Why do some domain names have extremely truncated whois information?
Recently I saw the whois record for google.com
, and it has none of the usual information such as the admin's contact details. It is extremely truncated:
Domain Name: GOOGLE.COM
Registry Domain ID: 2138514_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2011-07-20T16:55:31Z
Creation Date: 1997-09-15T04:00:00Z
Registry Expiry Date: 2020-09-14T04:00:00Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
DNSSEC: unsigned
Several other domains such as duolingo.com
and even stackexchange.com
are the same way. Why are these domains allowed to not have whois information? Is this something that anyone can access, for privacy protection?
Solution 1:
Why are these domains allowed to not have whois information? Is this something that anyone can access, for privacy protection?
TLDR: It’s not the case that these domains have somehow obtained an exemption from ICANN that allows them not to omit certain data from public WHOIS records. It’s more likely the case that the WHOIS record you saw is not displaying the full set of records for google.com
(or the other .com
domain names).
Thick and thin WHOIS lookups
WHOIS data for Internet domains can be stored in one of two ways:
- a thick data store where each TLD registry keeps the complete WHOIS records for each sub-domain of the TLD.
- a thin model where the TLD registry delegates storage and maintenance of the WHOIS records to the registrar that was used by the registrant to register the domain.
The WHOIS Wikipedia article explains the distinction between thick and thin WHOIS lookups and describes thin lookups as
A Thin WHOIS server stores only the name of the WHOIS server of the registrar of a domain, which in turn has the full details on the data being looked up (such as the .com WHOIS servers, which refer the WHOIS query to the registrar where the domain was registered).
Lookups for .com
ICANN has assigned Verisign as the registry to manage the .com
domain name. A WHOIS query run on ICANN’s own WHOIS server, whois.iana.org
lists whois.verisign-grs.com
as the canonical WHOIS server to use for the .com
domain. This is the default WHOIS server that is queried by whois
clients when looking up details of .com
domain names (the results of this query is what’s displayed in your question).
As the .com
domain uses the thin model, one of the keys (records) returned by a WHOIS lookup for a domain name is Registrar WHOIS Server. This key specifies the domain name of the WHOIS server that is responsible for listing the full details of the domain name in question:
Registrar WHOIS Server: whois.markmonitor.com
This key tells the whois
client that it should actually query whois.markmonitor.com
to get the full WHOIS records for the domain in question.
It looks like the WHOIS result that you saw was as a result of not following this referral.
One reason for not following WHOIS referrals
One reason for the whois
client to not follow the referral is that earlier this year, ICANN changed the names of keys that registry operators should use.
Previous to this change, the name of the key used to specify the delegated server was Whois Server, and the output for google.com
would have been:
Whois Server: whois.markmonitor.com
After domain name registries updated their WHOIS servers, any clients looking for the string, WHOIS Server:
(with leading spaces) would not find it – and would thus be unable to determine the name of the registrar’s WHOIS server.
Example client fix
To reflect ICANN’s recent changes, the code for the Debian whois
client was patched this July and released as version 5.2.17. However, (as of October 2017) most Debian-based distributions will still be using the previous code-base so users would have to explicitly provide the name of the responsible WHOIS server, e.g.,
whois -h whois.markmonitor.com google.com
Solution 2:
It looks like your WHOIS client either does not understand or was instructed to ignore the redirect from the registry's WHOIS services (less detailed) to the registrar's WHOIS services (more detailed).
That split does not exist for all TLDs but it exists for instance for COM.
The google.com
entry at whois.markmonitor.com
(their registrar) has all the expected contact information, etc.
That is the result that is shown by default if using a decent WHOIS client.