Reading a DNS and Whois Record


  This Page Sponsored by:

Visit back to see new pages as they get added. Please e-mail comments and feedback to:

DNS, IP, and WHOIS. What they are and why they matter

  • What is an IP?
    An IP address is basically a unique set of numbers that computers use to identify the location of another computer.
    Think of it as a street address on the internet super highway.

  • So, how does the internet know what IP address to use for a domain name?
    This is where a DNS record comes in. A DNS record tells the public internet where to find information about a domain name and where to send data for that domain. It carries all of the IP addresses associated with a domain name.

  • So how does the internet know where to look to get the DNS record?
    The Internet has special companies called registrars. These companies hold information about the domain names registered with them on big computers.
    The important information that they hold, can be viewed by the public through a whois lookup.
    Registrars keep a special piece of information on file called NAME SERVER information.
    Each Name Server is registered with the registrar and each name server has a unique IP address.
    The registrar makes the IP address of the Name Server available for the internet. The registrar tells the Internet what Name Server a domain name is pointing to.
    The internet then knows to go to the IP address for the name servers on file to get information about the requested domain name.
    The name server computers hold the entire DNS record for the domain name and tell the internet where to find the computer that holds the domain name and its information.
  • How to read a Whois Record.
    Whois is the information that is publicly available about a domain name.

    An example of a common whois look up record:

    Registry results for
    Registrar: TUCOWS INC.
    Whois Server:
    Referral URL:
    Name Server: NS1.STARTLOGIC.COM
    Name Server: NS2.STARTLOGIC.COM
    Status: ok
    Updated Date: 01-jan-2008
    Creation Date: 01-jan-2008
    Expiration Date: 01-jan-2009

    Registrar results for

    96 Mowat Ave
    Toronto, ON M6K 3M1
    Domain name: HOWTOINTERNET.NET
    Administrative Contact:,
      96 Mowat Ave
      Toronto, ON M6K 3M1
    Technical Contact:,
      96 Mowat Ave
      Toronto, ON M6K 3M1
    Registration Service Provider:
      StartLogic, Inc.,
    Registrar of Record: TUCOWS, INC.
    Record last updated on 01-Jan-2008.
    Record expires on 01-Jan-2009.
    Record created on 01-Jan-2008.
    Registrar Domain Name Help Center:
    Domain servers in listed order:
    Domain status: ok
    This domain's privacy is protected by To reach the domain contacts, please go to and follow the instructions.The Data in the Tucows Registrar WHOIS database is provided to you by Tucows for information purposes only, and may be used to assist you in obtaining information about or related to a domain name's registration record.
    Tucows makes this information available "as is," and does not guarantee its accuracy.
    By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass, unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar, except as reasonably necessary to register domain names or modify existing registrations.
    The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of Tucows. Tucows reserves the right to terminate your access to the Tucows WHOIS database in its sole discretion, including without limitation, for excessive querying of the WHOIS database or for failure to otherwise abide by this policy.
    Tucows reserves the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.


    There are many parts to whois information. There are a few common errors that people make when reading a whois record. Here it is broken down to show how to actually read the whois information:

    Main Registry information:

    Domain name: This is the name of your website.

    Registrar: A domain name must be registered through a registrar, this provides the information about who that registrar is.

    Whois server: This is the server where your domain name information is being held.

    Referral URL: This is the website for the registrar.

    Name server: A name server is an internet record that is associated with a specific IP address. Name servers tell the public internet where to find your DNS record.

    Status: ok (domain name is in good standing and unlocked)
    Client transfer prohibited (domain name is locked, and or expired)
    hold (domain name is expired)
    redemption (The registrar is holding the domain name in case the owner wishes to retrieve it, but they will charge an extra fee at this point. Usually after a 30 day period.)

    Updated date: The last time the whois information was either refreshed or changed.

    Creation date: The date the domain name was first created (NOTE- domain names will ALWAYS expire on their creation date. It does not matter when you transfer or add extra years to the domain name, it will always expire on the same day of the year it was created.)

    Expiration date: This one can be a little confusing to most people because it is not always the actual date the domain name expires. The expiration date is often the date of expiration, however, if the domain name has ALREADY expired; the expiration date will show 1 year out from the time it actually expired.

    How does one know if the domain name is REALLY expired? There are two methods for checking this. The first place is STATUS. If status shows hold or redemption then the domain name is absolutely expired. If the domain name says client transfer prohibited, then we need to look further at the whois record. On a whois record, after the contact information, there is a second set of dates listed as record dates. This set of dates provides a true reflection of the domain name and when it expires.

    Whois Contact and Registrar Information.

    Registrant: The person or company that registered the domain name.
    Administrative contact: The person responsible for and holding ownership of the domain name. The email address listed here is the only legal place where the registrars can send certain information, such as the authorization code required to transfer a domain name, so it is VERY important to keep this information up-to-date with the registrar.
    Technical contact: This can be anybody, often times it is the webmaster or webhosting company, or reseller company the domain name was purchased through.
    Registration Service Provider: Many registrars sell domain names, through resellers. This is the person/company that provides registration services to the end user of the domain name. All renew and transfers must go through this reseller. Some registrar companies do provide their own registration services.
    Registrar: Again, the company the domain name is registered through.

    WAIT! The contact information just shows the registrar's information.
    Many registrars provide a service called WHOIS Privacy. Whois privacy protects the client's information from being available publicly. It is not offered by all registrars and is not allowed on all domain names, for example .us domain names can not have whois privacy enabled on them.
    Record last updated: The last date this whois record was updated.
    Record expires: The ACTUAL expiration date of the domain name.
    Record created: The date this whois record was created.

    Listed Servers, Additional Status, and Disclaimer

    Domain servers in listed order: The public internet pulls information from all name servers listed, but it does not read all of the DNS records each time. Instead the internet goes to one of the name servers to gather the information it needs. The order listed is the order in which the public internet accesses the name servers. If one name server is busy or is down, it will move to the next one.
    Domain Status: Additional status information can be found in this area. If a domain name has entered the transfer process, this is where one will find "Transfer pending" information. If a domain name is in Transfer Pending status, no changes can be made to the domain name information at that time.
    General disclaimer: Data is not instant- even on the internet and not all root servers may be queried. A general whois does not search all of the top level domains or all servers.

    Check a domain name at a Whois Lookup .

    The next place to find DNS information, is of course, the DNS record itself.

    The DNS record is held on a computer usually with your web hosting company, or the registrar. A website is not simply a webpage. If you have email with web hosting, the information for the email may be found at a different location than the www part of the web hosting. A DNS record keeps track of the different pieces of a website and where the public internet should go to find them. A DNS record is made up from several different kinds of records contained in a "zone file", (the fancy name they call the file holding each of these zones or records of data.)

    NS: This is the name server information. A name server record usually looks similar to
    A: These records point to IP addresses. Anything to the left of the . on a domain name, needs to have an A record with an IP address, (this goes for name servers and MX records too). Most websites have an A record called www or ftp pointed to an IP such as
    MX: MX stands for mail exchanger. These records point email to the mail servers. An MX record should always be the name of the mail exchange, not an IP address. An example would be: or MX records also have a priority that can be set. Priorities are most often set as multiples of 10, (10, 20, 30...). The lower the number, the higher the priority. Mail will always go to the highest priority server first.
    CNAME: Canonical Name records act as an alias. They redirect a part of a domain name to someplace else. One reason for this would be if you have a website set up on at a second company, but they are only providing a web page and no other hosting features. With a CNAME, the company that holding the DNS record can point the www or a subdomain to a website name like It is best to use a CNAME rather than an A record with an IP address in this case because the company holding that web page can make any number of changes to their own IP address or DNS records and it will be seamless to the client. The www information will still point to where ever the web page has been moved to, without the client having to go back and make changes to their own DNS records.
    TXT: This allows an administrator to insert text. This can be used for email filtering. A common format may look like this: "v=spf1 ip4: ?all" (This particular one specifies to allow email being sent from a particular IP range to be accepted.)
    PTR: A pointer record is considered a reverse DNS record. It maps an IP address to a CNAME. This is often used to trace emails or a domain name. Many providers will block email if it has no reverse DNS to protect their clients from SPAM.
    SPF: It is part of the Sender Policy Framework. It identifies and rejects fake email address in the "from" field in an email.
    SOA (Start of Authority): This tells the public internet a large amount of information. It provides the following:
    MNAME which is the primary name server. Any changes made, should be made to the primary name server- any subsequent name servers will update themselves based on information found in the SOA record.
    RNAME is the responsible party for the zone information. The information is suppose to be the email address of the responsible party, but in the format of There should be a . where an @ symbol would normally appear in an email address.
    SERIAL is a date. It is written in the format YYYYMMDDnn (Year, Month, Date, revision-the number of times it has been changed that day). This keeps track of the last time the record was changed.
    REFRESH lists the amount of time, (the number defined is in seconds), that the other name servers wait before checking to see if there are any changes and implementing those updates. A standard time frame would be between 1 and 48 hours.
    RETRY is the number of seconds the primary name server waits before making a second attempt to refresh if the first one failed.
    EXPIRE is the number of seconds that the other name servers distribute the information before it discards the information and must go back to the primary name server for new data. The standard time frame for this is 2-4 weeks.
    MINIMUM TTL is the number of seconds the records in a zone file are valid. This is known as time-to-live. Any changes to a record will take this length of time before the record will be read.
    AAAA: It is the same as an A record, but it is used with IPv6, (the future version of internet IP addressing). An A record uses the current internet standards, IPv4.
    SVR: A service record is part of newer internet standards. They are used by windows, SIP, and XMPP and provide information about where particular services for a domain name can be found.
    There are other records such as LOC and WKS that are used specifically to provide information such as the physical location of a host or other types of data.
    Hey, there is an extra . there!
    In the explanation of DNS records, or even looking at a DNS record, you may notice the . at the end of each. For example: or, the extra . is VERY important. It is called a terminator. It tells the internet that is the end of the information. Without a terminator in place, the internet will automatically add the domain name to the end of the information. Instead it would look like this: (This does not apply when the record points to an IP address.)