Awww... this was my go-to since the 90s. I loved the simplicity of the place. Great nostalgia.
To be fair, I haven't use it much over the past decade or so mostly because the nature of my work has changed and the info has become increasingly useless over time.... but just a couple of weeks ago I gave it a go just to see if it was still around. I guess that test didn't age well.
The only reason why WHOIS actually needed to stick around for so long is because of thin registries (.com and .net are examples) where the registrar manages the contact information for the domain rather than the registry.
When you do a domain transfer, the registrars involved are required to get confirmation of the transfer, which means that the gaining registrar needs a way to query the contact information for the domain. With thick registries, all the gaining registrar needs to query this is the EPP key (AKA the transfer code, transfer key, authinfo, &c.) and the domain name, and then they have read-only access to the domain object and any contact object associated with the domain in question. With thin registries, there's no such thing, so the only way to implement ICANN's Inter-Registrar Transfer Policy is to query WHOIS. Up until ICANN finally forced a standard format on gTLD WHOIS responses, this was a nightmare as all too many registries would go out of their way to make it difficult to get any information out of WHOIS.
I'm glad to see WHOIS starting to die for domain names and be replaced with RDAP.
> The global amendments specify operational requirements for providing Registration Data Directory Services (RDDS) via RDAP and detail the sunset of certain obligations for registries and registrars to provide RDDS via the WHOIS protocol by 28 January 2025.
Note that, because registries will be contractually mandated to support RDAP, and that if they choose to continue supporting WHOIS they will be subject to additional uptime/monitoring requirements on WHOIS that they wouldn't be if they simply dropped WHOIS, most are planning on dropping WHOIS as soon as possible.
I used to use this when I was just starting out on the web and the internet was still new. I used it quite frequently over the years initially but not for a long time.
I feel a bit sad, it represented the hacker culture of the early web which unfortunately is long gone. A different time.
Public who's details have become absurd. Register any domain and choose not to use domain privacy. Your inbox will fill up over the next hour with people wanting to sell you seo services or a new WordPress installation. I don't mean five or five or six spam emails, I mean you could see over a hundred umin the first hour . Such mailboxes are sure to become unusable .
If you register in a tld which doesn’t allow privacy (.net or .us? Forget which) everything leaks. Kiss goodbye to your phone number. I accidentally did this and got 50 calls within the first 8 hrs. It was insane.
Not surprised on this, especially on the GoDaddy part. Although .uk also has no-proxies rule, at least Nominet themselves don't reveal your details if you're an individual even before GDPR (the idea being that if you're a company you have enough money to handle public requests).
For what it's worth, .us is the ccTLD for the United States, and policies for it like "You can't hide your WHOIS info" would be set by the US government, not by GoDaddy. GoDaddy Registry as the backend registry service provider isn't setting the policies for a ccTLD.
> policies for it like "You can't hide your WHOIS info" would be set by the US government
I have actually checked this, and you're (partially) wrong on this one. To be fair, I was also wrong that GoDaddy (within limitations set by the Department of Commerce) has free reign here. The actual process is more boring: while the US DOC has veto powers, in practice it's the .US Stakeholder Council (https://www.about.us/stakeholders) which decides on matters about .US policies.
It's interesting to see the evolution of the .de whois. Germany is one of these countries that unsurprisingly doesn't allow domain privacy for various legal reasons, but this clashes with the equally strong privacy desire. Back in (not so) ancient times you just got all info with a normal whois, then the whois started giving you less info and told you to go to the registrar's website (denic.de) where you had to fill out a captcha. With GDPR came some checkboxes to verify you have legitimate reasons to get this info. Now even that is gone, you have to either send them an email or fill out a pdf, sign it and email it to them.
That’s exactly why I’ve used an “admin@“ address for decades now on email registrations. It has a filter that will then redirect anything from the registrar’s domain and junk anything else.
That's fun and I like the idea, until the ICANN decides you need to verify your domain or it'll be terminated within two weeks. Who knows what email sending service or domain they'll decide to use. (OVH, for instance, sent me this not only from a different domain, but from a different country TLD altogether than previous emails from them.)
Do you also have a dedicated phone number for your registrar to call? And home address? The whole thing is a bit iffy, I'd much rather that my personal information remains with the party that can relay any relevant queries.
Another problem with using an inbox @ your domain is that, when there's a problem with your domain... good luck receiving that email. I have two accounts with the registrar for different domains and they point to each other. Not great, perhaps I should open a hotmail for this that relays copies of any emails so I still get the notifications during normal times, but it's something.
> until the ICANN decides you need to verify your domain
ICANN don't do that. Your _registrar_ is required by ICANN policies (search for "Whois Data Reminder Policy") to send you notifications to ensure your contact information is current. Whether your domain gets terminated or not is largely down to your registrar, but if your contact details aren't accurate, you probably aren't getting billing notifications either.
Um, I can sign up as John Doe being the domain owner but it's not required that Ms. John also pays the bills upon renewals. Never had a problem with domains under anonymised names.
And it is ICANN policy, it's not the registrar doing this for fun and profit. Per their new-ish policy, it is that my registrar indeed sent that email from a random domain they had laying around.
I've been using whois privacy for years mostly because of this, but IIRC the bulk of my spam was from Comcast Business. Because anyone who registers a personal website must need a business internet connection.
Two different systems operating at different layers, though. I WHOIS the domain when I want to know which nameservers the registry thinks the domain should have. You can then dig in DNS to see what those nameservers are responding, but that's a separate level.
It's unclear if you get what I mean, because you can never use whois, to determine what a glue record is, though. Whois is not updated reliably these days.
For example, you cannot 'whois example.org', see DNS servers listed, and think "OK, those are the glue servers!". Nope. You need to dig at the root .org DNS servers, and find out what they have configured as glue records, and then query that.
You're only talking about DNS. I'm talking about the layer above that, at the domain name registry, which is the authoritative source that feeds into DNS. The domain registry is typically implemented as a separate database distinct from DNS. The nameservers at the registry level are updated by registrars through a protocol called EPP (see RFCs 5730-5734). This is what then feeds into DNS. When you're debugging registry-level issues, e.g. maybe the registry isn't syncing to its DNS system correctly, you need to figure out what the registry thinks the name servers for a domain should be, and you do that through WHOIS (or soon, RDAP). Unlike DNS, these systems talk directly to the registry and let you know what the registry's view of the world is.
A domain that doesn't have any name servers configured on it cannot serve any content, and you can spin your wheels for a very long time if you're only playing around in DNS land. You'll see that there are no DNS entries being served up for the domain name at all but you won't know why, or how to actually fix it. You need to query the registry to find the root of the problem and realize that you need to set the name servers at the registry level (which as an end user you would have to do through your registrar, but which I as a registry operator can bypass).
Also, and I can't speak for other registry operators, but when you query us directly, you get a live view of the data, that is almost always real-time, but in the event of high load for WHOIS queries on that specific domain, might be served out of cache that persists for up to one minute. Point is it's more likely to be accurate at the present time than anything in DNS, which has more caching layers that last longer.
Of course I am, that's the only way to know what the glue records actually are. Naturally there is the registrar side, but none of that means anything, when you're working with DNS, and need to know what is configured at the root server level.
Which is all that matters when you're doing DNS lookups.
My point here is, that using whois won't tell you that reliably. Only a direct root server lookup will.
What we're saying is not really that far apart, as we're both agreeing that whois is not the same as root server glue records.
To be fair, I haven't use it much over the past decade or so mostly because the nature of my work has changed and the info has become increasingly useless over time.... but just a couple of weeks ago I gave it a go just to see if it was still around. I guess that test didn't age well.