Date: 01/01/2001Whois is a TCP-based query/response protocol which is widely used for querying a database in order to determine the owner of a domain name, an IP address, or an autonomous system number on the Internet. Whois (pronounced as the phrase Who is) represents a protocol that is mainly used to used to find details and information about domain names, networks and hosts. The Whois records contain data referring to various organizations and contacts related to the domain names. The Whois protocols operate by means of a server where anyone is allowed to connect and create a query; the Whois server will then respond to this query and end the connection.


When the Internet was emerging out of the ARPANET, there was only one organization that handled all domain registrations, which was DARPA itself. The process of registration was established in RFC 920. WHOIS was standardized in the early 1980s to look up domains, people and other resources related to domain and number registrations. As all registration was done by one organization at that time, one centralized server was used for WHOIS queries. This made looking up such information very easy.

WHOIS traces its roots to 1982, when the Internet Engineering Task Force published a protocol for a directory service for ARPANET users. Initially, the directory simply listed the contact information that was requested of anyone transmitting data across the ARPANET.

As the Internet grew, WHOIS began to serve the needs of different stakeholders such as registrants, law enforcement agents, intellectual property and trademark owners, businesses and individual users. But the protocol remained fundamentally based on those original IETF standards. This is the WHOIS protocol that ICANN inherited when it was established in 1998. On 30 September 2009, ICANN and the U.S. signed an Affirmation of Commitments (AOC) which recognizes ICANN as an independent, private and non-profit organization.

A key provision in the AOC stated that ICANN “commits to enforcing its existing policy relating to WHOIS, subject to applicable laws. Such existing policy requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information.” The AOC also set up specific provisions for periodic reviews of WHOIS policy.

In 1999, ICANN began allowing other entities to offer domain name registration services. Registries are responsible for maintaining registries of top-level domain names.

Over the years, ICANN has used its agreements with registrars and registries to modify the WHOIS service requirements. These agreements set up the basic framework that dictates how the WHOIS service is operated. In addition, ICANN adopted several consensus policies aimed at improving the WHOIS service.

Responsibility of domain registration remained with DARPA as the ARPANET became the Internet during the 1980s. UUNET began offering domain registration service; however they simply handled the paperwork which they forwarded to the DARPA Network Information Center (NIC). Then the National Science Foundation directed that management of Internet domain registration would be handled by commercial, third-party entities. InterNIC was formed in 1993 under contract with the NSF, consisting of Network Solutions, Inc., General Atomics and AT&T. The General Atomics contract was canceled after several years due to performance issues.

20th century WHOIS servers were highly permissive and would allow wild-card searches. A WHOIS query of a person’s last name would yield all individuals with that name. A query with a given keyword returned all registered domains containing that keyword. A query for a given administrative contact returned all domains the administrator was associated with. Since the advent of the commercialized Internet, multiple registrars and unethical spammers, such permissive searching is no longer available.

On December 1, 1999, management of the top-level domains (TLDs) com, net, and org was assigned to ICANN. At the time, these TLDs were converted to a thin WHOIS model. Existing WHOIS clients stopped working at that time. A month later, it had self-detecting Common Gateway Interface support so that the same program could operate a web-based WHOIS lookup, and an external TLD table to support multiple WHOIS servers based on the TLD of the request. This eventually became the model of the modern WHOIS client.

By 2005, there were many more generic top-level domains than there had been in the early 1980s. There are also many more country-code top-level domains. This has led to a complex network of domain name registrars and registrar associations, especially as the management of Internet infrastructure has become more internationalized. As such, performing a WHOIS query on a domain requires knowing the correct, authoritative WHOIS server to use. Tools to do WHOIS proxy searches have become common.

Whois and ICANN

ICANN’s requirements for registered domain names state that the extent of registration data collected in the moment of domain name registration can be accessed. That is, ICANN requires accredited registrars to collect and provide free public access, such as a Whois service, to information regarding the registered domain name and its nameservers and registrar, the date the domain was created and when its registration expires, and the contact information for the registered name holder, the technical contact, and the administrative contact.

ICANN’s WHOIS protocol remains largely unchanged since 1999 – in spite of over a decade of task forces, working groups and studies, and changes in privacy laws. As a result, WHOIS is at the center of long-running debate and study at ICANN, among other Internet governance institutions, and in the global Internet community.

The evolution of the Internet ecosystem has created challenges for WHOIS in every area: accuracy, access, compliance, privacy, abuse and fraud, cost and policing. Questions have arisen about the fundamental design of WHOIS, which many believe is inadequate to meet the needs of today’s Internet, much less the Internet of the future. Concerns about WHOIS obsolescence are equaled by concerns about the costs involved in changing or replacing WHOIS.

WHOIS faces these challenges because its use has expanded beyond what was envisaged when its founding protocol was designed. Many more stakeholders make use of it in legitimate ways not foreseen by its creators. So ICANN has had to modify WHOIS over the years; the consensus policies on accuracy are a prime example, as well as the introduction of validation and verification requirements in the new form of Registrar Accreditation Agreement (2013 RAA).

There are other challenges to WHOIS, as well. As domain names have become an important weapon to combat fraud and abuse, ICANN’s Security and Stability Advisory Committee recommended in SAC 38: Registrar Abuse Point of Contact that registrars and registries publish abuse point of contact information. This abuse contact would be responsible for addressing and providing timely response to abuse complaints received from recognized parties, such as other registries, registrars, law enforcement organizations and recognized members of the anti-abuse community. Beginning in 2014, registrars under the 2013 RAA will be required to publish WHOIS data that includes registrar abuse contacts.

Even with these modifications, there are calls in the community for improvements to the current WHOIS model. ICANN’s Generic Names Supporting Organization (GNSO) explores these areas and works to develop new policies to address each issue, as appropriate. Over the last decade, the GNSO has undertaken a series of activities to reevaluate the current WHOIS system, and has sought to collect data examining the importance of WHOIS to stakeholders.

Whois Protocol

The origin of Whois Protocol is in the ARPANET NICNAME protocol, which was developed based on NAME/FINGER Protocol (discussed in RFC742 from 1977). In 1982, in RFC812, the NICNAME/WHOIS protocol was presented for the first time by Ken Harrenstien and Vic White from SRI International – Network Information Center. While Whois was first used on the Network Control Program, its main use was eventually determined by the standardization of TCP/IP across the ARPNET and Internet.

Whois Replacements/Alternatives

Due to shortcomings of the protocol, various proposals exist to augment or replace it. Examples are Internet Registry Information Service (IRIS) as well as the newer proposed IETF working group called WHOIS-based Extensible Internet Registration Data Service (WEIRDS) intended to develop a REST-based protocol.

Thick Whois

A Thick Whois Server stores complete and accurate information from all registrars regarding registered domain names and their registrants. This information is available to the registry operator and it can facilitate bulk transfers of all domain names to another registrar in the event of a registrar failure. Thick Whois also enables faster queries.

In November 2011, ICANN Staff issued a Preliminary Issue Report on ‘Thick’ Whois to determine if the GNSO Council needs to conduct a Policy Development Process (PDP) regarding the Whois requirements made of existing gTLDs. The ICANN community was divided on the issue. In a statement, Verisign said that it will “neither advocate for nor against the initiation of a PDP.” The company also argued that its Whois model for .com, .net, .name and .jobs is effective but if the internet community and its customers believed that thick Whois is a better, it will respect and implement the policy. The Intellectual Property Constituency supports Whois implementation. The constituency believed that it will help prevent abuses on intellectual property rights and consumer fraud.  On the other hand, Wendy Seltzer of the Non-Commercial Users Constituency (NCUC) expressed her concern on the impact of further Whois expansion on privacy rights. She pointed out that, “Moving all data to the registry could facilitate invasion of privacy and decrease the jurisdictional control registrants have through their choice of registrar.”

In February 2012, the GNSO Council postponed its decision to determine if it is necessary for Verisign to implement the thick Whois database on .com and all the other gTLDs under its management. The Policy Development Process regarding the issue was also delayed due to the request of the NCUC. All registry operators except Verisign were required to implement Thick Whois. In August, 2012, the GNSO Council, along with two other ICANN constituencies sent a letter to ICANN chastising it for its decision to not require Verisign to implement Thick Whois for the .com TLD.