NOTE: (12/5 9:00AM). Microsoft and Salesforce are currently experiencing worldwide outages which could be affecting your services. Our ticketing system is currently offline, please phone or email our team - we apologise for any response delays during these outages.

31 July 2019

What is WhoIs?

WHOIS is a type of query and response protocol. It is commonly applied in querying databases which contain stored registered assignees or users of an Internet resource. The said internet resource can include an IP address block, domain names, or an autonomous system. RFC 3912 is where the WHOIS protocol is documented.

The development of WHOIS

As at the time the Internet emerged from the ARPANET, only one organisation was responsible for domain registrations. That organisation was called DARPA. The registration process was documented in RFC 920. By the 1980s, WHOIS was standardised to search for domains, people and any other resource associated with domain registrations. Because only one organisation handled all domain registrations back then, a single centralised server was used for WHOIS queries and this made searching for relevant information easy.

WHOIS servers in the 20th Century became more flexible and made provisions for wild-card searches. Utilising WHOIS to query an individual's last name could provide a result of every individual bearing that name. If a query was submitted with a specific keyword, the search result would come back containing every registered domain carrying that keyword. With the emergence of commercialized internet, unethical spamming and multiple registrars, such free rein searching is no longer allowed.

Presently, to perform a WHOIS query on a domain, one would require knowledge of the correct WHOIS server to use. This is because there are so many top level domains that are currently active. There are a variety of easily accessible tools available for carrying out WHOIS proxy searches.

Implementation of WHOIS

Command line interface applications were traditionally used to perform WHOIS lookups but there are now available a wide variety of web-based tools that can be used for the same purpose. There is a sister protocol of WHOIS and it is called Referral Whois (RWhois).

WHOIS database can be made up of sets of text records for every individual resource. These text records are made up of different bits of information concerning each resource as well as any associated information concerning registrants, assignees, as well as administrative information like creation dates and expiration dates.

There are two data models that are available for the storing of resource information within a WHOIS database. They are the thin and thick model.

What are Thin and thick lookups?

Either a thin or thick data model can be used to store or look up WHOIS information

Thick: The Thick model of a WHOIS server can store all the WHOIS information from every registrar associated with a particular set of data. For instance, it is possible for one WHOIS server to deliver WHOIS information concerning all .org domains.

Thin: The Thin model of a WHOIS server can store only the WHOIS server’s name of a domain’s registrar. This will in turn have full details related to the data being sought, for example the .com WHOIS servers that direct the WHOIS query to the domain where the registrar was registered.

Using the thick model usually makes it possible to access consistent data as well as faster queries because only a single WHOIS server has to be contacted. In the event a registrar is no longer operational, a thick registry has every pertinent information (but that is only if a registrant submitted accurate data, and privacy settings haven’t been used to shield the data). This means that registration information will be retained even if the registrar is no longer available. On the other hand, a thin registry might not have available any stored contact information and this can make it difficult for a rightful registrant to keep control of a domain.

But the WHOIS protocol has no way of distinguishing the thick model from the thin model.


Command line interface tools for Unix and Unix-like operating systems were the first applications written for the WHOIS information system. Software available for WHOIS clients and servers are distributed as open-source and free software. Binary distributions come with all Unix-like systems.


With the emergence of the World Wide Web and the minimising of the monopoly over Network Solutions, checking on WHOIS information through the web is now commonplace. Presently, web-based WHOIS queries that are popular can be conducted from RIPE, ARIN, and APNIC. Several of the earlier web-based WHOIS clients were simply front-ends for command-line clients. In that situation, resulting output was simply displayed on a webpage with little to no formatting.

The need for web-based clients rose because command-line WHOIS clients mostly existed in Unix and larger computing spheres. Macintosh and Microsoft Windows computers didn’t come with WHOIS clients installed by default. This meant registrars had to figure out how to make available to potential customers access to WHOIS data. Lots of end-users are still heavily reliant on such clients, even though graphical clients and command line are now available on most PC platforms.

> Learning Hub