Software Development

Web applications, mobile, e-commerce and custom software projects.

ReactNode.jsMobile

SEO & Optimization

Organic traffic growth, technical SEO, content strategy and analytics.

Technical SEOContentAnalytics

API & Integration

REST API, webhook infrastructure, payment and shipping integrations.

REST APIWebhookOAuth
View all services Get free consultation

Web Hosting

cPanel management panel, SSD storage, free SSL certificate

Get a Quote

VPS Server

NVMe SSD, full root access, DDoS protection included

Get a Quote
Popular

Dedicated Server

Fully dedicated physical server, unlimited traffic

Get a Quote

Domain & SSL

Domain registration, transfer and Wildcard SSL certificates

Get a Quote

Why KEYDAL?

  • 99.9% uptime guarantee
  • Istanbul data center
  • 24/7 support
  • Free migration service
Get a quote

Projelerimiz

kSvSecurity, kAI, kMusic ve daha fazlası.

About Us

Meet KEYDAL. Our vision, team and journey.

Contact

Tell us about your project, get a custom quote.
Contracts
Privacy Policy Terms of Service SLA Agreement Data Protection Notice Cookie Policy
01 Home
Software Development SEO & Optimization API & Integration
Web Hosting VPS Server Dedicated Server Domain & SSL
04 KEYDAL Projects 05 Tools 06 Blog
About Us Contact Contracts
Get a Quote
Blog / domain

WHOIS Lookup: Find Domain Owner, Expiry, and History (Complete Guide)

pillar 27 min read May 2, 2026
Founder of KEYDAL · Full-stack developer

WHOIS lookup is one of the internet's oldest yet still most practical research tools. In seconds, you can learn who owns a domain, when it was registered, when it expires, which name servers it points to, and which registrar manages it. Across dozens of scenarios — brand protection, legal notice, negotiated domain acquisition, fraud investigation, competitor analysis, and technical troubleshooting — WHOIS is the starting point.

This guide goes far beyond just clicking a "whois lookup" button. We've assembled an end-to-end resource covering how the WHOIS protocol works, why most records have been redacted since 2018 thanks to GDPR, its modern successor RDAP, the TRABIS rules governing .tr domains, IP/ASN lookups, the whois command and API integrations, domain history, and pricing/renewal/recovery workflows.

Related guides: What is a domain name, registration and WHOIS · Domain lookup tools: WHOIS, RDAP, DNS · What is DNS and how to change settings · HTTPS and TLS 1.3 · WHOIS Lookup Tool

What is WHOIS? What Does WHOIS Mean?

WHOIS is literally "who is" — the technical answer to the question "who is behind this?" It is a query protocol that returns the person or organization behind a domain name or IP block, the registration dates, and the authoritative registry holding the record. It was first defined in 1982 by RFC 812, and the current reference document is RFC 3912 from 2004.

The protocol is extremely simple: you connect to TCP port 43, send the domain you want to query as a single line followed by CRLF, the server returns information in plain text, and the connection closes. There is no standard schema for the query — every registry uses its own field names. This "flexibility" is both WHOIS's greatest strength and its biggest weakness — even AI-driven parsers can produce surprising errors.

In English search results, queries like "what is whois", "whois meaning", and "whois definition" are used interchangeably. They all point to the same protocol: a client/server architecture that exposes the registration ownership, registration dates, registrar, and name server information for a domain name or IP.

Practical Benefits of WHOIS Lookups

"Who owns this domain" sounds like a simple question, but in practice it serves wildly different purposes. Examples from a typical operations log:

  • Brand protection — has someone registered a typo variant of your company name? WHOIS exposes the registrant and registrar, which is the foundational evidence for UDRP proceedings.
  • Domain acquisition negotiation — you like a domain that's registered but unused; the contact information for reaching the owner with an offer comes from WHOIS (or, if redacted, is forwarded by the registrar's relay).
  • Expiry tracking — to confirm whether your own domain has been renewed, or when a partner company's domain will expire. Our WHOIS tool shows this directly.
  • Fraud / phishing investigation — if a new domain was registered yesterday and impersonates your brand, the first piece of evidence is the creation date.
  • Hosting/server identification — "who hosts this domain" type queries are essentially about finding which name servers a domain uses and which provider those name servers point to.
  • Legal notice — for copyright complaints, content takedowns, and court matters, you need the registrant information (or at least the abuse contact).
  • Domain history research — who owned the domain before, how many times it has been transferred, what content it served previously. Wayback Machine plus historical WHOIS data combined produce a powerful profile.

All of these uses are legal; however, scraping WHOIS data in bulk and using it for marketing violates ICANN policies and data protection law (KVKK in Turkey, GDPR in the EU). ICANN's RAA contract obliges registrars to apply rate limits and abuse prevention.

What Fields Appear in WHOIS Output?

In a typical gTLD WHOIS response (.com, .net, .org), you'll see the following fields. The structure varies slightly between registries, but the core fields are almost always present:

  • Domain Name — the queried domain (case-insensitive).
  • Registry Domain ID — the unique identifier assigned on the registry side.
  • Registrar — the name of the ICANN-accredited organization where the domain is registered.
  • Registrar IANA ID — the numeric registrar identifier assigned by IANA.
  • Updated Date / Creation Date / Registry Expiry Date — last update, initial registration, and expiration dates (in RFC 3339 / ISO 8601 format).
  • Domain Status — EPP status codes (clientTransferProhibited, clientHold, pendingDelete, etc.).
  • Registrant / Admin / Tech / Billing Contact — the registrant, administrative, technical, and billing contacts (mostly redacted post-GDPR).
  • Name Server — the authoritative DNS servers for the domain.
  • DNSSEC — whether DNSSEC is enabled (signedDelegation / unsigned).
  • URL of the ICANN Whois Inaccuracy Complaint Form — link to file a complaint about an incorrect WHOIS record.

Since GDPR took effect in 2018, in most European registrations you'll see "REDACTED FOR PRIVACY" in place of real names in Registrant / Admin / Tech fields, and the registrar's anonymous contact form URL (e.g., https://contact.registrar.com/?domain=...) instead of an email. This is a direct result of ICANN's Temporary Specification for gTLD Registration Data.

A Sample WHOIS Output

Three details stand out here: the domain was registered in 1995 ("Creation Date"), all server*Prohibited codes are active (transfer, deletion, and renewal are locked at the registry level — typical for highly critical domains), and DNSSEC is enabled.

EPP Status Codes: The Domain's Current State

The EPP (Extensible Provisioning Protocol) status codes are 17 codes defined in ICANN's official documentation. Each indicates whether the domain can be transferred, renewed, or deleted, and whether it is actively reflected in DNS. There are two categories: client* codes are controlled by the registrar, and server* codes are controlled by the registry.

  • ok — the domain is in a normal state with no restrictions. (Rarely seen alone in gTLDs; most domains carry at least clientTransferProhibited.)
  • clientTransferProhibited — a transfer lock applied by the registrar. It should always be active as protection against domain hijacking; you must remove it before initiating a transfer.
  • clientUpdateProhibited / clientDeleteProhibited / clientRenewProhibited — update, delete, and renewal locks (registrar-side), respectively.
  • clientHold — the registrar has pulled the domain from DNS; pages won't load. Usually triggered by non-payment.
  • serverHold — a hold imposed by the registry, typically due to a court order, abuse, or ICANN compliance.
  • pendingDelete — the domain is in the deletion process and will be released after 5 days. (See the "domain lifecycle" section below.)
  • redemptionPeriod — the domain has expired and is in a 30-day recovery window; it can usually be reclaimed by paying a redemption fee of 5–10x the renewal price.
  • autoRenewPeriod — the registrar has auto-renewed; refunds are possible within 45 days.
  • pendingTransfer — a transfer to another registrar has been initiated and is pending.
  • inactive — fewer than two name servers are delegated to the domain; it doesn't resolve in DNS.

To protect against domain hijacking, at minimum these three client-side codes should be active: clientTransferProhibited, clientUpdateProhibited, and clientDeleteProhibited. For high-value domains, you can also request server*Prohibited locks from your registrar (usually a paid add-on, but they prevent extraction even if an attacker gains access to the registrar API).

From WHOIS to RDAP: The New Standard for 2025 and Beyond

The WHOIS protocol has three major problems: no standard data schema, no authentication, and no proper internationalization (Unicode) support. To address these, ICANN and the IETF developed RDAP (Registration Data Access Protocol). RDAP is a modern API built on JSON, using HTTPS as its transport layer, and capable of returning OAuth-signed responses.

The official definitions span several RFCs: RFC 7480 (HTTP usage), RFC 9082 (query format), RFC 9083 (JSON response format), and RFC 7481 (security). In early 2024, ICANN made RDAP mandatory for gTLDs; the transition away from the classic port-43 WHOIS service is being completed throughout 2025–2026.

RDAP has four concrete advantages over WHOIS: (1) thanks to structured JSON, parse errors are nearly zero, (2) UTF-8 / IDN domains (e.g., türkçe.com) round-trip cleanly, (3) OAuth/JWT allows authorized users to view fields that are otherwise redacted, (4) differential privacy is possible — returning different responses based on the requester is a standard feature.

Querying WHOIS from the Command Line

On Linux/macOS systems, the whois command is usually pre-installed; if not, it's easy to add via apt install whois or brew install whois. On Windows, you can download whois.exe from SysInternals.

The whois client by default goes to whois.iana.org to discover the correct registry server, then redirects there. This "referral" mechanism is disabled in some older clients; in that case, specify the target server manually with -h. For .com use whois.verisign-grs.com, .net is the same, .org is whois.publicinterestregistry.org, and .tr is whois.nic.tr.

WHOIS Server Hierarchy: Thin vs. Thick

Two different approaches exist. In a thin registry (the classic .com / .net model — Verisign still uses this), the query first goes to the registry, which returns only the registrar information; you must issue a second query to the registrar for the full data. In a thick registry (.org, .biz, .info, .pro, .name, and nearly all new gTLDs), all data is returned at the registry level in a single query. Each ccTLD sets its own policy — most are thick, but data openness varies (.de returns only registrar + name servers, .it redacts all contacts). Modern whois clients handle this jump automatically.

WHOIS for .com.tr and the Special Case of .tr Domains

In Turkey, queries like "whois com tr", "whois tr", and "who is tr" all point to the same place: the authoritative registry for .tr domains. As of September 14, 2022, .tr management was transferred from METU's Nic.tr to TRABIS (the TR Network Information System) under BTK. Both policy and technical infrastructure changed significantly after that date — we cover this in more depth in our domain and domain registration guide.

There are five major changes from the previous era:

  • Documentation requirements were removed. Under the old Nic.tr, .com.tr required a trade registry gazette, .gen.tr required an ID copy, and so on. Under TRABIS, the gTLD model was adopted: .com.tr, .net.tr, .org.tr, .biz.tr, .info.tr, and .tv.tr sub-extensions can now be registered without documentation.
  • Direct .tr was opened. After 2022, suffix-less .tr domains in the form brand.tr were offered for the first time — opening for general use after sunrise (reservation) and landrush periods.
  • Multi-registrar model. Previously, Nic.tr was the sole operator; now dozens of registrars accredited by BTK sell .tr. Consumers can now choose on price and service.
  • WHOIS privacy policy. In TRABIS WHOIS output, most personal data on individual registrations is redacted under KVKK; corporate registrations expose company information openly.
  • RDAP requirement. In parallel with gTLDs, TRABIS offers an RDAP service: structured queries can be made via https://rdap.nic.tr/.

Sub-extensions that still require documentation — edu.tr, gov.tr, mil.tr, k12.tr, av.tr, bel.tr, tsk.tr, pol.tr — remain in place after TRABIS as well. Lawyers need bar registration to acquire .av.tr, universities need YOK documentation for .edu.tr; in these registrations, the WHOIS output usually displays the institution's official name.

For deep .tr research, you can use the form interface at trabis.gov.tr/whois directly, or the lookup boxes on accredited registrars' sites. Third-party tools simply proxy TRABIS's official RDAP, so the data is equivalent — the only difference is the interface and ease of use.

IP and ASN Lookups: What Does "WHOIS IP Lookup" Mean?

WHOIS records exist not just for domains but also for IP blocks and autonomous systems (AS). The organizations that manage these records are the RIRs (Regional Internet Registries):

  • RIPE NCC (Europe, Turkey, Middle East, Central Asia) — whois.ripe.net
  • ARIN (North America) — whois.arin.net
  • APNIC (Asia/Pacific) — whois.apnic.net
  • LACNIC (Latin America) — whois.lacnic.net
  • AFRINIC (Africa) — whois.afrinic.net

"Who hosts this domain" is answered here too: through the domain's name servers, you can identify the hosting provider; through the IP in the A/AAAA records, the data center or ISP. We cover this in more detail in our DNS guide.

Domain Expiry Lookups and the Domain Lifecycle

"Domain expiry lookup" is one of the most practical uses of WHOIS. The Registry Expiry Date field in the output indicates the end of the domain's current registration period. But the real story doesn't end there: the domain isn't deleted automatically afterwards — it enters a four-stage lifecycle.

  • 1. Expiration (Day 0): when the domain's Registry Expiry Date passes, DNS continues to work; most registrars auto-renew for 1 year and bill the customer.
  • 2. Auto-Renew Grace Period (Day 0–45): the registrar can reverse the renewal during this window; most registrants don't take advantage of it.
  • 3. Redemption Period (Day ~45–75): the domain drops out of DNS (clientHold/serverHold), and sites stop loading. The "redemptionPeriod" status code appears. To recover at this stage, you must pay a redemption fee — typically 5–10x the annual renewal price (around $50–150 USD).
  • 4. Pending Delete (Day ~75–80): a 5-day irreversible deletion process; at the end, the domain is publicly released. Drop catchers waiting for this moment can grab the domain again within seconds.
  • 5. Released: the domain becomes free, and anyone can buy it for the normal renewal price.

Those who want to grab high-value domains follow this cycle very closely. Services like Dropcatch.com, SnapNames, and NameJet fire hundreds of queries per second across multiple registrars trying to be the first to grab a domain. That's why a popular branded domain is nearly impossible for an independent user to catch the moment it expires — a backorder service is required.

WHOIS APIs and Programmatic Access

If you need to track domains in bulk, integrate with a monitoring system, or expose a lookup box on a customer dashboard, you'll want to use WHOIS APIs. Since RDAP already serves HTTP+JSON directly, no extra library is required; for classic port-43 WHOIS, python-whois in Python or just fetch for RDAP in Node is enough.

Paid WHOIS API providers (WhoisXMLAPI, WhoAPI, JsonWhois, IP2WHOIS) offer value-added services like historical WHOIS data, bulk lookups, screenshots, and change notifications (whois change monitor). Pricing typically ranges from $5–50 USD per 1,000 queries; the price drops as volume increases (approximate, varies by provider, 2026 figures).

Domain History and Historical WHOIS

"Domain history" research shows ownership, name server, and registrar changes spread over a domain's lifetime. Doing this with the classic WHOIS protocol is impossible — the protocol returns only the current record. For historical data, third-party archive services are used: WhoisXMLAPI / DomainTools for 20+ years of WHOIS archive and ownership transitions, SecurityTrails for DNS record history (A, MX, TXT), the Wayback Machine (archive.org) for content history, and Common Crawl as an open web archive. If you're buying a domain, examining its history is critical; paying for a domain that previously hosted spam or malware, or has a Google penalty, can be far worse for SEO than starting from zero.

GDPR, KVKK, and WHOIS Privacy

GDPR, which took effect on May 25, 2018, fundamentally upended the WHOIS system. Previously, every .com domain's registrant name, address, phone, and email were public for all to see. Under GDPR-covered registrations, most of these fields now show "REDACTED FOR PRIVACY". In Turkey, KVKK provides equivalent protection for individual registrants; for corporate registrations, the company name is usually open due to commercial transparency requirements.

The practical consequences of this change:

  • Reaching the registrant directly has become harder. Most registrars provide a "contact form" URL — your message is forwarded via an anonymous relay. Spam filtering is aggressive; commercial proposals usually don't get through.
  • WHOIS Privacy / Domain Privacy services have become less essential. They still hold value for older non-GDPR registrations — if the registrant didn't renew, the open data may still be visible.
  • Legal proceedings require a court order to obtain the underlying data from the registrar.
  • For brand protection, you must rely on ICANN's Trademark Clearinghouse and UDRP processes; WHOIS data alone is no longer sufficient evidence.

What is WHOIS privacy (privacy protection) service? It's a free or paid service offered by the registrar that replaces the registrant's information with the registrar's proxy contact data. ICANN defines it as "privacy/proxy registration". It's free for most .com registrations; for .tr, it depends on the registrar.

Combining DNS Lookups with WHOIS

"Who owns this DNS" queries often conflate two different things: the domain's authoritative DNS servers (name servers) versus the organization providing DNS resolver services. The Name Server records in WHOIS output show the authoritative servers; who owns those is found via IP whois or a simple nslookup.

This combination is the essence of what we generally call "domain information lookup": registrant (WHOIS), hosting (IP whois), DNS configuration (dig), HTTPS certificate (CT log), and history (Wayback) come together to reveal the entire digital footprint of a domain.

Domain Hijacking and Detection via WHOIS

Domain hijacking is when an attacker captures your WHOIS information and transfers the domain to another registrar or account. WHOIS is both an early warning of an attack and the first piece of evidence after it happens. Signals to watch:

  • Registrar change — the Registrar field changed even though you didn't initiate a transfer.
  • Name server change — the authoritative DNS servers switched from yours to the attacker's; traffic no longer reaches you.
  • The Updated Date changing in the last few hours — any movement outside legitimate updates is suspicious.
  • clientTransferProhibited removed from EPP status — seeing the transfer lock disabled is an alarm bell.
  • The registrant contact email changed — an email change without your knowledge is the most critical indicator.

Defense strategies: enable 2FA on your registrar account, an independent 2FA + strong password on the email account, keep clientTransferProhibited permanently enabled, combine registrar lock with registry lock, and maintain a "trusted contact" list for critical domains. Additionally, setting up a system that automatically diffs your WHOIS data at least once a week is very practical.

Avoid Abuse: Rate Limits and Etiquette

WHOIS stays clean thanks to the strict rules ICANN imposes on registries and registrars. There are also rules you must follow on your side; if you violate them, your IP gets banned and abuse complaints may follow. Practical guidelines: 1 query per second is the upper limit (sleep between calls is mandatory in bulk jobs), use the standard whois client (script-kiddie traces trigger bans), bulk scraping for advertising/marketing purposes violates ICANN policies and can carry serious financial penalties, the same respect applies to public RDAP services (read the X-RateLimit-* headers), and cache the data in your application for at least 1 hour — a product hammering the same domain 50 times per minute is flagged as a bot.

Common Mistakes and Misinterpretations

Let's round up the most common mistakes when investigating WHOIS data — especially critical when the data will be used as evidence:

  • The domain you think is "available" is actually registered. WHOIS returning "No match" can be due to caching, the wrong server, a typo, or rate limiting. Confirm with a second source.
  • The registrant country is not the real location. A Turkish operation's .com registration may show as US-based; this isn't evidence of geographic location.
  • An anonymous email is legitimate. Post-GDPR/KVKK, an anonymous relay email from the registrar is normal and not an indicator of fraud.
  • Trusting old, cached WHOIS data. Third-party tools sometimes update only monthly; for critical decisions, run a fresh query.
  • Misreading EPP status codes. The difference between clientHold and serverHold answers the question of whether it's abuse or a payment issue.
  • Treating privacy proxy as truly hidden ownership. ICANN privacy/proxy services must disclose information under legal process; they aren't court-proof.
  • Treating WHOIS as real-time. Data propagation can take from a few minutes to several hours, especially for newly transferred domains.
  • Mistaking IP whois for the website's owner. An IP shows the hosting provider, not the content owner. On shared hosting, thousands of sites can share the same IP.

WHOIS Automation: A Domain Monitoring Pipeline

For teams tracking dozens of domains, a basic monitoring pipeline is built like this: regularly query RDAP via cron or scheduled task, hash the JSON result, compare with the previous hash, and send a Slack/email alert on any difference. For an organization with 50 domains, this pipeline runs on a single VPS for under $5/month.

If you run this pipeline via cron (say, daily at 09:00) and pipe the output into a webhook (Slack, Telegram, Discord), any name server / status / expiry change is noticed within hours. In an enterprise context, you can also monitor it on a metric basis with Prometheus + Grafana.

Domain Acquisition and Negotiation

WHOIS is your first step when you want to acquire an unowned domain. The approach varies by scenario:

  • Domain is free (not registered). Register directly via a registrar; in most gTLDs, around $10–20 USD/year, premium domains can run far higher (approximate, varies by provider, 2026 figures).
  • Domain is registered but unused (parking). Make an offer through the contact in WHOIS. Most parking pages have a "buy this domain" link; behind it, you'll usually find domain marketplaces like Sedo, Afternic, or Dan.com.
  • Domain is actively in use. Negotiation gets harder; a professional domain broker (typical commission 15–25%) helps both with pricing and with brokerage. Direct offers often go unanswered.
  • Domain is about to expire. Watch the expiry in WHOIS and open a backorder (SnapNames, NameJet, Dropcatch) — not a guaranteed catch, but it improves your odds.
  • Old / abandoned domain. A backorder is essential to compete with drop catchers; these domains also pass hand-to-hand at aftermarket auctions.

For large domain purchases, using an escrow service (Escrow.com) is standard practice; the payment moves to the seller only after the buyer confirms the domain transfer. Never wire money directly — there are scam cases that have dragged on for years.

Domain Transfer and WHOIS

Domain transfers (registrar changes) are tracked through WHOIS. The process typically goes: at the source registrar, you remove clientTransferProhibited → obtain the auth code (transfer secret, EPP code) → enter that code at the destination registrar and pay → the source registrant receives an approval email → upon approval, the transfer completes within 5–7 days. WHOIS shows the pendingTransfer status during this process.

  • The 60-day rule: a newly registered or newly transferred domain cannot be transferred again for 60 days (ICANN policy).
  • How long is the auth code valid: 14–30 days at most registrars; reissue it if it expires.
  • WHOIS verification: ICANN mandates email verification of the registrant. A domain registered to an unverified registrant can be suspended after 15 days.
  • .tr transfer: Inter-registrar transfers are far easier under TRABIS; processes that took months in the old Nic.tr era now complete in days.

"Find the Host" — Identifying a Site's Hosting Provider

"Find the host" is the intent of finding which provider hosts a website. A three-layer analysis is performed: name server (WHOIS) → A record (dig) → IP whois (RIR). These three reveal the CDN, the origin, and the ISP/data center. A practical host-info.sh script follows this sequence: dig +short NS for name servers, dig +short A for origin IPs, then whois on each IP for OrgName/netname/country, dig +short CNAME www, dig +short MX, and finally registrar information. To find the real origin behind a CDN, SSL CT logs (crt.sh), historical A record archives, or subdomain enumeration are used — that topic moves into security territory.

Don't forget the legal limits in "who owns this domain" queries: WHOIS data outside legitimate use creates a personal data violation. Under KVKK in Turkey and GDPR in the EU, processing data inconsistent with its purpose (e.g., scraping registrant emails from WHOIS to add to a marketing list) is a direct violation; using it for court proceedings is a legitimate interest. When in doubt, consult a lawyer.

WHOIS Safe Use Checklist

  • Strict transfer lock: on all critical domains, clientTransferProhibited + serverTransferProhibited if available.
  • Registration email: separate, 2FA-protected, on an account independent of your hosting/registrar (e.g., Google Workspace).
  • Privacy proxy: always enabled on individual registrations; on corporate registrations, point it to the business address.
  • Keep WHOIS information current: respond to ICANN verification emails; a suspended domain is a disaster.
  • Auto-renewal: keep card details up to date and track expiry on your calendar as a backup.
  • Multi-domain monitoring: if you have 5+ domains, set up an automatic diff system.
  • Document backup: for extensions that require documentation like .av.tr or .edu.tr, archive registration documents in the cloud as well.
  • Registrar account audit: review login IPs and active sessions every 6 months.

The WHOIS-and-SEO connection matters too: while Google doesn't use domain age as a primary ranking signal, its spam filters do treat newly registered domains cautiously. The Creation Date in WHOIS for a new (<6 months) domain doesn't directly affect ranking, but it can affect indexing speed and the risk of manual review. Domains that have historical Penguin/Panda penalties carry that reputation forward — always research the history of a domain before buying it. For broader context, see our SEO starter guide.

Frequently Asked Questions

Is WHOIS lookup paid?

No, WHOIS lookup is always free; ICANN mandates free access. The paid options are value-added services from third-party APIs (historical data, monitoring, screenshots, bulk lookups).

How can I find the real owner of a domain if it's hidden?

You cannot remove the standard redaction post-GDPR/KVKK. The legal paths are: (1) contact via the registrar's anonymous relay, (2) court order through legal process, (3) UDRP / TM-PDDRP for trademark infringement. When you "do a whois lookup" and get "No match", it usually means the domain is free, but not always — caching, the wrong registry server, IDN punycode errors, or premium pre-registrations can also produce "No match"; before registering the target domain, confirm with two sources.

What's the difference between "whois com tr" and plain "whois"?

The query mechanics are the same; only the target registry differs. Verisign is authoritative for .com, TRABIS for .com.tr. Modern whois clients automatically route to the correct server based on the TLD; there's no difference on the user side. Registry-level changes appear in public WHOIS within minutes, while third-party tools' caches may lag by 1–24 hours.

Is using RDAP directly instead of WHOIS enough?

As of 2026, in gTLDs — yes; RDAP is mandatory and most libraries are RDAP-first. Some older ccTLDs still only run classic WHOIS (port 43); in mixed environments, use a client that supports both. You can't tell whether someone has queried your domain; even if queries are logged on the registry side, the logs aren't disclosed to the registrant.

How long can a domain be recovered after expiry?

Typical gTLD lifecycle: 0–45 days auto-renew grace, 45–75 days redemption (with high penalty), 75–80 days pending delete, then release. You have roughly a 75-day window to recover an expired domain; act within it.

What should I look for when choosing a WHOIS tool?

Prefer tools that support RDAP, handle IDNs (non-ASCII domains) correctly, translate EPP status codes, link to historical data, and provide cache transparency. "Quick" tools that return one-line answers often don't interpret redacted data and can be misleading.

References

Monitor and protect your domains professionally

For end-to-end support tracking WHOIS changes, expiry, hijack alerts, and transfer protection on critical domains, get in touch

Written by

Founder and principal engineer of KEYDAL. Serving enterprise clients in hosting, software development and SEO since 2026.

Related Articles

Readers of this article also read these

domain 27 min

Domain Transfer Guide 2026: Steps, Duration, Auth Code and Cost

Complete 2026 domain transfer guide: EPP/auth code, registrar lock, 60-day rule, ICANN policy, ccTLD specifics including .com.tr/.tr (TRABIS), transfer duration, pricing ranges and how to fix common transfer errors.
domain 28 min

How to Register a Trademark in Turkey: 2026 Application, Fees and Process Guide

How to register a trademark in Turkey: 2026 fees, application steps, Nice classification, opposition, renewal and brand name protection. A comprehensive vendor-neutral guide based on TÜRKPATENT and SMK 6769.
domain 27 min

How to Buy a Domain Name from Google in 2026: Squarespace Migration, Cloud Domains and Google Registry

After Google Domains shut down, how do you buy a domain from Google or within Google's ecosystem? Comprehensive 2026 guide covering the Squarespace migration, Cloud Domains, Workspace purchase flow, Google Registry TLDs (.dev, .app, .page) and modern alternatives.
WhatsApp