WHOIS is a query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system number. The protocol allows users to look up information about who owns a particular domain name or IP address.
Functionality and Purpose: The primary purpose of WHOIS is to provide contact information for the registered owner of a domain name or IP address. This information is crucial for various reasons:
- Netiquette: To establish contact for administrative or technical issues.
- Security: To report abuse (e.g., spam, malware) originating from a specific resource.
- Legal Compliance: To identify parties responsible for content or activity on a website.
- Research: To investigate the ownership and history of a domain.
Information Provided: A typical WHOIS query result for a domain name often includes:
- The registrant's name, organization, address, email, and phone number.
- Administrative and technical contact information, which may differ from the registrant.
- Registration and expiration dates of the domain.
- The domain's current status (e.g., active, clientTransferProhibited).
- The name servers associated with the domain.
- The registrar through which the domain was registered.
Operation: WHOIS operates on Transmission Control Protocol (TCP) port 43. A client sends a query to a WHOIS server, which then responds with the requested information from its database. Because the Internet's domain name system is hierarchical, a query for a top-level domain (TLD) will first direct the user to the TLD registry's WHOIS server, which might then refer to the specific registrar's WHOIS server for detailed registrant information.
Privacy Concerns and GDPR: Historically, WHOIS data was largely public and unredacted. However, with growing concerns over privacy, particularly with the implementation of regulations like the General Data Protection Regulation (GDPR) in Europe, the availability of personal registrant information has changed significantly. Many registrars now redact personal data (like names, addresses, and emails) from public WHOIS lookups, replacing it with either "redacted for privacy" messages or a proxy contact service that forwards messages to the registrant without revealing their direct contact details. This shift aims to balance the need for accountability with individual privacy rights.