How to Conduct the Best 'Whois' Search

Thanks in large part to the European Union's General Data Protection Regulation (GDPR) -- which I have previously discussed multiple times -- getting information about the registrant of a domain name has never been more challenging. So, knowing where to turn for the best "whois" records has never been more important.

The GDPR has resulted in registrars redacting important information on many domain name registrants. Hopefully, ICANN's so-called "Temporary Specification" will eventually change this or, at least, make it somewhat easier for trademark owners and others with legitimate legal interests to identify domain name registrants.

Until then, however, simply knowing where to find a whois record -- and the best whois record available -- is perhaps the most important thing for any trademark owner. Access to whois records is essential for filing a domain name dispute under the Uniform Domain Name Dispute Resolution Policy (UDRP), the Uniform Rapid Suspension System (URS) or another domain name dispute policy.

What is 'Whois'?

To be clear, a "whois" record provides information about a domain name. As ICANN explains, this information consists of "identifying and contact information which may include: name, address, email, phone number, and administrative and technical contacts."

Requirements for whois records have changed over time and continue to vary somewhat based on the top-level domain name (TLD) involved.

ICANN's Whois Web Page

In the recent past, I usually began most of my whois searches at ICANN's own web-based whois portal, at whois.icann.org. I often looked at this website as the best starting point for TLDs within ICANN's ecosystem, which includes all of the so-called generic TLDs (including legacy TLDs such as .com and new gTLDs such as .xyz).

However, as of this writing, ICANN's whois page is not always returning accurate results. On multiple occasions, I have used ICANN's form to look up certain domain names that I know exist, only to receive a message that says, "The requested second-level domain was not found in the Registry or Registrar’s WHOIS Server."

I have been told by ICANN that this erroneous message is related to "rate limit whois requests" from the registrar Network Solutions. But the problems have continued for weeks, and I can't determine whether they are, in fact, limited to domain names registered at a single registrar. The only thing I can determine is that ICANN's own whois web page is often reporting inaccurate information by stating that a registered domain name is not registered.

So, my best advice is not to rely on ICANN's whois web page.

Instead, the best starting point to find any whois record is with the applicable domain name registry, that is, the company with ultimate responsibility for managing the relevant TLD. For .com, that's VeriSign Global Registry Services. For .xyz, that's XYZ.COM LLC. For .org, that's Public Interest Registry. For .law, that's Minds + Machines Group Limited. For .store, that's DotStore Inc.

If you think that's confusing, you're right.

And, with more than 1,500 TLDs in existence, it's impossible to always know which registry is responsible for which TLD.

IANA's Whois Service

Fortunately, the Internet Assigned Numbers Authority maintains a complete list of all TLDs and their registry operators. So, consulting the IANA list is a great way to start a whois search. I often follow the appropriate link on the IANA list to identify the appropriate registry, then conduct a whois search on the registry's own website.

Or, I will shortcut the process by conducting a whois search on IANA's own whois page at www.iana.org/whois to identify the registry and then repeat the process on the registry's website.

In either event, I see this IANA-based process as only the first step in getting to the best whois record. I use the information provided by IANA or by the registry to then identify the actual registrar responsible for the domain name.

(While every TLD has only one registry, actual domain name registrations within any TLD may be offered by any of hundreds of registrars. And the registrars are the ones who are responsible for collecting data from their customers, that is, the actual domain name registrants.)

Once I have identified the registrar responsible for a domain name registration, I then conduct a whois search on the registrar's own website. Finding the registrar is usually a pretty simple task, because many registries' whois records will include an address for the registrar's website. Or, for ICANN-accredited registrars, a complete list is available on the InterNIC website. Or, a simple Google (or other) search will lead to the registrar's website.

Sample Whois Process

Here's an example for finding the whois record for, say, <google.com>:

  • Step 1: Identify the Registry. Use the IANA whois service to search for <google.com>. The result tells me that VeriSign is the registry operator (as it is for all .com domain names). The result also tells me: "Registration information: http://www.verisigninc.com"
  • Step 2: Identify the Registrar. Visit the registry's (VeriSign's) website. Once there, I find the link (at the bottom of the home page) labeled "WHOIS," which allows me to conduct a search for <google.com> using VeriSign's whois tool, which tells me that the registrar for this domain name is MarkMonitor. The result also includes the URL for the registrar.
  • Step 3: Conduct Whois Search at Registar. Go to the registrar's (MarkMonitor's) website. That website contains its own whois search form, where I enter "google.com" and learn that the registrant of this domain name is Google LLC and that it was created on September 15, 1997.

If this sounds tedious, you're right.

But, I think it leads to the best whois record because it identifies the registrar responsible for the domain name, which presumably has the most accurate and complete registration data available.

Unfortunately, as the <google.com> example shows, even this process won't identify all of the important information about a domain name registrant, because the GDPR often masks the registrant's contact information.

It's not a great system, but we have to live with it, at least for now.