Home / server / Questions / 878611
Accepted
john01dav
Asked: 2017-10-16 20:34:17 +0800 CST

Why do some domain names have extremely truncated whois information?

  • 772

Recently I saw the whois record for google.com, and it has none of the usual information such as the admin's contact details. It is extremely truncated:

Domain Name: GOOGLE.COM
Registry Domain ID: 2138514_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2011-07-20T16:55:31Z
Creation Date: 1997-09-15T04:00:00Z
Registry Expiry Date: 2020-09-14T04:00:00Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
DNSSEC: unsigned

Several other domains such as duolingo.com and even stackexchange.com are the same way. Why are these domains allowed to not have whois information? Is this something that anyone can access, for privacy protection?

domain-name-system

3 Answers

  1. Best Answer

    Why are these domains allowed to not have whois information? Is this something that anyone can access, for privacy protection?

    TLDR: It’s not the case that these domains have somehow obtained an exemption from ICANN that allows them not to omit certain data from public WHOIS records. It’s more likely the case that the WHOIS record you saw is not displaying the full set of records for google.com (or the other .com domain names).

    Thick and thin WHOIS lookups

    WHOIS data for Internet domains can be stored in one of two ways:

    • a thick data store where each TLD registry keeps the complete WHOIS records for each sub-domain of the TLD.
    • a thin model where the TLD registry delegates storage and maintenance of the WHOIS records to the registrar that was used by the registrant to register the domain.

    The WHOIS Wikipedia article explains the distinction between thick and thin WHOIS lookups and describes thin lookups as

    A Thin WHOIS server stores only the name of the WHOIS server of the registrar of a domain, which in turn has the full details on the data being looked up (such as the .com WHOIS servers, which refer the WHOIS query to the registrar where the domain was registered).

    Lookups for .com

    ICANN has assigned Verisign as the registry to manage the .com domain name. A WHOIS query run on ICANN’s own WHOIS server, whois.iana.org lists whois.verisign-grs.com as the canonical WHOIS server to use for the .com domain. This is the default WHOIS server that is queried by whois clients when looking up details of .com domain names (the results of this query is what’s displayed in your question).

    As the .com domain uses the thin model, one of the keys (records) returned by a WHOIS lookup for a domain name is Registrar WHOIS Server. This key specifies the domain name of the WHOIS server that is responsible for listing the full details of the domain name in question:

    Registrar WHOIS Server: whois.markmonitor.com

    This key tells the whois client that it should actually query whois.markmonitor.com to get the full WHOIS records for the domain in question.

    It looks like the WHOIS result that you saw was as a result of not following this referral.

    One reason for not following WHOIS referrals

    One reason for the whois client to not follow the referral is that earlier this year, ICANN changed the names of keys that registry operators should use.

    Previous to this change, the name of the key used to specify the delegated server was Whois Server, and the output for google.com would have been:

    Whois Server: whois.markmonitor.com

    After domain name registries updated their WHOIS servers, any clients looking for the string, WHOIS Server: (with leading spaces) would not find it – and would thus be unable to determine the name of the registrar’s WHOIS server.

    Example client fix

    To reflect ICANN’s recent changes, the code for the Debian whois client was patched this July and released as version 5.2.17. However, (as of October 2017) most Debian-based distributions will still be using the previous code-base so users would have to explicitly provide the name of the responsible WHOIS server, e.g.,

    whois -h whois.markmonitor.com google.com
    • 37

  2. It looks like your WHOIS client either does not understand or was instructed to ignore the redirect from the registry's WHOIS services (less detailed) to the registrar's WHOIS services (more detailed).
    That split does not exist for all TLDs but it exists for instance for COM.

    The google.com entry at whois.markmonitor.com (their registrar) has all the expected contact information, etc.
    That is the result that is shown by default if using a decent WHOIS client.

    • 19

  3. On macos use the host parameter to follow the redirect mentioned by @Hakan

    whois -h whois.markmonitor.com google.com
    • 0