LiveChat 
Support 
ICANN Lookup: How to Read a Domain’s WHOIS Record (and Why It Matters)
Every registered domain name carries a public record of how, when, and where it was registered. An ICANN lookup is the act of pulling that record so you can see the facts behind a domain: which company manages it, when it was created, when it expires, where its DNS lives, and whether it is locked. Whether you are buying a domain, troubleshooting a website, or investigating a suspicious link, this single record answers a surprising number of questions.
This guide builds the concept up from the ground. We will start with what ICANN actually is, move to what a lookup shows you, walk through how to run one step by step, and then explain why the modern lookup is more useful for what it tells you about the *domain* than about its *owner*.
Key Takeaways
• ICANN is the global nonprofit that coordinates domain names and IP address allocation so the internet’s naming system stays unique and consistent.
• An ICANN lookup (a WHOIS or RDAP query) returns a domain’s registration record: registrar, creation/expiry/updated dates, name servers, and status codes.
• The official tool lives at lookup.icann.org, and modern lookups increasingly use RDAP, the structured successor to plain-text WHOIS.
• Since privacy laws and WHOIS-privacy services now redact most contact details, the durable value of a lookup is the domain’s metadata, not the owner’s name.
• Use a lookup to check expiry, verify name servers, identify the registrar to approach for a purchase, and spot scams.
What is ICANN and why does it run the internet’s naming system?
ICANN stands for the Internet Corporation for Assigned Names and Numbers. It is a nonprofit organization that coordinates the internet’s unique identifiers: the domain name system (DNS) and the global allocation of IP addresses. Without a single coordinating body, two different parties could claim the same domain or the same address block, and the network would fracture.
ICANN does not sell domains directly. Instead, it accredits registrars (the companies you buy domains from) and oversees registries (the operators of each top-level domain, such as the organization that runs `.com`). It also sets the policies that registrars must follow, including the rules that govern what registration data is published and how it can be accessed. Understanding this structure matters because a lookup is really a window into that accredited system. If you want the broader picture of how this all fits together, our complete guide to domain names covers registration, ownership, and DNS end to end.
What is an ICANN lookup or WHOIS lookup?
An ICANN lookup is a query against the public registration record of a domain name. Historically this was called a WHOIS lookup, named after the WHOIS protocol that has answered the question “who is responsible for this domain?” since the early internet. When you run one, you are asking the registry and registrar systems to return the stored facts about a specific domain.
The lookup tells you administrative and technical details: who manages the domain, the key lifecycle dates, where the DNS is hosted, and the locks applied to it. In the past it also reliably showed the registrant’s name, email, and address. Today, as we will see, that contact information is usually hidden, which changes how you should use the tool.
What does an ICANN lookup show you?
A lookup returns a structured set of fields. Some are always present; others depend on the top-level domain and whether contact data has been redacted. The table below summarizes the fields you will commonly see and what each one means.
| Field | What it means | Why it is useful |
|---|---|---|
| Registrar | The accredited company managing the domain | Tells you who to contact to buy, transfer, or report the domain |
| Creation date | When the domain was first registered | Indicates age; older domains can signal an established site |
| Expiry date | When the current registration ends | Shows whether a domain is about to drop or needs renewal |
| Updated date | When the record last changed | Hints at recent transfers, renewals, or DNS changes |
| Name servers | The DNS servers answering for the domain | Reveals which host or DNS provider controls the website |
| Domain status codes | EPP codes describing locks and states | Shows whether the domain is locked, pending, or held |
| Registrant / admin contact | The owner’s details, where public | Often redacted today due to privacy rules |
| DNSSEC | Whether DNS security extensions are enabled | Indicates an extra layer of DNS integrity protection |
Here is the part most lookup tutorials miss. Because privacy laws and WHOIS-privacy services now redact the vast majority of registrant contact details, the real, durable value of an ICANN lookup today is not “who owns this domain.” It is the domain’s own metadata: the registrar, the exact expiry date, the name servers, and the status codes. Those four fields tell you whether a domain is about to expire (a buying opportunity), which company you would approach to acquire it, whether it is locked against transfer, and where its DNS, and therefore its hosting, actually lives. For real hosting and acquisition decisions, that metadata is far more actionable than a redacted owner name ever was.
Why would you do an ICANN lookup?
There are several practical reasons to pull a domain’s record, and most fall into one of these categories:
- Check availability. If a lookup returns “no match” or “not found,” the domain may be unregistered and available to buy.
- See the expiry date. Knowing when a domain expires helps you plan renewals or watch a domain you hope to acquire when it drops.
- Verify ownership and control. Even with redacted contacts, the registrar and name servers confirm who manages the domain and where its DNS lives.
- Due diligence before buying. Before purchasing a domain or a website, the record confirms the registrar, age, and status so there are no surprises.
- Troubleshoot a website. If a site is down, checking the name servers and status codes can reveal a DNS misconfiguration or an expired registration.
- Spot scams. A brand-new domain impersonating a well-known company is a classic phishing red flag, and the creation date exposes it.
How do you do an ICANN lookup, step by step?
Running a lookup takes less than a minute. The official ICANN Lookup tool is the most authoritative source, but the process is similar across any reputable lookup service.
- Go to the official tool. Open lookup.icann.org in your browser. This is ICANN’s own lookup service and queries authoritative data.
- Enter the domain name. Type the full domain (for example, `example.com`) into the search box. Enter only the domain itself, without `https://` or a trailing path.
- Run the search. Submit the query. The tool sends an RDAP or WHOIS request to the relevant registry and registrar.
- Read the registrar and dates first. Note who manages the domain and the creation, expiry, and updated dates. These are usually always present.
- Check the name servers. These reveal where the DNS, and by extension the hosting, is configured.
- Review the status codes. Look for codes like `clientTransferProhibited` to understand what locks are in place.
- Note any redaction. If contact fields say “Redacted for Privacy” or similar, that is normal under current privacy rules.
If you are comparing several domains, repeat the process for each and keep a simple note of the registrar, expiry, and name servers so you can spot patterns quickly.
Why is the contact information often hidden now?
If you ran a WHOIS lookup a decade ago, you would usually see the registrant’s name, email, and postal address in plain text. That is rarely the case today, and there are two main reasons.
The first is data protection law, most notably the EU’s General Data Protection Regulation (GDPR). Because publishing personal contact details for millions of registrants conflicts with privacy regulations, registries and registrars began redacting that data from public records to comply. ICANN’s policies were updated to reflect this shift toward limited public access.
The second is WHOIS privacy services (sometimes called domain privacy or privacy protection). These are services, often free or low-cost, that replace your personal details with the privacy provider’s information in the public record. Your contact data still exists in the registrar’s system, but the public lookup shows a proxy instead. If you want a deeper look at how this works and when to use it, see our guide on WHOIS privacy.
Together, GDPR and privacy services mean that for most domains, the “who owns this” question is answered by a redacted placeholder, which is exactly why the domain’s metadata has become the lookup’s most valuable output.
What is the difference between WHOIS and RDAP?
For decades, WHOIS was the standard protocol for domain lookups, but it has real limitations. It returns plain text in inconsistent formats that vary by registry, it has no built-in support for internationalized data, and it offers no standardized way to control who sees what. As privacy requirements grew, those weaknesses became harder to live with.
RDAP, the Registration Data Access Protocol, is the modern replacement for WHOIS. It returns structured, machine-readable data (in JSON) with consistent fields across providers, supports internationalization, and allows differentiated access so that authorized parties can request more detail than the public sees. ICANN has been driving the transition to RDAP, and many lookups, including the ICANN tool, now use it behind the scenes even when the result looks familiar.
| Aspect | WHOIS | RDAP |
|---|---|---|
| Output format | Plain text, inconsistent | Structured JSON, standardized |
| Internationalization | Limited | Built-in support |
| Access control | None standardized | Tiered/differentiated access |
| Status | Legacy, being phased out | Modern successor |
For most everyday users the practical experience is the same: you type a domain and read the result. The difference matters more for developers and automated systems that consume the data programmatically.
How do you read domain status codes?
Domain status codes (also called EPP status codes) describe the state of a domain and the locks applied to it. They are some of the most useful fields in a lookup because they tell you what can and cannot be done with the domain right now. Here are a few common ones:
- clientTransferProhibited — the registrar has locked the domain against transfers, a normal security measure that prevents unauthorized moves.
- clientUpdateProhibited / clientDeleteProhibited — the domain cannot be updated or deleted until the lock is removed, adding protection against tampering.
- clientHold — the registrar has told the registry not to activate the domain in DNS, so the site will not resolve.
- pendingDelete — the domain is in the process of being removed and may soon become available again.
- ok / active — the domain is in a normal state with no special restrictions or pending actions.
Codes that start with `client` are set by the registrar, while those that start with `server` are set by the registry and are typically harder to change. Reading these codes is how you tell, at a glance, whether a domain is locked down, parked, or on its way to expiring.
How a lookup connects to your hosting and DNS
Once you understand the record, the practical next step is acting on it: renewing before expiry, updating name servers to point at your host, or locking the domain against transfer. This is where managing a domain well makes the difference, because every field in a lookup corresponds to a setting you should be able to control.
DarazHost makes the things a lookup reveals easy to manage. You get a clear domain expiry date with renewal reminders so you never lose a domain to a missed date, simple name server and DNS control so you can point your domain wherever your site lives, transfer locks for security, and free WHOIS privacy to keep your details redacted in the public record. You manage your domain’s full record in one place, backed by 24/7 support. Knowing how to read a lookup is useful, but being able to change what it shows, on demand, is what keeps a domain working for you.
Frequently asked questions
Is an ICANN lookup the same as a WHOIS lookup? In practice, yes. “ICANN lookup” usually refers to using ICANN’s official tool to query a domain’s registration record, and that record has traditionally been called WHOIS data. The underlying protocol may now be RDAP, but the goal, reading a domain’s public registration details, is the same.
Is an ICANN lookup free? Yes. The official tool at lookup.icann.org is free to use, and most reputable lookup services are free for standard queries. You only pay if you choose to register or buy a domain you have looked up.
Why does the lookup say the registrant is “Redacted for Privacy”? Because privacy laws like GDPR and WHOIS-privacy services hide personal contact details from public records. The data still exists in the registrar’s system; it is simply not displayed to the public. This is normal and does not mean anything is wrong with the domain.
Can a lookup tell me if a domain is available to buy? Often, yes. If the lookup returns “no match” or “not found,” the domain is likely unregistered and available. If it returns a full record, the domain is taken, and the registrar field tells you who currently manages it.
What is the most useful information in a lookup today? The domain’s metadata: the registrar, expiry date, name servers, and status codes. Because contact details are usually redacted, these fields are what actually help you make hosting, troubleshooting, and acquisition decisions.
