Free WHOIS Lookup: Check Domain Registration, Expiry and Ownership

Your domain name is probably the single most important digital asset your business owns. It's the address customers type, the brand they remember, and the foundation every page of your website sits on. But when did you last actually check who controls it?

Over 150,000 domains expire every day worldwide. Some of those are abandoned junk. But plenty are businesses that forgot to renew, didn't update their contact details, or had no idea their domain was about to lapse. A WHOIS lookup takes 10 seconds and can prevent months of recovery headaches.

We built a free WHOIS Lookup tool that queries modern RDAP servers to pull registration data for any domain. Expiry dates, nameservers, registrar info, domain status codes, DNSSEC. Everything you need to check your own domains or investigate someone else's.

What is WHOIS (and why does RDAP matter now)?

WHOIS has existed since the early 1980s. It was the standard way to look up who registered a domain, when it expires, and which registrar manages it. For decades, it worked fine. But WHOIS had problems: no encryption, no standardised data format, no access controls. When GDPR arrived in 2018, the whole system needed rethinking.

RDAP (Registration Data Access Protocol) is the replacement. As of January 2025, ICANN officially sunset the WHOIS requirement for generic top-level domains. The numbers tell the story: WHOIS queries dropped 60% between January and August 2025, while RDAP queries jumped from 7 billion to 65 billion monthly. RDAP overtook WHOIS entirely by June 2025.

Our WHOIS Lookup tool uses RDAP under the hood, which means you get structured, reliable data rather than the inconsistent text dumps the old protocol produced.

"In January 2025, the gTLDs were reporting around seven billion RDAP queries per month, rising in August 2025 to 65 billion, with RDAP queries surpassing WHOIS queries in June 2025."

Andy Newton, Principal Engineer at ICANN and IETF Applications Area Director, APNIC Blog

Newton helped write the RDAP specification, so he knows these numbers inside out. What struck me about this quote was the speed of the shift. In seven months, the entire domain industry flipped from one protocol to another. For anyone running WHOIS queries through old tools that still hit the legacy protocol, you're increasingly getting incomplete or empty responses. RDAP-powered lookups like ours are now the only reliable option.

What our WHOIS Lookup shows you

Enter a domain name and you'll see four sections of data:

Registration details. When the domain was first registered, when it was last updated, and critically, when it expires. This is the section you'll check most often. If your domain expires in two weeks and you haven't set up auto-renewal, you need to know about it now, not after your site goes dark.

Nameservers. Which DNS servers are authoritative for the domain. If you're migrating hosting providers or troubleshooting why your site isn't resolving, nameserver data tells you where the domain is actually pointing. Pair this with our DNS Lookup tool to see the full picture of what those nameservers resolve.

Domain status codes. These EPP (Extensible Provisioning Protocol) codes are the security controls on your domain. clientTransferProhibited means nobody can move your domain without your registrar's cooperation. serverDeleteProhibited means the registry itself has locked the domain against deletion. If you see redemptionPeriod or pendingDelete, that's an emergency: the domain has already expired and is heading for the open market.

Registrar information. Which company manages the domain registration. This tells you who to contact about renewal issues, DNS changes, or transfer requests. It also reveals whether a domain uses a consumer registrar or an enterprise-grade provider with better security controls.

Five reasons to run a WHOIS lookup today

1. Check your own expiry dates. This one sounds obvious, but it catches people out constantly. Auto-renewal fails because a card expired. The admin email on file belongs to someone who left the company two years ago. The domain lapses, the website vanishes, and recovering an expired domain can cost hundreds, or be impossible if someone else snaps it up. A 10-second lookup confirms everything is current.

2. Verify domain ownership before buying a business. If you're acquiring a company or buying a domain on the aftermarket, WHOIS data tells you who actually controls it. Cross-reference the registrant against the seller. Check the registration date (a domain registered last month isn't the established brand they're claiming). Look at the status codes to confirm it can actually be transferred. If you're planning to transfer a domain to a new registrar, checking these details first saves you from surprises mid-process.

3. Investigate phishing or brand impersonation. Got an email from a domain that looks like yours but isn't? WHOIS reveals when it was registered and by which registrar. Fresh registration dates on domains mimicking your brand are a red flag. CSC's 2024 Domain Security Report found that 80% of registered domains resembling Global 2000 brands are owned by third parties.

4. Check nameservers during a migration. Moved to new hosting? Changed DNS providers? A WHOIS lookup confirms the nameservers have been updated at the registry level, not just in your control panel. If the nameservers still point to your old host 48 hours after the change, something went wrong at the registrar end. Our HTTP Header Inspector and DNS Lookup can help diagnose the rest of the chain.

5. Monitor competitor or partner domains. Checking a supplier's domain before adding them to your website as a link? Looking at a competitor's hosting setup? WHOIS tells you their registrar, nameserver provider, and how long they've held the domain. It's public data, freely available, and sometimes very revealing.

Domain security: what the numbers say

Domain security doesn't get the attention it deserves. Most businesses focus on website security (firewalls, SSL, patching) while ignoring the domain layer underneath. But if someone hijacks your domain or it expires, none of those protections matter. Your entire online presence disappears.

"Many wide-scale cyber attacks like ransomware, phishing, and data breaches can originate at the domain level through fraudulently registered or exploited legitimate domains."

Jim Stoltzfus, President of CSC Digital Brand Services, CSC 2024 Domain Security Report

That quote landed differently for me after we helped a client recover from a domain lapse a few years back. Their registrar admin contact was a generic email address that nobody monitored. Renewal reminders went into the void, the card on file had expired, and the domain dropped. It took three weeks and a redemption fee of over £200 to get it back. Three weeks of a dead website, broken email, and lost sales. All preventable with a WHOIS lookup and five minutes of updating contact details.

CSC's research backs this up at scale. Only 24% of the world's largest companies use registry lock, the single most effective protection against domain hijacking. And 57% still use consumer-grade registrars with limited security controls. For small and medium businesses with even fewer resources, the risk is higher.

A WHOIS lookup won't fix all of this, but it's the starting point. It tells you what status codes are protecting your domain, who your registrar is, and when your registration expires. From there, you can take action: enable registry lock, switch to a more secure hosting provider, or simply update your payment details before renewal fails.

How our tool compares to other WHOIS services

There's no shortage of WHOIS lookup tools online. Most are wrapped in ads, upsell you domain services, or run on the legacy WHOIS protocol that's now returning patchy results.

Our tool is different in a few ways. It queries RDAP servers directly, so you get structured, current data rather than outdated text. It's completely free with no account needed. It shows EPP status codes with explanations so you don't have to Google what serverTransferProhibited means. And it's part of a wider set of free webmaster tools we've built, including meta tag checking, mixed content scanning, robots.txt checking, and sitemap export.

We built these tools because we run a WordPress hosting company. We deal with domain issues, DNS propagation, and security configurations every day. These are the checks we do ourselves, packaged up so anyone can use them.

Quick checklist: keeping your domains healthy

• Run a WHOIS lookup on every domain you own at least once a quarter. Check expiry dates, nameservers, and status codes.
• Enable auto-renewal and make sure the payment method on file is current. Then set a calendar reminder to double-check anyway.
• Update your registrant contact details so renewal notices reach someone who acts on them. Don't use a personal email that might change.
• Ask your registrar about registry lock. It prevents unauthorised transfers and is the single best protection against domain hijacking.
• Enable DNSSEC if your registrar and hosting provider support it. DNSSEC adds cryptographic signatures to DNS responses, protecting against cache poisoning.
• Register your domain for multiple years. A one-year registration that lapses is far more common than a five-year registration with plenty of renewal notices ahead.

All of these checks start with knowing what the current registration data says. That's what a WHOIS lookup gives you. Try it on your own domain, then check the rest of your portfolio. If you're still deciding between .uk and .co.uk for your business, we've broken down the differences. And if you're looking for domain registration with free DNS management and straightforward pricing, take a look at what we offer.

Frequently Asked Questions