You are here

Technical Overview

The WHOIS protocol is a Transmission Control Protocol or TCP-based transaction-oriented query/response protocol that is widely used to provide information services to Internet users. While originally used to provide "white pages" services and information about registered domain names, current uses offer a broad range of information services. The protocol delivers its content in a human-readable format.

Technical Specification

ICANN requires ICANN accredited registrars and registries to comply with technical specifications for the WHOIS services offered by them, as described in ICANN's contracts with registrars and registries. These specifications include service level agreements, formatting requirements, and access protocols.

You can find the technical specification of the WHOIS protocol described in detail within a document called "Request for Comment 3912" (RFC 3912). When published in September 2004, RFC 3912 made its predecessor, RFC 954, obsolete. For historic reasons, the WHOIS protocol lacks many of the protocol design attributes, for example internationalization and strong security, that would be expected from any recently designed IETF protocol. RFC 3912 does not attempt to rectify any of those shortcomings. More recently, the IETF specified a new technical protocol called the Registration Directory Access Protocol (RDAP, RFC 7480) that addressed some of the shortcomings recognized with the legacy WHOIS protocol. Now that RDAP has been published by the IETF as a proposed standard, ICANN's contracts allow for a transition to the new protocol. ICANN organization is working with the registries and registrars on the implementation of RDAP.

DNS and WHOIS – How it Works

The Domain Name System (DNS) is a hierarchical distributed database to lookup information from unique names, i.e. to help people connect to resources like websites and email servers on the Internet. To explain it in simple terms, every computer has a unique number called an Internet Protocol (IP) address, e.g. 2620:0:2d0:200::7, which is like a phone number. One computer can contact another as long as it knows its IP address. Because these numbers are difficult to remember, we tend to use domain names, e.g., instead. DNS is used to translate between domain names and IP addresses.

WHOIS provides information sufficient to contact a responsible party for a particular Internet resource who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name or the DNS name servers. Unfortunately the term "WHOIS" is overloaded with meanings, referring to protocols, services, and data types associated various resources, i.e., domain names, IP addresses, and Autonomous System Numbers (ASNs). This WHOIS Portal is devoted to describing the WHOIS system for generic top level domain names only, and does not attempt to describe how WHOIS applies to country code top level domain names (ccTLDs), IP addresses or ASNs.

The service offered by registrars and registries to provide WHOIS data is referred to as a "WHOIS Service" or alternatively, a "Registration Data Directory Service."

Learn More about DNS and WHOIS - How it works.

The Domain Name Registration Process

Like IP addresses, domain names also need to be unique so there has to be a way of associating them with a particular person or organization. This is done through the domain name registration process. Learn more about how WHOIS relates to the Domain Name Registration Process.

Last Updated: July 2017