visibility into their domain portfolio.

Common situations across teams. Beyond the three stories above, here are the everyday workplace moments when people across the company reach for the WHOIS Lookup tool — or one of the tools right next to it in this category. If any of these are on your calendar this month, that's your sign:

• Right before launching a new website or migrating to a new host.

• After making any DNS change, to confirm the new settings are live everywhere.

• When customers report that your site or email "just stopped working" out of nowhere.

• As a recurring monthly health check to catch silent misconfigurations early.

If you can see yourself in even one of those bullets, the WHOIS Lookup tool will pay for itself the first time you use it.

Still not sure? Here's the easiest test in the world. Open Claude, ChatGPT, Gemini, or any other AI assistant connected to the EdgeDNS MCP server and ask, in your own words: "Is the WHOIS Lookup tool useful for my job?" The assistant will look at the tool, ask you a couple of follow-up questions about what you're trying to accomplish, and give you a straight answer in plain English. No commitment, no signup forms, no jargon.

If you've connected the EdgeDNS MCP server to Claude, ChatGPT, Gemini, Cursor, or any other AI assistant, you don't need to write any code. Just ask in plain English:

"Use the WHOIS Lookup tool to check example.com and explain anything that looks wrong in plain language."

The AI will figure out which tool to call, fill in the right parameters, run it, and then explain the result back to you. No copy-pasting between tabs. No reading raw JSON. No memorizing endpoint names.

If you're a developer and want to call the endpoint from a script or your own application, here's the simplest possible example. Replace the placeholder API key with the real one from your dashboard.

You need to provide 2 pieces of information when you call this tool. The table below lays them out side by side, with a real example for each one so you can see exactly what to send.

When you call this tool, you'll get back a JSON object with the fields below. If you're talking to it through an AI assistant, the assistant reads these for you and explains them in plain language — you don't need to memorize them.

These tools pair naturally with WHOIS Lookup. If you're already running this check, the related ones often answer the next question that comes up:

• Nameservers — List nameservers and detect DNS provider

• SSL Certificates — Analyze active SSL/TLS certificate details

• Trust Score — Evaluate domain trustworthiness from 7 signals

If you're using an AI assistant through MCP (Model Context Protocol), you can ask it to run several of these in one go: "Check WHOIS Lookup and the related tools for example.com and tell me what looks off."

If any words on this page felt like jargon, here's a plain-language version. Click any linked term to read a full beginner-friendly guide.

URL (web address) — The full address of a page, like https://example.com/about.

DNSSEC (Domain Name System Security Extensions) — A way to digitally sign DNS records so attackers can't trick your computer into looking up the wrong server.

WHOIS (who is) — A public record that tells you who registered a domain name, when, and through which company. Modern WHOIS is now called RDAP but most people still say 'WHOIS'.

RDAP (Registration Data Access Protocol) — The modern, structured replacement for WHOIS. Returns the same kind of information (who owns this domain?) but in a format computers can read more easily.

GDPR (General Data Protection Regulation) — Europe's privacy law. Requires websites to be transparent about what personal data they collect and how they use it.