The concept of WHOIS has felt sleazy for many years.

If I register a domain, the registrar will basically extort me a couple extra dollars per year for “domain privacy” for the privilege of not having my name, home address, phone number, and email publicly available and then mirrored across thousands of shady scraped content sites in perpetuity. Even If you don’t care about that, then begins the never ending emails texts and calls begin from sleazy outfits who want to sell you related domains, do SEO for you, revamp your site, schedule a call, or just fill your spam box up with legitimate scams and bootleg pharma trash.

All because you wanted a $10/year dot com without paying the bribe.

And yes I grew up leafing through well worn phone books next to corded phones. This is not comparable.

This is about sunsetting the WHOIS protocol in favor of RDAP, not doing away with domain owner registration data.

That was a common racket a long time ago, but pretty much every widely recommended registrar offers free whois privacy now. At least when they're allowed to, some TLDs forbid obfuscating the whois information.

For example, *.us domain registrars aren't allowed to privacy protect your domain: https://www.reddit.com/r/webdev/comments/101qjbq/wow_never_b...

You’re just using bad registrars.

https://porkbun.com/products/whois_privacy

Porkbun only came out in 2014

Two decades late on a problem

Oh the good ol days. $10/m for slow PHP shared hosting and $150 for an SSL certificate too.

I've never had to pay Namecheap extra for WHOIS protection.

RDAP replaces WHOIS, offering a more technologically advanced way to discover the domain is protected by privacy services.

Domain whois is useless, but IP whois is at least kind of useful to check before blanket banning entire IP ranges.

Both give you a way to find out the domain's registrar, registration date, transfer status, and administrative contacts like abuse@. Nameserver data can also be somehow useful.

Otherwise, what did you expect the registrar to divulge to you, a random passer-by?

Wow. I never noticed how much how I used the internet changed. I haven’t done a WHOIS in a decade.

When I started using the internet, it’s how I contacted people. If I liked their site or their blog, I’d check who was behind it and get an email address I could contact.

Now… humans don’t really own domains anymore. Content is so centralized. I obviously noticed this shift, but I had forgotten how I used to be able to interact with the internet.

And after you emailed them you could finger their address and see when they last checked their email, and their unread message count usually.

I had no idea this was a thing for email... Wow.

I think in most ways it's better, it makes the web more approachable to less technical users, making it less gate-keepey, but I also kind of miss the loosely-coupled cluster of web pages from the late-90's and early 2000's web.

Stuff felt less homogeneous; everyone had kind of a loose understanding of HTML, and people would customize their pages in horrendously wonderful ways. It felt more personal.

So many tech people have a fondness for that time. To me, it was a very narrow slice of the human experience. Today I can find sites and communities on any subject I can conceive and billions more that I cannot.

And personally I found it more horrendously ugly than horrendously wonderful. But that's just my opinion.

> Now… humans don’t really own domains anymore.

Even when they do, it's generally a smart idea to anonymize the whois information.

You might be looking up my domain to make a buddy, but someone else might be looking up my domain to SWAT me.

Although shit did happen back in the day. Someone show up at the house of the DeviantART CEO in like... I wanna say like, mmm.. 2007? and slashed his tires etc. WhoIs was only cool in the 90s.

A big part of that is because GDPR basically murdered Whois. It hasn't been useful for many of those last ten years.

There's something about WHOIS I've never understood. If you run `whois ycombinator.com` you'll see name servers in the output.

  Name Server: NS-1411.AWSDNS-48.ORG
  Name Server: NS-1914.AWSDNS-47.CO.UK
  Name Server: NS-225.AWSDNS-28.COM
  Name Server: NS-556.AWSDNS-05.NET

But if you run `dig ycombinator.com ANY +noall +answer` you'll see name servers here too.

  ycombinator.com.        21600   IN      NS      ns-556.awsdns-05.net.
  ycombinator.com.        21600   IN      NS      ns-1914.awsdns-47.co.uk.
  ycombinator.com.        21600   IN      NS      ns-225.awsdns-28.com.
  ycombinator.com.        21600   IN      NS      ns-1411.awsdns-48.org.
  ycombinator.com.        900     IN      SOA     ns-225.awsdns-28.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

If you see all the output together, you'll find the same name servers are present in WHOIS output and the DNS NS records. But wait, there's more.

The name server `ns-225.awsdns-28.com` is present three times- in WHOIS, in DNS NS records, in DNS SOA record.

Which of these name servers get used to resolve `ycombinator.com` to its IP address like when I do `ping ycombinator.com`?

What if the information between the WHOIS and DNS NS records and the DNS SOA records are inconsistent? Which record wins?

Back in 2014, when TLD .church was introduced, me and my friends tried to register alonzo.church and (ab)use the contact information records to provide some biographic information and links, explaining literally whois alonzo.church on the command line. That would not prevent hosting whatever services on that domain as normal.

Sadly, we were not able to secure the domain on time, and after 11 years, the attempted trick is becoming irrelevant.

I don't play with domains all day, but this very much feels like nothing important was accomplished, and things are just being made more complicated for political reasons. Sorry if that is being harsh, but I've never had any issue using WHOIS.

To be replaced with a system providing a standardized method to give law enforcement easier "secure access" to your redacted personal information.

We have ownership records for real estate for a reason. Domains need some level of accountability.

Domains point to IPs, and IPs already have subpoenable ownership records at RIRs. In the real estate metaphor: we have property ownership records, but we don't have records of every rental tenancy.

This is completely untrue.

https://www.zdnet.com/home-and-office/networking/court-rules...

This article is not inconsistent with my comment. The court rejected a subpoena against the ISP for the identity of the user of the IP, not against the RIR for the identity of the owner of the IP. This is like the court rejecting a subpoena against the landlord for their tenant's identity.

I'm not sure this follows. You're allowed to publish, say, a book or pamphlet without signing it with your legal name and address. So is a website more like a book, or a building?

Wait, people use real information?

that's grounds for cancellation of a domain sooooo.....

When can I finally see an article announcing that ICANN has been sunsetted?

Why so flippant? The Internet would be in a sorry state without ICANN...

Whois needs it's own port open usually, this is good I suppose, now it's all HTTPS. Now, if only passive dns resolution data was part of this same api. As it stands today, if you're looking into WHOIS information, historical WHOIS and passive dns are a must, and they are usually provided by commercial entities.

If distribution packages don't abstract this trivia away I'm going to be endlessly frustrated

What does this mean for the command line tool whois? It definitely works still and it's still being updated...

> whois ycombinator.com % IANA WHOIS server % for more information on IANA, visit http://www.iana.org % This query returned 1 object

refer: whois.verisign-grs.com

domain: COM

organisation: VeriSign Global Registry Services address: 12061 Bluemont Way address: Reston VA 20190 address: United States of America (the)

contact: administrative name: Registry Customer Service organisation: VeriSign Global Registry Services address: 12061 Bluemont Way address: Reston VA 20190 address: United States of America (the) phone: +1 703 925-6999 fax-no: +1 703 948 3978 e-mail: [email protected]

contact: technical name: Registry Customer Service organisation: VeriSign Global Registry Services address: 12061 Bluemont Way address: Reston VA 20190 address: United States of America (the) phone: +1 703 925-6999 fax-no: +1 703 948 3978 e-mail: [email protected]

nserver: A.GTLD-SERVERS.NET 192.5.6.30 2001:503:a83e:0:0:0:2:30 nserver: B.GTLD-SERVERS.NET 192.33.14.30 2001:503:231d:0:0:0:2:30 nserver: C.GTLD-SERVERS.NET 192.26.92.30 2001:503:83eb:0:0:0:0:30 nserver: D.GTLD-SERVERS.NET 192.31.80.30 2001:500:856e:0:0:0:0:30 nserver: E.GTLD-SERVERS.NET 192.12.94.30 2001:502:1ca1:0:0:0:0:30 nserver: F.GTLD-SERVERS.NET 192.35.51.30 2001:503:d414:0:0:0:0:30 nserver: G.GTLD-SERVERS.NET 192.42.93.30 2001:503:eea3:0:0:0:0:30 nserver: H.GTLD-SERVERS.NET 192.54.112.30 2001:502:8cc:0:0:0:0:30 nserver: I.GTLD-SERVERS.NET 192.43.172.30 2001:503:39c1:0:0:0:0:30 nserver: J.GTLD-SERVERS.NET 192.48.79.30 2001:502:7094:0:0:0:0:30 nserver: K.GTLD-SERVERS.NET 192.52.178.30 2001:503:d2d:0:0:0:0:30 nserver: L.GTLD-SERVERS.NET 192.41.162.30 2001:500:d937:0:0:0:0:30 nserver: M.GTLD-SERVERS.NET 192.55.83.30 2001:501:b1f9:0:0:0:0:30 ds-rdata: 19718 13 2 8acbb0cd28f41250a80a491389424d341522d946b0da0c0291f2d3d771d7805a

whois: whois.verisign-grs.com

status: ACTIVE remarks: Registration information: http://www.verisigninc.com

created: 1985-01-01 changed: 2023-12-07 source: IANA

# whois.verisign-grs.com

   Domain Name: YCOMBINATOR.COM
   Registry Domain ID: 147225527_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.gandi.net
   Registrar URL: http://www.gandi.net
   Updated Date: 2025-02-14T02:53:36Z
   Creation Date: 2005-03-20T23:51:07Z
   Registry Expiry Date: 2026-03-20T22:51:07Z
   Registrar: Gandi SAS
   Registrar IANA ID: 81
   Registrar Abuse Contact Email: [email protected]
   Registrar Abuse Contact Phone: +33.170377661
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: NS-1411.AWSDNS-48.ORG
   Name Server: NS-1914.AWSDNS-47.CO.UK
   Name Server: NS-225.AWSDNS-28.COM
   Name Server: NS-556.AWSDNS-05.NET
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

>>> Last update of whois database: 2025-03-17T01:27:31Z <<<

This is what it means:

$ rdapper ycombinator.com # cf. https://github.com/gbxyz/rdapper

Handle : 147225527_DOMAIN_COM-VRSN Status : client transfer prohibited secureDNS : {"secureDNS":{"delegationSigned":false}} objectClassName : domain ldhName : YCOMBINATOR.COM nameservers : {"nameservers":[{"ldhName":"NS-1411.AWSDNS-48.ORG","objectClassName":"nameserver"},{"ldhName":"NS-1914.AWSDNS-47.CO.UK","objectClassName":"nameserver"},{"ldhName":"NS-225.AWSDNS-28.COM","objectClassName":"nameserver"},{"ldhName":"NS-556.AWSDNS-05.NET","objectClassName":"nameserver"}]} events : {"events":[{"eventDate":"2005-03-20T23:51:07Z","eventAction":"registration"},{"eventAction":"expiration","eventDate":"2026-03-20T22:51:07Z"},{"eventDate":"2025-02-14T02:53:36Z","eventAction":"last changed"},{"eventDate":"2025-03-17T01:38:05Z","eventAction":"last update of RDAP database"}]}

================================ Terms of Use ================================

Service subject to Terms of Use.

================================ Status Codes ================================

For more information on domain status codes, please visit https://icann.org/epp

======================= RDDS Inaccuracy Complaint Form =======================

URL of the ICANN RDDS Inaccuracy Complaint Form: https://icann.org/wicf

Edit: Fixed formatting of command line/comment.

I havent had a successful use of whois in probably over a decade. What was once a useful tool was destroyed by spammers harvesting email addresses and privacy oriented registrars.

I won't even notice its gone

It is useful for finding out who owns an IP address, but that's about it.

BGP looking glasses are still a thing, so at least we have that.

These days how can one register a domain anonymously, using crypto as payment, and without KYC?

Njalla is the only service I'm familiar with: https://njal.la/

No first hand experience, however.

They’re pretty expensive, and the nature of the service means that if they disappear, they have ownership of your domain and you have no recourse to get it back.

It'll be a pick one problem until say the big browsers support .bit domains directly doing a lookup on the block chain.

Porkbun accepts crypto